Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Aiuto report combofix
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Tekeros
Mortale pio
Mortale pio


Registrato: 15/12/16 17:25
Messaggi: 25
Residenza: Ragusa

MessaggioInviato: 14 Nov 2018 17:47    Oggetto: Aiuto report combofix Rispondi citando

Salve a tutti !!! o recentemente ripristinato windows 7 per dei errori anomali, poi o eseguito combofix e ho trovato ancora dell enomalie qualcuno può cotrollare il report? avevo ancora dei virus? a quanto pare combofix a bloccato delle chiavi potete aiutarm?i grazie!

ecco il report:

ComboFix 18-08-08.01 - Salvo 14/11/2018 16:12:22.1.2 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3991.2866 [GMT 1:00]
Eseguito da: f:\programmi\Antivirus\portabili\ComboFix.exe
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2018-10-14 al 2018-11-14 )))))))))))))))))))))))))))))))))))
.
.
2018-11-14 15:16 . 2018-11-14 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-11-14 15:10 . 2018-11-14 15:10 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1CD43D3-5B1E-4F8C-B104-26B8C2500251}\offreg.776.dll
2018-11-14 15:09 . 2018-11-14 13:11 14700824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1CD43D3-5B1E-4F8C-B104-26B8C2500251}\mpengine.dll
2018-10-31 18:32 . 2018-10-31 18:32 -------- d-----w- c:\users\Salvo\AppData\Roaming\AVAST Software
2018-10-31 18:32 . 2018-11-14 14:58 -------- d-----w- c:\users\Salvo\AppData\Local\AVAST Software
2018-10-31 13:53 . 2018-10-17 22:31 14700800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-10-31 09:31 . 2018-10-31 09:31 -------- d-----w- c:\programdata\HitmanPro
2018-10-31 06:30 . 2018-10-31 06:30 -------- d-----w- C:\NPE
2018-10-31 06:25 . 2018-10-31 18:03 -------- d-----w- c:\programdata\Norton
2018-10-21 16:55 . 2018-10-21 16:55 -------- d-----w- c:\users\Salvo\AppData\Roaming\Apowersoft
2018-10-17 17:27 . 2018-10-17 17:30 -------- d-----w- c:\users\Salvo\AppData\Local\gtk-2.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-10-31 15:54 . 2018-09-21 00:46 62774584 ----a-w- c:\users\Salvo\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2018-10-15 21:48 . 2010-11-21 03:27 559880 ------w- c:\windows\system32\MpSigStub.exe
2018-10-10 13:22 . 2018-01-17 20:24 136745976 -c--a-w- c:\windows\system32\MRT.exe
2018-09-19 16:56 . 2018-09-19 16:56 1094320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{238A77FA-783F-4DF3-A2F3-A1A554BA35F7}\gapaengine.dll
2018-09-19 08:37 . 2018-09-19 08:37 1094320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2018-09-19 08:08 . 2018-10-10 12:45 343552 ----a-w- c:\windows\SysWow64\msrd3x40.dll
2018-09-18 19:08 . 2018-10-10 12:45 396888 ----a-w- c:\windows\system32\iedkcs32.dll
2018-09-18 05:52 . 2018-10-10 12:45 25735168 ----a-w- c:\windows\system32\mshtml.dll
2018-09-18 05:38 . 2018-10-10 12:45 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2018-09-18 05:38 . 2018-10-10 12:45 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2018-09-18 05:27 . 2018-10-10 12:45 2902016 ----a-w- c:\windows\system32\iertutil.dll
2018-09-18 05:26 . 2018-10-10 12:45 66560 ----a-w- c:\windows\system32\iesetup.dll
2018-09-18 05:25 . 2018-10-10 12:45 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2018-09-18 05:25 . 2018-10-10 12:45 417280 ----a-w- c:\windows\system32\html.iec
2018-09-18 05:25 . 2018-10-10 12:45 576512 ----a-w- c:\windows\system32\vbscript.dll
2018-09-18 05:25 . 2018-10-10 12:45 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2018-09-18 05:19 . 2018-10-10 12:45 54784 ----a-w- c:\windows\system32\jsproxy.dll
