Ripristinare avvio windows 7

[marck]

Ho risolto il problema del fastidioso avviso di bit defender, come mi avevi consigliato avevo cancellato spybot per installare combofix, ora ho deciso di installarlo nuovamente, durante l'installazione un avviso mi consigliava di eliminare tutte le versioni precedenti di spybot, sicuramente è rimasto qualche residuo della vecchia versione, durante fase di disinstallazione si è presentato l'avviso di bit defender che impediva la corretta eliminazione del programma, finita la procedura spybot mi chiedeva di riavviare il pc per apportare le modifiche, come ho riavviato windows il messaggio è sparito, sto pensato che il bit defender era qualche strumento integrato su spybot che non era correttamente disinstallato.

[egonet]

Ciao, dopo una scansione combofix mi ritrovo con un errore di avvio di Windows che non risolvo in nessuna modalità e/o ripristino con CD.
(Impossibile caricare Windows Un driver di sistema critico è mancante o danneggiato)
FIle: \Windows\System32\Drivers\Combo-Fix.sys


Questo il log FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-05-2016 01
Ran by SYSTEM on MININT-NOGUSUO (23-05-2016 15:22:38)
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X86) Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344 2012-03-07] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [combofix] => C:\DB\Combobatch.bat [8374 2016-05-22] ()
HKLM\...\RunOnce: [SpybotDeletingA8984] => command.com /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk"
HKLM\...\RunOnce: [SpybotDeletingC284] => cmd.exe /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.lnk"
HKLM\...\RunOnce: [SpybotDeletingA723] => command.com /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk"
HKLM\...\RunOnce: [SpybotDeletingC7030] => cmd.exe /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.lnk"
HKLM\...\RunOnce: [SpybotDeletingA6096] => command.com /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk"
HKLM\...\RunOnce: [SpybotDeletingC4871] => cmd.exe /c del "C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD Registry Cleaner\Uninstall QUAD Registry Cleaner.lnk"
HKLM\...\RunOnce: [SpybotDeletingA9988] => command.com /c del "C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url"
HKLM\...\RunOnce: [SpybotDeletingC4589] => cmd.exe /c del "C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url"
HKLM\...\RunOnce: [SpybotDeletingA7319] => command.com /c del "C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles"
HKLM\...\RunOnce: [SpybotDeletingC147] => cmd.exe /c del "C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles"
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM\...\RunOnce: [combofix] => C:\DB\CF25418.3XE /c C:\DBCombobatch.bat
HKLM\...\runonceex: [flags] => 8
HKU\ilaria e sonia\...\Run: [Facebook Update] => "C:\Users\ilaria e sonia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\ilaria e sonia\...\Run: [Dropbox Update] => C:\Users\ilaria e sonia\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-18] (Dropbox, Inc.)
Startup: C:\Users\ilaria e sonia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [687400 2011-11-25] (Nero AG)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699168 2012-10-11] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 bopllhx; C:\Windows\System32\drivers\ptiy.sys [52440 2016-05-22] (Malwarebytes)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-23] (DT Soft Ltd)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
S2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] ()
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-06] (Realtek Semiconductor Corporation )
S2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-18] (TuneUp Software)
S0 vkquwexg; C:\Windows\System32\drivers\Combo-Fix.sys [60416 2016-05-22] ()
S5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vincenzo\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-23 23:47 - 2016-05-23 23:47 - 00028672 _____ C:\bcdbackup
2016-05-23 15:18 - 2016-05-23 15:22 - 00000000 ____D C:\FRST
2016-05-23 15:05 - 2016-05-23 15:05 - 00000000 ____D C:\Temp
2016-05-22 19:31 - 2016-05-22 19:31 - 00060416 _____ C:\Windows\System32\Drivers\Combo-Fix.sys
2016-05-22 19:12 - 2016-05-22 19:31 - 00000000 ___SD C:\DB
2016-05-22 19:12 - 2016-05-22 19:12 - 00000000 ____D C:\Qoobox
2016-05-22 19:12 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-05-22 19:12 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-05-22 19:12 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-05-22 19:12 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-05-22 19:11 - 2016-05-22 19:31 - 00000000 ____D C:\Windows\erdnt
2016-05-22 18:05 - 2016-05-22 18:05 - 00052440 _____ (Malwarebytes) C:\Windows\System32\Drivers\ptiy.sys
2016-05-22 17:49 - 2016-05-22 17:49 - 00000727 _____ C:\Windows\wininit.ini
2016-05-22 17:14 - 2015-08-05 18:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2016-05-22 17:14 - 2015-08-05 17:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2016-05-22 17:03 - 2016-05-22 18:05 - 00001116 _____ C:\Users\Vincenzo\Desktop\Security.lnk
2016-05-22 17:03 - 2016-05-22 16:37 - 05659526 ____R (Swearware) C:\Users\Vincenzo\Desktop\DB.exe
2016-05-22 17:02 - 2016-05-22 17:02 - 00000000 ____D C:\Windows\Sun
2016-05-22 17:01 - 2010-11-20 13:17 - 00270336 _____ (Microsoft Corporation) C:\sethc.exe
2016-05-22 16:59 - 2016-05-22 17:11 - 00000000 ____D C:\Program Files\SpeedFan
2016-05-22 16:55 - 2016-05-22 16:55 - 00000000 ____D C:\Program Files\Common Files\Java
2016-05-22 16:54 - 2016-05-22 16:59 - 00000045 _____ C:\Windows\System32\initdebug.nfo
2016-05-22 16:54 - 2016-05-22 16:54 - 00000000 ____D C:\Users\Vincenzo\AppData\Roaming\Sun
2016-05-22 16:54 - 2016-05-22 16:54 - 00000000 ____D C:\Users\Vincenzo\AppData\LocalLow\Sun
2016-05-22 16:54 - 2016-05-22 16:54 - 00000000 ____D C:\Users\Vincenzo\.oracle_jre_usage
2016-05-22 16:53 - 2016-05-22 17:00 - 00000000 ____D C:\ProgramData\Oracle
2016-05-22 16:53 - 2016-05-22 16:53 - 00095808 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2016-05-22 16:52 - 2016-05-22 16:52 - 00000000 ____D C:\Program Files\Java
2016-05-22 16:52 - 2009-06-10 22:39 - 00000824 _____ C:\Windows\System32\Drivers\etc\hosts.20160522-175229.backup
2016-05-22 16:43 - 2016-05-22 16:43 - 00000000 ____D C:\Users\Vincenzo\AppData\LocalLow\Oracle
2016-05-22 16:41 - 2016-05-22 16:41 - 00000000 ____D C:\Program Files\CCleaner
2016-05-22 16:40 - 2016-05-22 16:41 - 00170200 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2016-05-22 16:39 - 2016-05-22 17:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-22 16:39 - 2016-05-22 16:40 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2016-05-22 16:39 - 2016-05-22 16:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-22 16:39 - 2016-05-22 16:39 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-05-22 16:39 - 2016-03-10 13:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2016-05-22 16:39 - 2016-03-10 13:08 - 00126336 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamchameleon.sys
2016-05-22 16:39 - 2016-03-10 13:08 - 00024448 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2016-05-22 16:36 - 2016-05-22 19:11 - 00000000 ____D C:\Program Files\Security
2016-05-22 16:12 - 2016-05-22 18:05 - 00002150 _____ C:\Users\Vincenzo\Desktop\Google Chrome.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-22 19:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-05-22 19:00 - 2013-02-17 21:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-05-22 18:55 - 2013-07-29 19:00 - 00000000 ____D C:\Windows\System32\MRT
2016-05-22 18:44 - 2013-02-25 00:00 - 136686448 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2016-05-22 18:42 - 2009-07-14 05:34 - 00030832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-22 18:42 - 2009-07-14 05:34 - 00030832 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-22 18:42 - 2009-07-14 03:04 - 00000580 _____ C:\Windows\win.ini
2016-05-22 18:39 - 2013-02-16 09:57 - 01641650 _____ C:\Windows\System32\PerfStringBackup.INI
2016-05-22 18:39 - 2009-08-17 11:38 - 00743918 _____ C:\Windows\System32\perfh010.dat
2016-05-22 18:39 - 2009-08-17 11:38 - 00148092 _____ C:\Windows\System32\perfc010.dat
2016-05-22 18:06 - 2015-08-08 19:00 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-22 18:06 - 2015-08-08 18:25 - 00002709 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-22 18:06 - 2013-05-23 14:18 - 00001904 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-05-22 18:06 - 2013-05-18 19:17 - 00001024 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-22 18:06 - 2013-02-19 13:59 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-05-22 18:05 - 2013-11-10 23:39 - 00001038 _____ C:\Users\Vincenzo\Desktop\Football Manager 2014.lnk
2016-05-22 18:05 - 2013-02-17 21:17 - 00001113 _____ C:\Users\Vincenzo\Desktop\Documenti.lnk
2016-05-22 18:05 - 2013-02-17 19:19 - 00001831 _____ C:\Users\Vincenzo\Desktop\Spotify.lnk
2016-05-22 18:05 - 2013-02-17 19:13 - 00001028 _____ C:\Users\Vincenzo\Desktop\eMule AdunanzA.lnk
2016-05-22 18:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\ModemLogs
2016-05-22 17:55 - 2013-05-23 14:17 - 00000000 ____D C:\Users\Vincenzo\AppData\Roaming\DAEMON Tools Lite
2016-05-22 17:55 - 2013-02-17 19:11 - 00000000 ____D C:\Users\Vincenzo\AppData\Roaming\BitTorrent
2016-05-22 17:53 - 2013-02-15 22:15 - 00000000 ____D C:\Windows\Panther
2016-05-22 16:59 - 2013-02-17 18:55 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2016-05-22 16:59 - 2013-02-17 18:55 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2016-05-22 16:54 - 2013-02-15 22:25 - 00000000 ____D C:\users\Vincenzo
2016-05-22 16:43 - 2013-02-19 14:00 - 00000000 ____D C:\Users\Vincenzo\AppData\Local\Adobe
2016-05-22 16:03 - 2013-02-16 10:04 - 00000000 ____D C:\ProgramData\NVIDIA

Some files in TEMP:
====================
C:\Users\ilaria e sonia\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpertoye.dll
C:\Users\ilaria e sonia\AppData\Local\Temp\GUR668A.exe
C:\Users\Vincenzo\AppData\Local\Temp\catchme.dll
C:\Users\Vincenzo\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Vincenzo\AppData\Local\Temp\sfareca00001.dll


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identificatore {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale it-IT
default {default}
displayorder {default}
timeout 30

Caricatore di avvio di Windows
-------------------
identificatore {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Home Premium
locale it-IT
osdevice partition=C:
systemroot \Windows

Caricatore di avvio di Windows
-------------------
identificatore {92693ae1-2138-11e6-8ebd-c99a6121cf10}
device ramdisk=[C:]\Recovery\df1fda2d-77b4-11e2-84ff-8e9c27de5a40\Winre.wim,{92693ae2-2138-11e6-8ebd-c99a6121cf10}
path \windows\system32\winload.exe
description Windows Recovery Environment (ripristinato)
locale
osdevice ramdisk=[C:]\Recovery\df1fda2d-77b4-11e2-84ff-8e9c27de5a40\Winre.wim,{92693ae2-2138-11e6-8ebd-c99a6121cf10}
systemroot \windows
winpe Yes

Tester memoria di Windows
---------------------
identificatore {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale it-IT

Opzioni dispositivo
--------------
identificatore {92693ae2-2138-11e6-8ebd-c99a6121cf10}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\df1fda2d-77b4-11e2-84ff-8e9c27de5a40\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2047.12 MB
Available physical RAM: 1572.84 MB
Total Virtual: 2047.12 MB
Available Virtual: 1569 MB

==================== Drives ================================

Drive c: (Volume) (Fixed) (Total:465.76 GB) (Free:284.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (MULTIBOOT) (Removable) (Total:7.19 GB) (Free:3.5 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 465.8 GB) (Disk ID: 549ED37F)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 2B326B5A)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0C)


LastRegBack: 2015-12-30 21:52

==================== End of FRST.txt ============================



AIUTO!