1) Visto che il pc è aziendale, controlla questi i due servizi (vedi nelle proprietà)
C:\WINNT\system32\drivers\Ubh06.sys
C:\WINNT\system32\drivers\kqW28.sys
ma non credo proprio siano i vostri. In caso contrario, fermati che correggo lo script per avenger.

2) Virtumonde... ma forse non solo questo... lo vedremo con la scansione.

Scarica Avenger e CCleaner

Apri il blocco note e nella pagina copia/incolla:
Windows Registry Editor Version 5.00

[-HKCR\CLSID\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]

[-HKCR\CLSID\{02E857FD-2262-415D-BC0F-124F9E6241F0}]

[-HKCR\CLSID\{33940B89-B786-4278-A55C-285A98BAAB2A}]

[-HKCR\CLSID\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"cmds"=-

salvalo in c:\ con il nome nome: fix.reg
tipo di file: tutti i file

senza chiuderlo, salvalo nuovamente come fix2.reg


Esegui avenger e nella finestra copia/incolla tutta la citazione:
files to delete:
C:\WINNT\system32\geBrsRkl.dll
C:\WINNT\system32\vlutsjcw.dll
C:\WINNT\system32\xotohxts.ini
C:\WINNT\system32\wcjstulv.ini
C:\WINNT\system32\klugpvvw.ini
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\xrfomfju.ini
C:\WINNT\system32\njbpocnt.ini
C:\WINNT\system32\hlfjipmc.ini
C:\WINNT\system32\wlgttkbx.dll
C:\WINNT\system32\xbkttglw.ini
C:\WINNT\system32\sbijxdfi.ini
C:\WINNT\system32\iesxbsby.dll
C:\WINNT\system32\sberfpjr.dll
C:\WINNT\system32\rjpfrebs.ini
C:\WINNT\system32\ybsbxsei.ini
C:\WINNT\system32\QYcLlnpo.ini2
C:\WINNT\system32\QYcLlnpo.ini
C:\WINNT\system32\gflbctne.ini
C:\WINNT\system32\gbkmudyx.dll
C:\WINNT\system32\xydumkbg.ini
C:\WINNT\system32\crpqqmtq.dll
C:\WINNT\system32\qtmqqprc.ini
C:\WINNT\system32\grjscedj.dll
C:\WINNT\system32\jdecsjrg.ini
C:\WINNT\system32\hjoordio.dll
C:\WINNT\system32\oidroojh.ini
C:\WINNT\system32\otcrwosi.dll
C:\WINNT\system32\isowrcto.ini
C:\WINNT\system32\jlltomls.dll
C:\WINNT\system32\slmotllj.ini
C:\WINNT\system32\mssrv32.exe
C:\WINNT\system32\clkcnt.txt
C:\WINNT\system32\yahexuse.dll
C:\WINNT\system32\esuxehay.ini
C:\WINNT\system32\WinCtrl32.dll
C:\WINNT\system32\WinCtrl32.dl_
C:\WINNT\system32\entcblfg.dll
C:\WINNT\system32\opnlLcYQ.dll
C:\WINDOWS\SYSTEM32\WLCtrl32.dll
C:\WINNT\system32\drivers\Ubh06.sys
C:\WINNT\system32\drivers\kqW28.sys
C:\DOCUME~1\PAGLIO~1\IMPOST~1\Temp\nnnOeEVM.dll
C:\DOCUME~1\PAGLIO~1\IMPOST~1\Temp\MVEeOnnn.ini2
C:\DOCUME~1\PAGLIO~1\IMPOST~1\Temp\MVEeOnnn.ini

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | a0a62899
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks | {EF4CC146-43C9-4741-8D21-EB5035A4EBEC}

registry keys to delete:
HKEY_LOCAL_MACHINE\system\controlset001\services\m supdate
HKEY_LOCAL_MACHINE\system\controlset002\services\m supdate
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\msupdate
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\r oot\legacy_msupdate
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\ legacy_msupdate
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\ legacy_msupdate
HKEY_LOCAL_MACHINE\system\controlset001\services\U bh06
HKEY_LOCAL_MACHINE\system\controlset002\services\U bh06
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\Ubh06
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\r oot\legacy_Ubh06
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\ legacy_Ubh06
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\ legacy_Ubh06
HKEY_LOCAL_MACHINE\system\controlset001\services\k qW28
HKEY_LOCAL_MACHINE\system\controlset002\services\k qW28
HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\kqW28
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\r oot\legacy_kqW28
HKEY_LOCAL_MACHINE\system\controlset001\enum\root\ legacy_kqW28
HKEY_LOCAL_MACHINE\system\controlset002\enum\root\ legacy_kqW28
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBrsRkl
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WLCtrl32
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02E857FD-2262-415D-BC0F-124F9E6241F0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{33940B89-B786-4278-A55C-285A98BAAB2A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{9CAE5185-3115-4089-954E-0E4D59B80048}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{EF4CC146-43C9-4741-8D21-EB5035A4EBEC}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa feBoot\Minimal\Ubh06.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa feBoot\Network\Ubh06.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Minimal\Ubh06.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Network\Ubh06.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Ubh06.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\Ubh06.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa feBoot\Minimal\kqW28.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Sa feBoot\Network\kqW28.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Minimal\kqW28.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Sa feBoot\Network\kqW28.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\kqW28.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network\kqW28.sys

programs to launch on reboot:
c:\fix.reg
Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte).

Svuota C:\WINDOWS\Prefetch

Esegui una scansione: scarica, installa e aggiorna malwarebytes, esegui una scansione completa e posta il rapporto (lo trovi in "File di log": apri il file di testo copia/incolla il rapporto).

Posta il rapporto della scansione con malwarebytes, il rapporto di avenger e un nuovo systemscam (caricali su savefile)