2018-09-18 05:18 . 2018-10-10 12:45 34304 ----a-w- c:\windows\system32\iernonce.dll
2018-09-18 05:16 . 2018-10-10 12:45 615936 ----a-w- c:\windows\system32\ieui.dll
2018-09-18 05:15 . 2018-10-10 12:45 116224 ----a-w- c:\windows\system32\ieetwcollector.exe
2018-09-18 05:15 . 2018-10-10 12:45 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2018-09-18 05:14 . 2018-10-10 12:45 794624 ----a-w- c:\windows\system32\jscript.dll
2018-09-18 05:14 . 2018-10-10 12:45 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2018-09-18 05:14 . 2018-10-10 12:45 5779456 ----a-w- c:\windows\system32\jscript9.dll
2018-09-18 05:09 . 2018-10-10 12:45 969216 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2018-09-18 05:06 . 2018-10-10 12:45 489984 ----a-w- c:\windows\system32\dxtmsft.dll
2018-09-18 05:01 . 2018-10-10 12:45 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2018-09-18 05:00 . 2018-10-10 12:45 87552 ----a-w- c:\windows\system32\tdc.ocx
2018-09-18 05:00 . 2018-10-10 12:45 107520 ----a-w- c:\windows\system32\inseng.dll
2018-09-18 04:57 . 2018-10-10 12:45 199680 ----a-w- c:\windows\system32\msrating.dll
2018-09-18 04:57 . 2018-10-10 12:45 92160 ----a-w- c:\windows\system32\mshtmled.dll
2018-09-18 04:55 . 2018-10-10 12:45 315392 ----a-w- c:\windows\system32\dxtrans.dll
2018-09-18 04:53 . 2018-10-10 12:45 152064 ----a-w- c:\windows\system32\occache.dll
2018-09-18 04:45 . 2018-10-10 12:45 262144 ----a-w- c:\windows\system32\webcheck.dll
2018-09-18 04:43 . 2018-10-10 12:45 728064 ----a-w- c:\windows\system32\ie4uinit.exe
2018-09-18 04:42 . 2018-10-10 12:45 809472 ----a-w- c:\windows\system32\msfeeds.dll
2018-09-18 04:41 . 2018-10-10 12:45 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2018-09-18 04:41 . 2018-10-10 12:45 2136064 ----a-w- c:\windows\system32\inetcpl.cpl
2018-09-18 04:39 . 2018-10-10 12:45 15283712 ----a-w- c:\windows\system32\ieframe.dll
2018-09-18 04:35 . 2018-10-10 12:45 4510720 ----a-w- c:\windows\system32\wininet.dll
2018-09-18 04:31 . 2018-10-10 12:45 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2018-09-18 04:23 . 2018-10-10 12:45 1555968 ----a-w- c:\windows\system32\urlmon.dll
2018-09-18 04:21 . 2018-10-10 12:45 497664 ----a-w- c:\windows\SysWow64\vbscript.dll
2018-09-18 04:21 . 2018-10-10 12:45 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2018-09-18 04:20 . 2018-10-10 12:45 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2018-09-18 04:20 . 2018-10-10 12:45 341504 ----a-w- c:\windows\SysWow64\html.iec
2018-09-18 04:19 . 2018-10-10 12:45 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2018-09-18 04:13 . 2018-10-10 12:45 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2018-09-18 04:12 . 2018-10-10 12:45 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2018-09-18 04:10 . 2018-10-10 12:45 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2018-09-18 04:03 . 2018-10-10 12:45 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2018-09-18 04:02 . 2018-10-10 12:45 73216 ----a-w- c:\windows\SysWow64\tdc.ocx
2018-09-18 03:57 . 2018-10-10 12:45 4494848 ----a-w- c:\windows\SysWow64\jscript9.dll
2018-09-18 03:50 . 2018-10-10 12:45 2059776 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2018-09-18 03:50 . 2018-10-10 12:45 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2018-09-18 03:37 . 2018-10-10 12:45 4037632 ----a-w- c:\windows\SysWow64\wininet.dll
2018-09-17 03:45 . 2018-01-15 13:44 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-09-17 03:45 . 2018-01-15 13:44 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-09-11 18:28 . 2018-10-10 12:45 3227136 ----a-w- c:\windows\system32\win32k.sys
