Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

eliminazione Bagle! Opzioni
chiarav
Inviato: Wednesday, December 28, 2011 12:19:48 AM
Rank: Newbie

Iscritto dal : 12/28/2011
Posts: 2
Salve, sono nuova di questo forum.
Ho un problema con il virus Bagle... ho letto le varie procedure per eliminarlo ma non riesco a scaricare diversi programmi.
Sono riuscita a fare una scansione con spybot ma non mi elimina "18 voci AdwareC". Sono riuscita anche a far partire Combofix ma una volta ottenuto il report non so più cosa devo fare.
Qualcuno sa spiegarmi passo per passo cosa devo fare a questo punto?
Grazie
questo è il report di Combofix:

ComboFix 11-12-27.01 - Chiara-Marta 27/12/2011 23:37:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3894.2514 [GMT 1:00]
Eseguito da: c:\users\Chiara-Marta\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\OfferBox
c:\program files (x86)\OfferBox\OfferBoxBHO.dll
c:\users\Chiara-Marta\AppData\Roaming\bVrlONtxPuSiDoG
c:\users\Chiara-Marta\AppData\Roaming\bVrlONtxPuSiDoG\Cloud AV 2012.ico
c:\users\Chiara-Marta\AppData\Roaming\chrome.exe
c:\users\Chiara-Marta\AppData\Roaming\iexplore.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\12BE\A57.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\233E\73E.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\32AE\F2E.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\32CE\C70.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\337E\F85.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\52DE\1CF.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\A30E\684.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\B28E\9A9.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\D2DE\3A1.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\F20E\CC4.exe
c:\users\Chiara-Marta\AppData\Roaming\Microsoft\F20E\F34.exe
c:\users\Chiara-Marta\AppData\Roaming\OL9gTZqjYwIrOtP
c:\users\Chiara-Marta\AppData\Roaming\OL9gTZqjYwIrOtP\Cloud AV 2012.ico
c:\users\Chiara-Marta\AppData\Roaming\p6dWK7fRLgXjCkV
c:\users\Chiara-Marta\AppData\Roaming\p6dWK7fRLgXjCkV\Cloud AV 2012.ico
c:\users\Chiara-Marta\AppData\Roaming\PBtzPyAv2n4HsJE
c:\users\Chiara-Marta\AppData\Roaming\PBtzPyAv2n4HsJE\Cloud AV 2012.ico
c:\users\Chiara-Marta\AppData\Roaming\U0ucS2ibDpGaHsK
c:\users\Chiara-Marta\AppData\Roaming\U0ucS2ibDpGaHsK\Cloud AV 2012.ico
c:\users\Chiara-Marta\AppData\Roaming\UJ6dWK8fR9TqUeI
c:\users\Chiara-Marta\AppData\Roaming\UJ6dWK8fR9TqUeI\Cloud AV 2012.ico
c:\windows\system32\java.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-27 al 2011-12-27 )))))))))))))))))))))))))))))))))))
.
.
2011-12-27 22:44 . 2011-12-27 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-27 22:38 . 2011-12-27 22:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{139B573B-3526-4BFA-90C7-CE289DFDAD00}\offreg.dll
2011-12-27 12:20 . 2011-12-27 12:20 103424 ----a-w- c:\users\Chiara-Marta\AppData\Roaming\Microsoft\42AE\34B6.tmp
2011-12-27 11:08 . 2011-12-27 11:08 103424 ----a-w- c:\users\Chiara-Marta\AppData\Roaming\Microsoft\82BE\F3D0.tmp
2011-12-26 23:58 . 2011-12-26 23:58 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\sRL9gTXqjCkVzNx
2011-12-26 23:43 . 2011-12-26 23:43 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\cF4amH5sW7E8Rqk
2011-12-26 23:34 . 2011-12-26 23:34 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\ZrzPNyxA1v2bpGa
2011-12-26 23:27 . 2011-12-26 23:27 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\eQH6sWK7fLgZjCk
2011-12-26 22:08 . 2011-12-26 22:08 321024 ----a-w- c:\users\Chiara-Marta\AppData\Roaming\Microsoft\92AE\71A.exe
2011-12-26 22:08 . 2011-12-26 22:08 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\dcS2ibD3pGaHsKf
2011-12-26 22:04 . 2011-12-27 22:35 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\A0DE4
2011-12-26 22:04 . 2011-12-26 22:04 103424 ----a-w- c:\users\Chiara-Marta\AppData\Roaming\Microsoft\233E\86E7.tmp
2011-12-26 22:04 . 2011-12-27 22:29 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\E08A0
2011-12-26 22:04 . 2011-12-26 22:04 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\DONyxA0uv2b3n5Q
2011-12-26 22:03 . 2011-12-26 22:03 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\gamH6sWJ7E8TqYw
2011-12-26 22:03 . 2011-12-27 00:04 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\DcSS2ibDpn4Q6W
2011-12-26 22:03 . 2011-12-26 22:03 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\DpnG5aQH6dW7fLg
2011-12-15 08:17 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 08:14 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 08:14 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 08:14 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 08:14 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 08:14 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-29 23:13 . 2011-11-29 23:13 -------- d-----w- c:\users\Chiara-Marta\AppData\Roaming\DivX
2011-11-29 23:13 . 2011-11-29 23:16 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2011-11-29 23:13 . 2011-11-29 23:16 -------- d-----w- c:\program files\DivX
2011-11-29 23:09 . 2011-11-29 23:16 -------- d-----w- c:\program files (x86)\DivX
2011-11-29 23:08 . 2011-11-29 23:16 -------- d-----w- c:\programdata\DivX
2011-11-28 11:03 . 2011-12-27 22:14 -------- d-----w- c:\program files (x86)\GIMP-2.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 16:24 . 2011-11-09 08:00 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{416ae1cb-7257-484a-b912-aebc7fdad4ce}]
2011-01-14 09:00 134816 ----a-w- c:\program files (x86)\freeTVRadio\spointer\extensions\freetvradio_air_ie.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-09 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"Facebook Update"="c:\users\Chiara-Marta\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-09 137536]
"CwkIVrlONx0c1b38234A"="c:\users\Chiara-Marta\AppData\Roaming\DcSS2ibDpn4Q6W\Cloud AV 2012v121.exe" [BU]
"73E.exe"="c:\users\Chiara-Marta\AppData\Roaming\Microsoft\233E\73E.exe" [BU]
"9A9.exe"="c:\users\Chiara-Marta\AppData\Roaming\Microsoft\B28E\9A9.exe" [BU]
"684.exe"="c:\users\Chiara-Marta\AppData\Roaming\Microsoft\A30E\684.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"AliceRV_McciTrayApp"="c:\program files (x86)\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-511386613-1003369305-2414585440-1001Core.job
- c:\users\Chiara-Marta\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-09 21:31]
.
2011-12-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-511386613-1003369305-2414585440-1001UA.job
- c:\users\Chiara-Marta\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-09 21:31]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 13:06]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 13:06]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-511386613-1003369305-2414585440-1001Core.job
- c:\users\Chiara-Marta\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 09:17]
.
2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-511386613-1003369305-2414585440-1001UA.job
- c:\users\Chiara-Marta\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 09:17]
.
2011-12-13 c:\windows\Tasks\HPCeeScheduleForCHIARA-MARTA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
2011-12-25 c:\windows\Tasks\HPCeeScheduleForChiara-Marta.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:51798
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-C70.exe - c:\users\Chiara-Marta\AppData\Roaming\Microsoft\32CE\C70.exe
Wow6432Node-HKCU-Run-F2E.exe - c:\users\Chiara-Marta\AppData\Roaming\Microsoft\32AE\F2E.exe
Wow6432Node-HKCU-Run-F85.exe - c:\users\Chiara-Marta\AppData\Roaming\Microsoft\337E\F85.exe
Wow6432Node-HKCU-Run-CC4.exe - c:\users\Chiara-Marta\AppData\Roaming\Microsoft\F20E\CC4.exe
Wow6432Node-HKCU-Run-F34.exe - c:\users\Chiara-Marta\AppData\Roaming\Microsoft\F20E\F34.exe
Wow6432Node-HKCU-Run-1CF.exe - c:\users\Chiara-Marta\AppData\Roaming\Microsoft\52DE\1CF.exe
Wow6432Node-HKCU-Run-3A1.exe - c:\users\Chiara-Marta\AppData\Roaming\Microsoft\D2DE\3A1.exe
Wow6432Node-HKCU-Run-A57.exe - c:\users\Chiara-Marta\AppData\Roaming\Microsoft\12BE\A57.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-12-27 23:46:30
ComboFix-quarantined-files.txt 2011-12-27 22:46
.
Pre-Run: 215.678.529.536 byte disponibili
Post-Run: 215.194.017.792 byte disponibili
.
- - End Of File - - D60DD60F823CF12CAF80B5BB2F9FDA2C

Sponsor
Inviato: Wednesday, December 28, 2011 12:19:48 AM

 
kikkas93
Inviato: Wednesday, December 28, 2011 11:21:35 AM

Rank: AiutAmico

Iscritto dal : 12/11/2011
Posts: 140
ciao,
1)scarica questo programma,è un ulteriore disinfettante,io l ho provato e va abbastanza bene.
ti apparirà questa finestra,tu clicca sul DOWNLOAD FILE



2)(al momento di scaricarlo scegli di farlo sul desktop) se non riesci a scaricarlo direttamente sul desktop,scaricalo normalmente, poi lo cerchi nella cartella dove hai tutti i download (si chiama Pre_Scan) e lo sposti sul desktop.
3)disconnettiti da internet. vai sul desktop (se riesci) clicca sopra al programma col tasto destro del mouse ed esegui come amministratore,
4)nonappena il programma parte lo lasci lavorare fino alla fine (è simile a combofix).
non serve ke tu disattivi l antivirus o il firewall poichè ci pensa lui direttamente.
terminata la scansione devi riavviare il pc dallo start,e controlla se il pc è migliorato,poi fammi sapere come va.
poi per le faccende piu complicate arrivano fra poco anche quelli più esperti ad aiutarti.

ciao.
inchiummation
Inviato: Wednesday, December 28, 2011 11:43:56 AM

Rank: AiutAmico

Iscritto dal : 10/26/2011
Posts: 87
Interessante, il numero dei maestri e maestrine è sempre più numeroso !! Com'è vario il mondo.

Chiarav, per il tuo problema, avresti dovuto postare nella sezione "saicurezza virus".
chiarav
Inviato: Wednesday, December 28, 2011 12:44:18 PM
Rank: Newbie

Iscritto dal : 12/28/2011
Posts: 2
Kikkas93 credo il problema sia più complicato, comunque ti ringrazio per aver risposto con dettagliate istruzioni Angel
Inchiummation ti ringrazio per il consiglio, come detto sopra sono nuova di questo forum e non conosco bene il funzionamento... provvedrò a postare nella sezione da te indicata Angel
ciao ciao
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.