sal11
Ho problemiu con pup optional legacy. Ho provato in modalità provvisoria con malwarebytes e adwcleaner, con vari scansionatori e con combofix. Questo il log
Questo è il log di combofix
Questo è il log di combofix
ComboFix 19-11-04.01 - Utente 22/12/2019 16:40:41.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.1977.306 [GMT 1:00]
Eseguito da: c:\users\Utente\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Utente\AppData\Roaming\Yahoo
c:\users\Utente\AppData\Roaming\Yahoo\search.xml
c:\users\Utente\Documents\~WRL0005.tmp
c:\users\Utente\Documents\~WRL0006.tmp
c:\users\Utente\Documents\~WRL0007.tmp
c:\users\Utente\Documents\~WRL0561.tmp
c:\users\Utente\Documents\~WRL0807.tmp
c:\users\Utente\Documents\~WRL2155.tmp
c:\users\Utente\Documents\~WRL2481.tmp
c:\users\Utente\Documents\~WRL3070.tmp
c:\users\Utente\Documents\~WRL3202.tmp
c:\windows\msdownld.tmp
c:\windows\system32\%SYSTE~1
c:\windows\system32\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg\log\fmwlight\%systemroot%\system32\config\systemprofile\AppData\Local\Avg\log\fmwlight\light.log
c:\windows\system32\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg\log\fmwlight\%systemroot%\system32\config\systemprofile\AppData\Local\Avg\log\fmwlight\light.log.lock
.
.
((((((((((((((((((((((((( Files Creati Da 2019-11-22 al 2019-12-22 )))))))))))))))))))))))))))))))))))
.
.
2019-12-22 15:51 . 2019-12-22 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2019-12-22 10:09 . 2019-12-22 10:09 -------- d-----w- c:\users\Utente\AppData\Roaming\AVAST Software
2019-12-22 10:01 . 2019-12-22 10:16 -------- d-----w- c:\program files\AVAST Software
2019-12-20 14:58 . 2019-12-20 14:58 60232 ------w- c:\windows\system32\drivers\EnigmaFileMonDriver.sys
2019-12-20 12:11 . 2019-12-20 12:12 -------- d-----w- c:\programdata\ProductData
2019-12-20 12:10 . 2019-12-20 12:10 -------- d-----w- c:\programdata\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2019-12-20 11:19 . 2019-12-07 03:18 11954232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F34BA261-294D-4868-A2CC-8F1BB1AB9814}\mpengine.dll
2019-12-17 17:27 . 2019-12-17 17:27 -------- d-----w- c:\users\Utente\AppData\Local\cache
2019-12-17 17:12 . 2019-12-17 22:24 129056 ----a-w- c:\windows\system32\drivers\mbae.sys
2019-12-17 15:37 . 2019-12-17 16:00 -------- d-----w- c:\programdata\HitmanPro
2019-12-11 12:25 . 2019-11-15 01:58 123904 ----a-w- c:\windows\system32\poqexec.exe
2019-12-05 16:22 . 2019-12-05 16:22 -------- d-----w- c:\program files\Common Files\Java
2019-12-05 16:22 . 2019-12-05 16:22 112696 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2019-12-05 16:21 . 2019-12-05 16:21 -------- d-----w- c:\program files\Java
2019-12-05 16:21 . 2019-12-05 16:21 -------- d-----w- c:\program files\Common Files\Oracle
2019-11-30 08:46 . 2019-12-21 17:01 -------- d-----w- c:\program files\Common Files\AV
2019-11-30 08:43 . 2019-12-20 17:35 -------- d-----w- c:\programdata\Kaspersky Lab
2019-11-25 15:36 . 2019-11-25 15:36 -------- d-----w- c:\programdata\Xerox
2019-11-25 15:28 . 2019-11-25 15:28 -------- d-----w- c:\program files\Lexmark
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-12-17 16:06 . 2016-10-19 17:33 842296 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2019-12-17 16:06 . 2016-10-19 17:33 175160 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2019-12-15 14:49 . 2019-10-09 13:23 69801720 ----a-w- c:\users\Utente\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2019-12-11 23:12 . 2017-10-11 00:24 127229528 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2019-11-28 03:42 . 2019-12-11 12:29 5120 ----a-w- c:\windows\system32\drivers\it-IT\srv.sys.mui