2018-09-11 18:23 . 2018-10-10 12:45 161280 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2018-09-11 18:22 . 2018-10-10 12:45 129536 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2018-09-11 11:18 . 2018-01-31 15:50 152688 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-09-09 01:02 . 2018-10-10 12:45 986824 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2018-09-09 01:02 . 2018-10-10 12:45 631680 ----a-w- c:\windows\system32\winresume.efi
2018-09-09 01:02 . 2018-10-10 12:45 5552328 ----a-w- c:\windows\system32\ntoskrnl.exe
2018-09-09 01:02 . 2018-10-10 12:45 1680072 ----a-w- c:\windows\system32\drivers\ntfs.sys
2018-09-09 01:02 . 2018-10-10 12:45 708296 ----a-w- c:\windows\system32\winload.efi
2018-09-09 01:02 . 2018-10-10 12:45 262344 ----a-w- c:\windows\system32\hal.dll
2018-09-09 01:02 . 2018-10-10 12:45 265416 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2018-09-09 01:02 . 2018-10-10 12:45 95432 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2018-09-09 01:02 . 2018-10-10 12:45 154824 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2018-09-09 01:01 . 2018-10-10 12:45 1664320 ----a-w- c:\windows\system32\ntdll.dll
2018-09-09 00:59 . 2018-10-10 12:45 361984 ----a-w- c:\windows\system32\wow64win.dll
2018-09-09 00:59 . 2018-10-10 12:45 243712 ----a-w- c:\windows\system32\wow64.dll
2018-09-09 00:59 . 2018-10-10 12:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2018-09-09 00:59 . 2018-10-10 12:45 215552 ----a-w- c:\windows\system32\winsrv.dll
2018-09-09 00:59 . 2018-10-10 12:45 210432 ----a-w- c:\windows\system32\wdigest.dll
2018-09-09 00:59 . 2018-10-10 12:45 2851840 ----a-w- c:\windows\system32\themeui.dll
2018-09-09 00:59 . 2018-10-10 12:45 94208 ----a-w- c:\windows\system32\TSpkg.dll
2018-09-09 00:59 . 2018-10-10 12:45 503808 ----a-w- c:\windows\system32\srcore.dll
2018-09-09 00:59 . 2018-10-10 12:45 135680 ----a-w- c:\windows\system32\sspicli.dll
2018-09-09 00:59 . 2018-10-10 12:45 50176 ----a-w- c:\windows\system32\srclient.dll
2018-09-09 00:59 . 2018-10-10 12:45 28672 ----a-w- c:\windows\system32\sspisrv.dll
2018-09-09 00:59 . 2018-10-10 12:45 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2018-09-09 00:59 . 2018-10-10 12:45 28160 ----a-w- c:\windows\system32\secur32.dll
2018-09-09 00:59 . 2018-10-10 12:45 345600 ----a-w- c:\windows\system32\schannel.dll
2018-09-09 00:59 . 2018-10-10 12:45 1211904 ----a-w- c:\windows\system32\rpcrt4.dll
2018-09-09 00:59 . 2018-10-10 12:45 190464 ----a-w- c:\windows\system32\rpchttp.dll
2018-09-09 00:59 . 2018-10-10 12:45 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2018-09-09 00:59 . 2018-10-10 12:45 312320 ----a-w- c:\windows\system32\ncrypt.dll
2018-09-09 00:59 . 2018-10-10 12:45 2009600 ----a-w- c:\windows\system32\msxml6.dll
2018-09-09 00:59 . 2018-10-10 12:45 316928 ----a-w- c:\windows\system32\msv1_0.dll
2018-09-09 00:59 . 2018-10-10 12:45 2048 ----a-w- c:\windows\system32\msxml6r.dll
2018-09-09 00:59 . 2018-10-10 12:45 60416 ----a-w- c:\windows\system32\msobjs.dll
2018-09-09 00:59 . 2018-10-10 12:45 146432 ----a-w- c:\windows\system32\msaudite.dll
2018-09-09 00:58 . 2018-10-10 12:45 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2018-09-09 00:58 . 2018-10-10 12:45 419840 ----a-w- c:\windows\system32\KernelBase.dll
2018-09-09 00:58 . 2018-10-10 12:45 731648 ----a-w- c:\windows\system32\kerberos.dll
2018-09-09 00:58 . 2018-10-10 12:45 1163264 ----a-w- c:\windows\system32\kernel32.dll
