il rapporto postato è incompleto.

Scarica Avenger e CCleaner

Apri il blocco note e nella pagina copia/incolla:
Windows Registry Editor Version 5.00

[-HKCR\CLSID\{A3627987-6C95-40BE-A822-4D74AEFBCC12}]

[-HKCR\CLSID\{C5462E30-641D-4265-93D9-B7CA856C6E36}]

[-HKCR\CLSID\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]

[-HKCR\CLSID\{1F543B5E-1DCE-4E55-A8C5-1CFF4F46F38B}]

[-HKCR\CLSID\{AF4EBF01-2871-49E4-BF25-8F0564359C31}]

salvalo in c:\ con il nome nome: fix.reg
tipo di file: tutti i file


Esegui avenger e nella finestra copia/incolla tutta la citazione:
files to delete:
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt08.sqm
C:\sqmdata08.sqm
C:\sqmnoopt09.sqm
C:\sqmdata09.sqm
C:\sqmnoopt10.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmnoopt11.sqm
C:\sqmdata12.sqm
C:\sqmnoopt12.sqm
C:\sqmdata13.sqm
C:\sqmnoopt13.sqm
C:\sqmdata14.sqm
C:\sqmnoopt14.sqm
C:\sqmnoopt15.sqm
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmdata17.sqm
C:\sqmnoopt18.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmnoopt00.sqm
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmdata04.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\sqvgnrpx.dll
C:\WINDOWS\wbxdpgfevkl.dll
C:\WINDOWS\egxk.exe
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\urqPihge.dll
C:\WINDOWS\system32\mlJBRkhh.dll
C:\WINDOWS\system32\geBtQhET.dll
C:\WINDOWS\system32\bxxvjsid.ini
C:\WINDOWS\system32\6bfe23e6-.txt
C:\WINDOWS\system32\vkxwmrnx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\TEhQtBeg.ini2
C:\WINDOWS\system32\xnrmwxkv.ini
C:\WINDOWS\system32\TEhQtBeg.ini

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | 60dde798
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad | fdxbameg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad | fsrpknov
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks | {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}

registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqPihge
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{1F543B5E-1DCE-4E55-A8C5-1CFF4F46F38B}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{AF4EBF01-2871-49E4-BF25-8F0564359C31}

programs to launch on reboot:
c:\fix.reg
Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

Svuota C:\WINDOWS\Prefetch

Esegui CCleaner e ripulisci i file temporanei e i cookie (eseguilo 2 volte)

Scarica, installa e aggiorna malwarebytes, esegui una scansione completa e posta il rapporto.

Riesegui systemscan e posta un nuovo rapporto

(i rapporti caricali sempre su Savefile)

ciao