2019-11-12 21:03 . 2016-10-17 21:46 613944 ------w- c:\windows\system32\MpSigStub.exe
2019-11-05 21:29 . 2019-11-15 17:33 164064 ----a-w- c:\windows\system32\drivers\msrpc.sys
2019-11-05 21:29 . 2019-11-15 17:33 106936 ----a-w- c:\windows\system32\consent.exe
2019-11-05 21:25 . 2019-11-15 17:33 266752 ----a-w- c:\windows\system32\upnphost.dll
2019-11-05 21:25 . 2019-11-15 17:33 628224 ----a-w- c:\windows\system32\usp10.dll
2019-11-05 21:25 . 2019-11-15 17:33 83968 ----a-w- c:\windows\system32\userenv.dll
2019-11-05 21:25 . 2019-11-15 17:33 573440 ----a-w- c:\windows\system32\netlogon.dll
2019-11-05 21:25 . 2019-11-15 17:32 175104 ----a-w- c:\windows\system32\netcorehc.dll
2019-11-05 21:25 . 2019-11-15 17:32 337408 ----a-w- c:\windows\system32\msihnd.dll
2019-11-05 21:25 . 2019-11-15 17:32 25600 ----a-w- c:\windows\system32\msimsg.dll
2019-11-05 21:25 . 2019-11-15 17:32 2368000 ----a-w- c:\windows\system32\msi.dll
2019-11-05 21:25 . 2019-11-15 17:32 4608 ----a-w- c:\windows\system32\msimg32.dll
2019-11-05 21:25 . 2019-11-15 17:33 46080 ----a-w- c:\windows\system32\mf3216.dll
2019-11-05 21:25 . 2019-11-15 17:33 502784 ----a-w- c:\windows\system32\iphlpsvc.dll
2019-11-05 21:24 . 2019-11-15 17:33 1005056 ----a-w- c:\windows\system32\cryptui.dll
2019-11-05 21:24 . 2019-11-15 17:33 88576 ----a-w- c:\windows\system32\AxInstSv.dll
2019-11-05 21:24 . 2019-11-15 17:32 1806848 ----a-w- c:\windows\system32\authui.dll
2019-11-05 21:24 . 2019-11-15 17:32 47104 ----a-w- c:\windows\system32\appinfo.dll
2019-11-05 21:12 . 2019-11-15 17:33 1312256 ----a-w- c:\windows\system32\msjet40.dll
2019-11-05 21:03 . 2019-11-15 17:33 23552 ----a-w- c:\windows\system32\upnpcont.exe
2019-11-05 21:03 . 2019-11-15 17:33 45056 ----a-w- c:\windows\system32\udhisapi.dll
2019-11-05 20:57 . 2019-11-15 17:33 57856 ----a-w- c:\windows\system32\AxInstUI.exe
2019-11-05 20:57 . 2019-11-15 17:32 73216 ----a-w- c:\windows\system32\msiexec.exe
2019-11-05 19:43 . 2019-11-15 17:33 1251840 ----a-w- c:\windows\system32\DWrite.dll
2019-11-05 19:43 . 2019-11-15 17:33 910336 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-12-22 10:04 1494408 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Smart Cleaning"="c:\program files\CCleaner\CCleaner.exe" [2019-10-14 18458752]
"Skype for Desktop"="c:\program files\Microsoft\Skype for Desktop\Skype.exe" [2019-12-13 91503464]
"AvastBrowserAutoLaunch_DD887D5B221C8B4B59C42D246BB625A6"="c:\program files\AVAST Software\Browser\Application\AvastBrowser.exe" [2019-11-04 1850312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XeroxEndeavorBackgroundTask"="xrWCbgnd.dll" [2009-07-14 53760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2019-10-05 645648]
"YouCam Service7"="c:\program files\CyberLink\YouCam7\YouCamService7.exe" [2016-11-25 466712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2019-12-22 232840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 avast;Servizio Avast Browser Update (avast);c:\program files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-12-22 202392]
R3 avastm;Servizio Avast Browser Update (avastm);c:\program files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-12-22 202392]