2018-09-09 00:58 . 2018-10-10 12:45 405504 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidsha.sys;c:\windows\SYSNATIVE\drivers\aswbidsha.sys [x]
R0 aswblog;aswblog;c:\windows\system32\drivers\aswbloga.sys;c:\windows\SYSNATIVE\drivers\aswbloga.sys [x]
R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbuniva.sys;c:\windows\SYSNATIVE\drivers\aswbuniva.sys [x]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys;c:\windows\SYSNATIVE\drivers\aswRvrt.sys [x]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys;c:\windows\SYSNATIVE\drivers\aswVmm.sys [x]
R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys;c:\windows\SYSNATIVE\drivers\aswArPot.sys [x]
R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
R1 aswHdsKe;aswHdsKe;c:\windows\system32\drivers\aswHdsKe.sys;c:\windows\SYSNATIVE\drivers\aswHdsKe.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
R1 MpKsl6d5bebb7;MpKsl6d5bebb7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB08046F-DCE0-4C9C-B58A-BA602C93D91C}\MpKsl6d5bebb7.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB08046F-DCE0-4C9C-B58A-BA602C93D91C}\MpKsl6d5bebb7.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 edrsensor;edrsensor;c:\windows\system32\DRIVERS\edrsensor.sys;c:\windows\SYSNATIVE\DRIVERS\edrsensor.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys;c:\windows\SYSNATIVE\drivers\SplitCamAudio.sys [x]
R3 splitcam_hd_driver;SplitCam Virtual Video Driver;c:\windows\system32\DRIVERS\splitcam_hd_driver.sys;c:\windows\SYSNATIVE\DRIVERS\splitcam_hd_driver.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 hpqcaslwmiex;HP CASL Framework Service;c:\program files (x86)\HP\Shared\hpqwmiex.exe;c:\program files (x86)\HP\Shared\hpqwmiex.exe [x]
R4 ManyCam Service;ManyCam Service;c:\programdata\ManyCam\Service\ManyCamService.exe;c:\programdata\ManyCam\Service\ManyCamService.exe [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2018-10-29 c:\windows\Tasks\HPCeeScheduleForSalvo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-10-31 18:29 1847000 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2015-08-26 3113592]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-10-31 242392]
.
------- Scansione supplementare -------
.
uStart Page =
mStart Page = about:blank
TCP: Interfaces\{7146A81C-9EFC-400B-AE0A-485280E48603}: NameServer = 8.8.4.4,8.8.8.8,192.168.1.1
FF - ProfilePath - c:\users\Salvo\AppData\Roaming\Mozilla\Firefox\Profiles\iq4maw23.default\
.
.
------- Associazioni dei file -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4344146 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4457016 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\setup.exe
AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4457035 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\setup.exe
AddRemove-{F322B446-B157-4257-B44F-4F22D41F8EDB} - c:\program files (x86)\InstallShield Installation Information\{F322B446-B157-4257-B44F-4F22D41F8EDB}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,53,d1,68,41,15,79,4a,86,53,7e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,53,d1,68,41,15,79,4a,86,53,7e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2018-11-14 16:19:02
ComboFix-quarantined-files.txt 2018-11-14 15:19
.
Pre-Run: 85.791.862.784 byte disponibili
Post-Run: 85.449.482.240 byte disponibili
.
- - End Of File - - CBD256983736B688ACCA5F6302349431
A36C5E4F47E84449FF07ED3517B43A31
Top
Profilo Invia messaggio privato HomePage
R16
Moderatore Sicurezza
Moderatore Sicurezza


Registrato: 07/03/08 21:58
Messaggi: 9843

MessaggioInviato: 14 Nov 2018 18:22    Oggetto: Rispondi citando

Salve.
Citazione:
o recentemente ripristinato windows 7 per dei errori anomali, poi o eseguito combofix e ho trovato ancora dell enomalie qualcuno può cotrollare il report?

Che tipo di "errori anomali"?
Poi, non si esegue Combofix se non consigliato da qualche esperto,perchè è un software da prendere con cautela, pena grossi problemi per il pc.
Inoltre Combofix non ripara "errori anomali" ma elimina (senza il consenso dell'utente) file e cartelle che ritiene infezioni.
Cerca di spiegare meglio che puoi quali problemi riscontri e poi fai questa scansione:
Scarica FRST sul desktop: (è obligatorio)
Installa la versione adatta al tuo Sistema Operativo (32 bit oppure 64 bit )
link
Avvialo e clicca Esegui.
Sulla finestra che ti compare clicca SI.
Clicca Scan.
Aspetta pazientemente la fine della scansione.
Posta i 2 log log che rilascia sul desktop (FRST.txt e Addition.txt)

Per postare i log segui queste indicazioni:
Vai al sito Wikifortio:
link
Clicca su "Sfoglia".
Seleziona (doppio click) il file da inviare.
Clicca "Upload"
Copia il link (sotto link to download) e incollalo qui nel forum.
Top
Profilo Invia messaggio privato
Tekeros
Mortale pio
Mortale pio


Registrato: 15/12/16 17:25
Messaggi: 25
Residenza: Ragusa

MessaggioInviato: 14 Nov 2018 18:50    Oggetto: Rispondi citando

Allora il mio computer si è bloccato dopo che è apparsa un schermata blu ( al raivvio era tutto bloccato ) dopo ho fatto un ripristino grazie a un'immagine di sistema che avevo fatto precedentemente, e tutto si e risolto. Ma ho pensato che il virus risiedeva anche nell'immagine di sistema per questo ho passato combofix con esito positivo sembra infatti che combofix abbia bloccato alcune chiavi malevoli del registro. Comunque ora ti posto le chiavi generate:

link
link
Top
Profilo Invia messaggio privato HomePage
R16
Moderatore Sicurezza
Moderatore Sicurezza


Registrato: 07/03/08 21:58
Messaggi: 9843

MessaggioInviato: 14 Nov 2018 19:15    Oggetto: Rispondi citando

Ciao.
Citazione:
Ma ho pensato che il virus risiedeva anche nell'immagine di sistema

Fammi capire......te lo sei immaginato tu, oppure perchè il pc funzionava male dopo il ripristino dell'immagine?
Da quello che ho capito dopo aver ripristinato l'immagine, sembra che "tutto si sia risolto".
Citazione:
ho passato combofix con esito positivo sembra infatti che combofix abbia bloccato alcune chiavi malevoli del registro.

Non è così, Combofix non ha bloccato nessuna chiave, le chiavi che rileva Combofix le ha trovate bloccate, e te lo segnala per fartelo sapere se vuoi sbloccarle.
Ma quelle chiavi sono tutte legittime, non sono nè virus nè infezioni.
Sono chiavi bloccate dal sistema, ed è normale.
Vorrei sapere se riscontri adesso prolemi.
Top
Profilo Invia messaggio privato
Tekeros
Mortale pio
Mortale pio


Registrato: 15/12/16 17:25
Messaggi: 25
Residenza: Ragusa

MessaggioInviato: 14 Nov 2018 19:33    Oggetto: Rispondi citando

Siccome avevo fatto il buckup da poco tempo, quindi ho immaginato che nel'intero buckup poteva esserci un virus. Se perfavore gli dai una controllta cosi sto piu tranquillo, anche perchè qualcosa di strano lo notata, sembra che miei download si bloccano in modo anomalo.

Grazie
Top
Profilo Invia messaggio privato HomePage
R16
Moderatore Sicurezza
Moderatore Sicurezza


Registrato: 07/03/08 21:58
Messaggi: 9843

MessaggioInviato: 14 Nov 2018 19:46    Oggetto: Rispondi citando

Vai in "Programmi e funzionalità" e disinstalla SUPERAntiSpyware. (non serve)
Finita la disinstallazione fai una pulizia con CCleaner registro compreso.
Riavvia il pc e ripeti la pulizia con CCleaner.
Conosci e usi questo software? :
NielsenUpdate
Se no, disinstallalo, (sempre da "Programmi e funzionalità)
La versione di Avast! è l'ultima versione?
Top
Profilo Invia messaggio privato
Tekeros
Mortale pio
Mortale pio


Registrato: 15/12/16 17:25
Messaggi: 25
Residenza: Ragusa

MessaggioInviato: 14 Nov 2018 20:37    Oggetto: Rispondi citando

Si la versione di avast e l'ultima versine, e nielsen lo conosco. tu dici che il sistema e pulito?
Top
Profilo Invia messaggio privato HomePage
R16
Moderatore Sicurezza
Moderatore Sicurezza


Registrato: 07/03/08 21:58
Messaggi: 9843

MessaggioInviato: 14 Nov 2018 21:26    Oggetto: Rispondi citando

Citazione:
tu dici che il sistema e pulito?

Dico che i tuoi download che si bloccano (sempre, o solo quando scarichi da Emule ?) non dipendono da un'infezione.
Sia dal log di Combofix, che dai log di FRST non risultano infezioni attive.
Comunque puoi provare a ripristinare Firefox:
link
Oppure installare Chrome e vedere se scaricando con un'altro browser il problema si risolve:
link
Se con Chrome il problema non si presenta devi disinstallare Firefox e poi reistallarlo seguendo questa procedura:

Vai in "Programmi e funzionalità" e disinstallalo.
Poi da "Esegui" copia e incolla %APPDATA%
Si aprirà la cartella C:\user\appdata\roaming.
Cerca la cartella Mozilla e la elimini.

Fai la solita pulizia con CCleaner compreso il registro.
Riavvia il pc, e reinstalla Firefox dal sito ufficiale.

link

N.B:
Questa operazione eliminerà anche i Segnalibri, ma prima , potrai salvarli e poi ripristinarli:
Per salvare i "Segnalibri" di Firefox e ripristinarli:
link
Top
Profilo Invia messaggio privato
Tekeros
Mortale pio
Mortale pio


Registrato: 15/12/16 17:25
Messaggi: 25
Residenza: Ragusa

MessaggioInviato: 14 Nov 2018 21:43    Oggetto: Rispondi citando

no solo quando scarico da firfox
Top
Profilo Invia messaggio privato HomePage
R16
Moderatore Sicurezza
Moderatore Sicurezza


Registrato: 07/03/08 21:58
Messaggi: 9843

MessaggioInviato: 15 Nov 2018 17:40    Oggetto: Rispondi

E allora disinstalla Firefox seguendo le indicazioni che ho scritto sopra.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 1 ora
Vai a 1, 2  Successivo
Pagina 1 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi