Discussione: Problema PC o browser?
View Single Post
Old 10-06-2017, 14:01   #3
Gramoz
Member
 
Iscritto dal: Apr 2017
Messaggi: 203
Ciao grazie mille per l'aiuto, son davvero disperato!

Quote:
Originariamente inviato da aled1974 Guarda i messaggi
a sto punto aggiungi queste scansioni
Dunque, ti riporto l'esito delle varie scansioni:

Quote:
Originariamente inviato da aled1974 Guarda i messaggi
- superantispyware


Quote:
Originariamente inviato da aled1974 Guarda i messaggi
- hitman pro trial


Codice:
HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : GRAMOZ-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Gramoz-PC\Gramoz
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (31 days left)

   Scan date . . . . . . : 2017-06-10 13:27:11
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 10s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 2

   Objects scanned . . . : 1.309.246
   Files scanned . . . . : 21.220
   Remnants scanned  . . : 257.550 files / 1.030.476 keys

Malware _____________________________________________________________________

   D:\Programmi\ProgrammiUO\KaRaShO_Ping_Counter_1.0.exe -> Quarantined
      Size . . . . . . . : 1.139.712 bytes
      Age  . . . . . . . : 292.0 days (2016-08-22 13:52:56)
      Entropy  . . . . . : 3.5
      SHA-256  . . . . . : AB5DEB63DB14ED2BC8C29858ABDA0652914CA3A5BFBC29F042F2276195B525CC
      Product  . . . . . : Ping Reporter UODreams
      Publisher  . . . . : Microsoft
      Description  . . . : Ping Reporter UODreams
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.Generic.20719203
      Fuzzy  . . . . . . : 100.0
      References
         HKU\S-1-5-21-32154028-2531209202-381279469-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\Programmi\ProgrammiUO\KaRaShO_Ping_Counter_1.0.exe

L'ho messo in quarantena anche se non credo che questo fosse veramente un trojan perchè conosco il creatore di questo programmino..

Quote:
Originariamente inviato da aled1974 Guarda i messaggi
- emsisoft antimalware


Dopo un riavvio è andato e non ha rilevato nulla di sospetto durante la scansione

Quote:
Originariamente inviato da aled1974 Guarda i messaggi
- combofix <----- !!
Codice:
ComboFix 17-05-16.01 - Gramoz 10/06/2017  13:44:51.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.8175.6073 [GMT 2:00]
Eseguito da: c:\users\Gramoz\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gramoz\AppData\Roaming\Microsoft\Windows\Recent\Movavi Video Editor 12.url
c:\users\Gramoz\AppData\Roaming\Yahoo
c:\users\Gramoz\AppData\Roaming\Yahoo\search.xml
c:\windows\SysWow64\tmp62A8.tmp
c:\windows\SysWow64\tmp62A9.tmp
.
.
(((((((((((((((((((((((((   Files Creati Da 2017-05-10 al 2017-06-10  )))))))))))))))))))))))))))))))))))
.
.
2017-06-10 11:46 . 2017-06-10 11:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2017-06-10 11:35 . 2017-06-10 11:36	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2017-06-10 11:33 . 2017-06-10 11:33	12872	----a-w-	c:\windows\system32\bootdelete.exe
2017-06-10 11:27 . 2017-06-10 11:27	--------	d-----w-	c:\program files\HitmanPro
2017-06-10 11:26 . 2017-06-10 11:34	--------	d-----w-	c:\programdata\HitmanPro
2017-06-10 10:58 . 2017-06-10 10:58	--------	d-----w-	c:\users\Gramoz\AppData\Roaming\SUPERAntiSpyware.com
2017-06-10 10:57 . 2017-06-10 10:57	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2017-06-10 10:50 . 2017-06-10 10:50	44928	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44C64805-4097-4C15-BAF5-5952B519D5F4}\MpKsl0bcdd43b.sys
2017-06-10 10:49 . 2017-06-06 20:57	1078240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C9AF6082-B092-4984-B635-1620722D6B01}\gapaengine.dll
2017-06-10 10:49 . 2017-05-23 17:54	13020000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44C64805-4097-4C15-BAF5-5952B519D5F4}\mpengine.dll
2017-06-09 17:28 . 2017-06-09 17:28	--------	d-----w-	c:\program files (x86)\Common Files\Java
2017-06-09 17:28 . 2017-06-09 17:28	97856	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2017-06-09 17:28 . 2017-06-09 17:28	--------	d-----w-	c:\program files (x86)\Java
2017-06-09 17:26 . 2017-06-09 17:26	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2017-06-08 22:05 . 2017-05-23 17:54	13020000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2017-06-08 16:29 . 2017-06-08 16:29	--------	d-----w-	c:\programdata\Intel Corporation
2017-06-08 16:29 . 2017-06-08 16:29	--------	d-----w-	c:\program files (x86)\Common Files\Intel
2017-06-06 20:57 . 2017-06-06 20:57	1078240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A6E616E-95B6-4E68-A219-428EAF9C3C43}\gapaengine.dll
2017-06-01 21:50 . 2017-06-01 21:50	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2017-05-29 13:04 . 2017-05-29 13:04	--------	d-----w-	c:\users\Gramoz\.TeamSpeak 3
2017-05-29 13:04 . 2017-05-29 13:04	--------	d-----w-	c:\users\Gramoz\.QtWebEngineProcess
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-09 16:22 . 2016-09-05 17:01	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-06-06 20:57 . 2016-08-10 19:45	1078240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2017-05-30 20:45 . 2010-11-21 03:27	565416	------w-	c:\windows\system32\MpSigStub.exe
2017-05-23 11:07 . 2016-08-07 13:49	132223576	-c--a-w-	c:\windows\system32\MRT.exe
2017-05-13 08:58 . 2016-08-06 17:40	803320	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2017-05-13 08:58 . 2016-08-06 17:40	144888	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-04-28 01:14 . 2017-05-10 22:14	631176	----a-w-	c:\windows\system32\winresume.efi
2017-04-28 01:14 . 2017-05-10 22:14	706792	----a-w-	c:\windows\system32\winload.efi
2017-04-28 01:14 . 2017-05-10 22:14	5547240	----a-w-	c:\windows\system32\ntoskrnl.exe
2017-04-28 01:14 . 2017-05-10 22:14	95464	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2017-04-28 01:14 . 2017-05-10 22:14	154856	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2017-04-28 01:11 . 2017-05-10 22:14	1732864	----a-w-	c:\windows\system32\ntdll.dll
2017-04-28 01:10 . 2017-05-10 22:14	362496	----a-w-	c:\windows\system32\wow64win.dll
2017-04-28 01:10 . 2017-05-10 22:14	243712	----a-w-	c:\windows\system32\wow64.dll
2017-04-28 01:10 . 2017-05-10 22:14	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2017-04-28 01:10 . 2017-05-10 22:14	86528	----a-w-	c:\windows\system32\TSpkg.dll
2017-04-28 01:10 . 2017-05-10 22:14	215552	----a-w-	c:\windows\system32\winsrv.dll
2017-04-28 01:10 . 2017-05-10 22:14	210432	----a-w-	c:\windows\system32\wdigest.dll
2017-04-28 01:10 . 2017-05-10 22:14	503808	----a-w-	c:\windows\system32\srcore.dll
2017-04-28 01:10 . 2017-05-10 22:14	50176	----a-w-	c:\windows\system32\srclient.dll
2017-04-28 01:10 . 2017-05-10 22:14	28672	----a-w-	c:\windows\system32\sspisrv.dll
2017-04-28 01:10 . 2017-05-10 22:14	135680	----a-w-	c:\windows\system32\sspicli.dll
2017-04-28 01:10 . 2017-05-10 22:14	63488	----a-w-	c:\windows\system32\setbcdlocale.dll
2017-04-28 01:10 . 2017-05-10 22:14	345600	----a-w-	c:\windows\system32\schannel.dll
2017-04-28 01:10 . 2017-05-10 22:14	28160	----a-w-	c:\windows\system32\secur32.dll
2017-04-28 01:10 . 2017-05-10 22:14	190464	----a-w-	c:\windows\system32\rpchttp.dll
2017-04-28 01:10 . 2017-05-10 22:14	1212928	----a-w-	c:\windows\system32\rpcrt4.dll
2017-04-28 01:10 . 2017-05-10 22:14	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2017-04-28 01:10 . 2017-05-10 22:14	316928	----a-w-	c:\windows\system32\msv1_0.dll
2017-04-28 01:10 . 2017-05-10 22:14	312320	----a-w-	c:\windows\system32\ncrypt.dll
2017-04-28 01:10 . 2017-05-10 22:14	60416	----a-w-	c:\windows\system32\msobjs.dll
2017-04-28 01:10 . 2017-05-10 22:14	146432	----a-w-	c:\windows\system32\msaudite.dll
2017-04-28 01:10 . 2017-05-10 22:14	730624	----a-w-	c:\windows\system32\kerberos.dll
2017-04-28 01:10 . 2017-05-10 22:14	419840	----a-w-	c:\windows\system32\KernelBase.dll
2017-04-28 01:10 . 2017-05-10 22:14	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2017-04-28 01:10 . 2017-05-10 22:14	1163264	----a-w-	c:\windows\system32\kernel32.dll
2017-04-28 01:09 . 2017-05-10 22:14	44032	----a-w-	c:\windows\system32\csrsrv.dll
2017-04-28 01:09 . 2017-05-10 22:14	43520	----a-w-	c:\windows\system32\cryptbase.dll
2017-04-28 01:09 . 2017-05-10 22:14	22016	----a-w-	c:\windows\system32\credssp.dll
2017-04-28 01:09 . 2017-05-10 22:14	880640	----a-w-	c:\windows\system32\advapi32.dll
2017-04-28 01:09 . 2017-05-10 22:14	59904	----a-w-	c:\windows\system32\appidapi.dll
2017-04-28 01:09 . 2017-05-10 22:14	463872	----a-w-	c:\windows\system32\certcli.dll
2017-04-28 01:09 . 2017-05-10 22:14	34816	----a-w-	c:\windows\system32\appidsvc.dll
2017-04-28 01:09 . 2017-05-10 22:14	123904	----a-w-	c:\windows\system32\bcrypt.dll
2017-04-28 01:09 . 2017-05-10 22:14	690688	----a-w-	c:\windows\system32\adtschema.dll
2017-04-28 01:09 . 2017-05-10 22:14	6656	----a-w-	c:\windows\system32\apisetschema.dll
2017-04-28 01:09 . 2017-05-10 22:14	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-28 01:09 . 2017-05-10 22:14	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-28 00:36 . 2017-05-10 22:14	4000488	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2017-04-28 00:36 . 2017-05-10 22:14	3945192	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2017-04-28 00:34 . 2017-05-10 22:14	1314112	----a-w-	c:\windows\SysWow64\ntdll.dll
2017-04-28 00:32 . 2017-05-10 22:14	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2017-04-28 00:32 . 2017-05-10 22:14	82944	----a-w-	c:\windows\SysWow64\bcrypt.dll
2017-04-28 00:32 . 2017-05-10 22:14	666112	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2017-04-28 00:32 . 2017-05-10 22:14	275456	----a-w-	c:\windows\SysWow64\KernelBase.dll
2017-04-28 00:32 . 2017-05-10 22:14	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2017-04-28 00:32 . 2017-05-10 22:14	65536	----a-w-	c:\windows\SysWow64\TSpkg.dll
2017-04-28 00:32 . 2017-05-10 22:14	172032	----a-w-	c:\windows\SysWow64\wdigest.dll
2017-04-28 00:32 . 2017-05-10 22:14	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2017-04-28 00:32 . 2017-05-10 22:14	254464	----a-w-	c:\windows\SysWow64\schannel.dll
2017-04-28 00:32 . 2017-05-10 22:14	141312	----a-w-	c:\windows\SysWow64\rpchttp.dll
2017-04-28 00:32 . 2017-05-10 22:14	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2017-04-28 00:32 . 2017-05-10 22:14	261120	----a-w-	c:\windows\SysWow64\msv1_0.dll
2017-04-28 00:32 . 2017-05-10 22:14	223232	----a-w-	c:\windows\SysWow64\ncrypt.dll
2017-04-28 00:32 . 2017-05-10 22:14	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2017-04-28 00:32 . 2017-05-10 22:14	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2017-04-28 00:32 . 2017-05-10 22:14	553472	----a-w-	c:\windows\SysWow64\kerberos.dll
2017-04-28 00:32 . 2017-05-10 22:14	17408	----a-w-	c:\windows\SysWow64\credssp.dll
2017-04-28 00:32 . 2017-05-10 22:14	342528	----a-w-	c:\windows\SysWow64\certcli.dll
2017-04-28 00:32 . 2017-05-10 22:14	644096	----a-w-	c:\windows\SysWow64\advapi32.dll
2017-04-28 00:32 . 2017-05-10 22:14	50688	----a-w-	c:\windows\SysWow64\appidapi.dll
2017-04-28 00:32 . 2017-05-10 22:14	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2017-04-28 00:32 . 2017-05-10 22:14	690688	----a-w-	c:\windows\SysWow64\adtschema.dll
2017-04-28 00:32 . 2017-05-10 22:14	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIMDE.EXE" [2013-12-16 298560]
"SUPERAntiSpyware"="d:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2017-05-31 7956384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2017-02-15 653352]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2017-02-15 862248]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2016-01-20 1087184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe aml [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 MpKsl0bcdd43b;MpKsl0bcdd43b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44C64805-4097-4C15-BAF5-5952B519D5F4}\MpKsl0bcdd43b.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44C64805-4097-4C15-BAF5-5952B519D5F4}\MpKsl0bcdd43b.sys [x]
S1 SASDIFSV;SASDIFSV;d:\programmi\SUPERAntiSpyware\SASDIFSV64.SYS;d:\programmi\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;d:\programmi\SUPERAntiSpyware\SASKUTIL64.SYS;d:\programmi\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;d:\programmi\SUPERAntiSpyware\SASCORE64.EXE;d:\programmi\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 MyEpson Portal Service;MyEpson Portal Service;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe;c:\program files (x86)\EPSON\MyEpson Portal\mepService.exe [x]
S2 Nemesys;NeMeSys Service;d:\programmi\Nemesys\dist\Nemesys.exe;d:\programmi\Nemesys\dist\Nemesys.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S4 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - HITMANPRO37
*NewlyCreated* - MPKSL0BCDD43B
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2017-06-10 c:\windows\Tasks\EPSON WF-2630 Series Update {B955E086-90BA-427F-8CE6-B4F05BDC4A13}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2017-04-11 16:30]
.
2017-06-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d6ce8ab7-474a-4971-bf35-f6e22e5c8fa5.job
- d:\programmi\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2017-06-10 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ecf6dfd1-eb5a-484e-b063-c3446f0d9947.job
- d:\programmi\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://it.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Gramoz\AppData\Roaming\Mozilla\Firefox\Profiles\p9wg8iu4.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.
.
------- Associazioni dei file -------
.
regedit=regedit.exe "%1"
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-ISM - (no file)
AddRemove-{e2803110-78b3-4664-a479-3611a381656a} - c:\programdata\Package Cache\{e2803110-78b3-4664-a479-3611a381656a}\VC_redist.x86.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2017-06-10  13:48:01
ComboFix-quarantined-files.txt  2017-06-10 11:48
.
Pre-Run: 177.480.822.784 byte disponibili
Post-Run: 176.705.257.472 byte disponibili
.
- - End Of File - - ACF97FA8D8B1CC7ED2118228F36A8032
A36C5E4F47E84449FF07ED3517B43A31
Quote:
Originariamente inviato da aled1974 Guarda i messaggi
- hijackthis
Sono andato sul sito hijackthis.de ma non ho trovato il link per il download

Quote:
Originariamente inviato da aled1974 Guarda i messaggi
java non serve a nulla per navigare col browser dato che il browser usa javascript, che è tutt'altro https://www.java.com/it/download/faq...javascript.xml

ti serve proprio java?
Lo installai perchè, tempo fa, giocavo ad un giochino che lo richiedeva

Quote:
Originariamente inviato da aled1974 Guarda i messaggi
mi pare un alert chiaro: il core #1 della tua cpu ha raggiunto 88°C quando il valore massimo impostato prima che vada in thermal throttling o in shutdown per salvaguardia è di massimo 85°C

al di la dello stress test, in uso browser normale che temperatura cpu/gpu rilevi? puoi usare rispettivamente CoreTemp e Gpuz per monitorarle
GPU



CPU




Quote:
Originariamente inviato da aled1974 Guarda i messaggi
possono dipende da tanti fattori:
- registro windows massacrato
- os massacrato
C'è un modo per verificare queste due condizioni?

Quote:
Originariamente inviato da aled1974 Guarda i messaggi
- infezione malware/miner non debellata
Quote:
Originariamente inviato da aled1974 Guarda i messaggi
- dissipazione cpu/gpu inefficienti (es. pasta termica non adeguatamente posizionata, secca o altro per la cpu e temperature troppo elevate per la gpu, usi msi afterburner o simili?)
afternburner no, msi che cos'è?

Quote:
Originariamente inviato da aled1974 Guarda i messaggi
- ssd messo male, e gli 830 soffrivano di un bug firmware (forse) fixato in seguito http://www.anandtech.com/show/5460/s...xes-bsod-issue
Come posso fixarlo? E mi conviene farlo?

Quote:
Originariamente inviato da aled1974 Guarda i messaggi
- accelerazione hardware impostata nel browser e da disabilitare https://support.mozilla.org/it/questions/1075185
- impostazioni errate nel bios automaticamente impostate, controlla quindi che vCore, fsb, moltiplicatore della cpu siano corretti così come vDimm e timings delle memorie
- ram fallata (o pettine ram della mobo), guida qui http://www.hwupgrade.it/forum/showthread.php?t=1189286


se si possa risolvere il tutto senza formattare.... dipende, se il problema è hardware puoi formattare anche 100 volte per dire, e non cambierà nulla
se è software nuovamente dipende, non è detto che i pasticci sw si possano sempre risolvere, a volte tocca davvero fare una ripartenza da zero

per le bsod qui trovi tutte le istruzioni per analizzare e capire da cosa dipendano: http://www.hwupgrade.it/forum/showthread.php?t=1955371


in bocca al lupo con le prove

ciao ciao
Grazie mille per ora!
Gentilissimo!
Ultima modifica di Gramoz : 10-06-2017 alle 15:14.
Gramoz è offline   Rispondi citando il messaggio o parte di esso