R3 AvastSecureBrowserElevationService;Avast Secure Browser Elevation Service;c:\program files\AVAST Software\Browser\Application\77.2.2152.121\elevation_service.exe [2019-11-04 970088]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\Google\Chrome\Application\79.0.3945.88\elevation_service.exe [2019-12-14 959984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2019-11-19 104960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsh.sys [2019-12-22 169408]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniv.sys [2019-12-22 59368]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2019-12-22 73312]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2019-12-22 277408]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [2019-12-22 174712]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriver.sys [2019-12-22 224008]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2019-12-22 41200]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys [2019-12-22 411088]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2019-12-22 691528]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2019-12-22 394856]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2019-12-22 145048]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2019-12-22 176760]
S2 avast! Firewall;Avast Firewall Service;c:\program files\AVAST Software\Avast\afwServ.exe [2019-12-22 373928]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2019-12-22 5106064]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys [2019-12-22 36104]
S3 CLMirrorDriver;CLMirrorDriver;c:\windows\system32\DRIVERS\CLMirrorDriver.sys [2015-05-20 21264]
S3 clwvd7;CyberLink WebCam Virtual Driver 7.0 Service;c:\windows\system32\DRIVERS\clwvd7.sys [2016-06-02 43800]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2019-12-19 18:41 1924080 ----a-w- c:\program files\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2019-05-03 02:33 328240 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8504530-742B-42BC-895D-2BAD6406F698}]
2019-12-22 10:19 3068704 ----a-w- c:\program files\AVAST Software\Browser\Application\77.2.2152.121\Installer\chrmstp.exe
.
.
------- Scansione supplementare -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\t7hc6nip.default-release-1569191586928\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
HKU-Default-Run-ZoneAlarm Windows 10 Upgrader - c:\programdata\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_303_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_303_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@DenieD: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@DenieD: (Full) (Everyone)
.
Ora fine scansione: 2019-12-22 16:55:24
ComboFix-quarantined-files.txt 2019-12-22 15:55
.
Pre-Run: 355.751.227.392 byte disponibili
Post-Run: 355.776.299.008 byte disponibili
.
- - End Of File - - 69CE4FC0E3F317710024349C247301CF
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.1977.306 [GMT 1:00]
Eseguito da: c:\users\Utente\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Utente\AppData\Roaming\Yahoo
c:\users\Utente\AppData\Roaming\Yahoo\search.xml
c:\users\Utente\Documents\~WRL0005.tmp
c:\users\Utente\Documents\~WRL0006.tmp
c:\users\Utente\Documents\~WRL0007.tmp
c:\users\Utente\Documents\~WRL0561.tmp
c:\users\Utente\Documents\~WRL0807.tmp
c:\users\Utente\Documents\~WRL2155.tmp
c:\users\Utente\Documents\~WRL2481.tmp
c:\users\Utente\Documents\~WRL3070.tmp
c:\users\Utente\Documents\~WRL3202.tmp
c:\windows\msdownld.tmp
c:\windows\system32\%SYSTE~1
c:\windows\system32\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg\log\fmwlight\%systemroot%\system32\config\systemprofile\AppData\Local\Avg\log\fmwlight\light.log
c:\windows\system32\%SYSTE~1\system32\config\systemprofile\AppData\Local\Avg\log\fmwlight\%systemroot%\system32\config\systemprofile\AppData\Local\Avg\log\fmwlight\light.log.lock
.
.
((((((((((((((((((((((((( Files Creati Da 2019-11-22 al 2019-12-22 )))))))))))))))))))))))))))))))))))
.
.
2019-12-22 15:51 . 2019-12-22 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2019-12-22 10:09 . 2019-12-22 10:09 -------- d-----w- c:\users\Utente\AppData\Roaming\AVAST Software
2019-12-22 10:01 . 2019-12-22 10:16 -------- d-----w- c:\program files\AVAST Software
2019-12-20 14:58 . 2019-12-20 14:58 60232 ------w- c:\windows\system32\drivers\EnigmaFileMonDriver.sys
2019-12-20 12:11 . 2019-12-20 12:12 -------- d-----w- c:\programdata\ProductData
2019-12-20 12:10 . 2019-12-20 12:10 -------- d-----w- c:\programdata\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2019-12-20 11:19 . 2019-12-07 03:18 11954232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F34BA261-294D-4868-A2CC-8F1BB1AB9814}\mpengine.dll
2019-12-17 17:27 . 2019-12-17 17:27 -------- d-----w- c:\users\Utente\AppData\Local\cache
2019-12-17 17:12 . 2019-12-17 22:24 129056 ----a-w- c:\windows\system32\drivers\mbae.sys
2019-12-17 15:37 . 2019-12-17 16:00 -------- d-----w- c:\programdata\HitmanPro
2019-12-11 12:25 . 2019-11-15 01:58 123904 ----a-w- c:\windows\system32\poqexec.exe
2019-12-05 16:22 . 2019-12-05 16:22 -------- d-----w- c:\program files\Common Files\Java
2019-12-05 16:22 . 2019-12-05 16:22 112696 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2019-12-05 16:21 . 2019-12-05 16:21 -------- d-----w- c:\program files\Java
2019-12-05 16:21 . 2019-12-05 16:21 -------- d-----w- c:\program files\Common Files\Oracle
2019-11-30 08:46 . 2019-12-21 17:01 -------- d-----w- c:\program files\Common Files\AV
2019-11-30 08:43 . 2019-12-20 17:35 -------- d-----w- c:\programdata\Kaspersky Lab
2019-11-25 15:36 . 2019-11-25 15:36 -------- d-----w- c:\programdata\Xerox
2019-11-25 15:28 . 2019-11-25 15:28 -------- d-----w- c:\program files\Lexmark
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-12-17 16:06 . 2016-10-19 17:33 842296 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2019-12-17 16:06 . 2016-10-19 17:33 175160 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2019-12-15 14:49 . 2019-10-09 13:23 69801720 ----a-w- c:\users\Utente\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2019-12-11 23:12 . 2017-10-11 00:24 127229528 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2019-11-28 03:42 . 2019-12-11 12:29 5120 ----a-w- c:\windows\system32\drivers\it-IT\srv.sys.mui
2019-11-12 21:03 . 2016-10-17 21:46 613944 ------w- c:\windows\system32\MpSigStub.exe
2019-11-05 21:29 . 2019-11-15 17:33 164064 ----a-w- c:\windows\system32\drivers\msrpc.sys
2019-11-05 21:29 . 2019-11-15 17:33 106936 ----a-w- c:\windows\system32\consent.exe
2019-11-05 21:25 . 2019-11-15 17:33 266752 ----a-w- c:\windows\system32\upnphost.dll
2019-11-05 21:25 . 2019-11-15 17:33 628224 ----a-w- c:\windows\system32\usp10.dll
2019-11-05 21:25 . 2019-11-15 17:33 83968 ----a-w- c:\windows\system32\userenv.dll
2019-11-05 21:25 . 2019-11-15 17:33 573440 ----a-w- c:\windows\system32\netlogon.dll
2019-11-05 21:25 . 2019-11-15 17:32 175104 ----a-w- c:\windows\system32\netcorehc.dll
2019-11-05 21:25 . 2019-11-15 17:32 337408 ----a-w- c:\windows\system32\msihnd.dll
2019-11-05 21:25 . 2019-11-15 17:32 25600 ----a-w- c:\windows\system32\msimsg.dll
2019-11-05 21:25 . 2019-11-15 17:32 2368000 ----a-w- c:\windows\system32\msi.dll
2019-11-05 21:25 . 2019-11-15 17:32 4608 ----a-w- c:\windows\system32\msimg32.dll
2019-11-05 21:25 . 2019-11-15 17:33 46080 ----a-w- c:\windows\system32\mf3216.dll
2019-11-05 21:25 . 2019-11-15 17:33 502784 ----a-w- c:\windows\system32\iphlpsvc.dll
2019-11-05 21:24 . 2019-11-15 17:33 1005056 ----a-w- c:\windows\system32\cryptui.dll
2019-11-05 21:24 . 2019-11-15 17:33 88576 ----a-w- c:\windows\system32\AxInstSv.dll
2019-11-05 21:24 . 2019-11-15 17:32 1806848 ----a-w- c:\windows\system32\authui.dll
2019-11-05 21:24 . 2019-11-15 17:32 47104 ----a-w- c:\windows\system32\appinfo.dll
2019-11-05 21:12 . 2019-11-15 17:33 1312256 ----a-w- c:\windows\system32\msjet40.dll
2019-11-05 21:03 . 2019-11-15 17:33 23552 ----a-w- c:\windows\system32\upnpcont.exe
2019-11-05 21:03 . 2019-11-15 17:33 45056 ----a-w- c:\windows\system32\udhisapi.dll
2019-11-05 20:57 . 2019-11-15 17:33 57856 ----a-w- c:\windows\system32\AxInstUI.exe
2019-11-05 20:57 . 2019-11-15 17:32 73216 ----a-w- c:\windows\system32\msiexec.exe
2019-11-05 19:43 . 2019-11-15 17:33 1251840 ----a-w- c:\windows\system32\DWrite.dll
2019-11-05 19:43 . 2019-11-15 17:33 910336 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2019-12-22 10:04 1494408 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Smart Cleaning"="c:\program files\CCleaner\CCleaner.exe" [2019-10-14 18458752]
"Skype for Desktop"="c:\program files\Microsoft\Skype for Desktop\Skype.exe" [2019-12-13 91503464]
"AvastBrowserAutoLaunch_DD887D5B221C8B4B59C42D246BB625A6"="c:\program files\AVAST Software\Browser\Application\AvastBrowser.exe" [2019-11-04 1850312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XeroxEndeavorBackgroundTask"="xrWCbgnd.dll" [2009-07-14 53760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2019-10-05 645648]
"YouCam Service7"="c:\program files\CyberLink\YouCam7\YouCamService7.exe" [2016-11-25 466712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2019-12-22 232840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 avast;Servizio Avast Browser Update (avast);c:\program files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-12-22 202392]
R3 avastm;Servizio Avast Browser Update (avastm);c:\program files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2019-12-22 202392]
R3 AvastSecureBrowserElevationService;Avast Secure Browser Elevation Service;c:\program files\AVAST Software\Browser\Application\77.2.2152.121\elevation_service.exe [2019-11-04 970088]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\Google\Chrome\Application\79.0.3945.88\elevation_service.exe [2019-12-14 959984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2019-11-19 104960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsh.sys [2019-12-22 169408]
S0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniv.sys [2019-12-22 59368]
S0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2019-12-22 73312]
S0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2019-12-22 277408]
S1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [2019-12-22 174712]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriver.sys [2019-12-22 224008]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2019-12-22 41200]
S1 aswNetSec;aswNetSec;c:\windows\system32\drivers\aswNetSec.sys [2019-12-22 411088]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2019-12-22 691528]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2019-12-22 394856]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2019-12-22 145048]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2019-12-22 176760]
S2 avast! Firewall;Avast Firewall Service;c:\program files\AVAST Software\Avast\afwServ.exe [2019-12-22 373928]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [2019-12-22 5106064]
S3 aswNetNd6;Avast Firewall NDIS6 Helper;c:\windows\system32\DRIVERS\aswNetNd6.sys [2019-12-22 36104]
S3 CLMirrorDriver;CLMirrorDriver;c:\windows\system32\DRIVERS\CLMirrorDriver.sys [2015-05-20 21264]
S3 clwvd7;CyberLink WebCam Virtual Driver 7.0 Service;c:\windows\system32\DRIVERS\clwvd7.sys [2016-06-02 43800]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2019-12-19 18:41 1924080 ----a-w- c:\program files\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2019-05-03 02:33 328240 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8504530-742B-42BC-895D-2BAD6406F698}]
2019-12-22 10:19 3068704 ----a-w- c:\program files\AVAST Software\Browser\Application\77.2.2152.121\Installer\chrmstp.exe
.
.
------- Scansione supplementare -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\t7hc6nip.default-release-1569191586928\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
HKU-Default-Run-ZoneAlarm Windows 10 Upgrader - c:\programdata\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_303_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_32_0_0_303_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@DenieD: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@DenieD: (Full) (Everyone)
.
Ora fine scansione: 2019-12-22 16:55:24
ComboFix-quarantined-files.txt 2019-12-22 15:55
.
Pre-Run: 355.751.227.392 byte disponibili
Post-Run: 355.776.299.008 byte disponibili
.
- - End Of File - - 69CE4FC0E3F317710024349C247301CF
A36C5E4F47E84449FF07ED3517B43A31
Ultima modifica da un moderatore: