PDA

Visualizza la versione completa : v9 .com

imothep
27-08-2013, 19:00
Salve a tutti come posso rimuovere questo fastidioso virus? Grazie
friedr
28-08-2013, 13:18
da' una pulitina con Junkware Removal Tool (http://thisisudax.org)

poi scarica sul desktop OTL (http://oldtimer.geekstogo.com/OTL.exe)

Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output

in File Age seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.

premi RUN SCAN e allega i due log (OTL.txt e Extras.txt).
imothep
28-08-2013, 18:20
Originariamente inviato da friedr
da' una pulitina con Junkware Removal Tool (http://thisisudax.org)

poi scarica sul desktop OTL (http://oldtimer.geekstogo.com/OTL.exe)

Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output

in File Age seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.

premi RUN SCAN e allega i due log (OTL.txt e Extras.txt).

OTL.Txt (http://wikisend.com/download/190346/OTL.Txt)
Extras.Txt (http://wikisend.com/download/255176/Extras.Txt)
friedr
28-08-2013, 23:10
apri OTL, e copia/incolla nel box bianco il seguente codice:

:OTL
PRC - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe
PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)
MOD - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe
SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)
O4 - HKLM..\RunOnce: [upt4pc_it_8.exe] C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe ()
[2013/08/23 21:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pricora 4.1
[2013/07/23 08:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\tuto4pc_it_8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720

:Files
C:\Program Files\Pricora 4.1
C:\Program Files\tuto4pc_it_8
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]

.....premi RUN FIX , e posta il log.

poi esegui anche una scansione COMPLETA con Malwarebytes (aggiornato) ed elimina tutto quello che trova.

in pił, allega un log di Adwcleaner:
clicca su SCAN, poi su REPORT e posta il log.
imothep
29-08-2013, 19:02
Originariamente inviato da friedr
apri OTL, e copia/incolla nel box bianco il seguente codice:

:OTL
PRC - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe
PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)
MOD - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe
SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)
O4 - HKLM..\RunOnce: [upt4pc_it_8.exe] C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe ()
[2013/08/23 21:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pricora 4.1
[2013/07/23 08:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\tuto4pc_it_8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720

:Files
C:\Program Files\Pricora 4.1
C:\Program Files\tuto4pc_it_8
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]

.....premi RUN FIX , e posta il log.

poi esegui anche una scansione COMPLETA con Malwarebytes (aggiornato) ed elimina tutto quello che trova.

in pił, allega un log di Adwcleaner:
clicca su SCAN, poi su REPORT e posta il log.
All processes killed
Error: Unable to interpret <PRC - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe> in the current context!
Error: Unable to interpret <PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)> in the current context!
Error: Unable to interpret <MOD - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe> in the current context!
Error: Unable to interpret <SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)> in the current context!
Error: Unable to interpret <SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)> in the current context!
Error: Unable to interpret <SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)> in the current context!
Error: Unable to interpret <DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [upt4pc_it_8.exe] C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe ()> in the current context!
Error: Unable to interpret <[2013/08/23 21:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pricora 4.1> in the current context!
Error: Unable to interpret <[2013/07/23 08:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\tuto4pc_it_8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720> in the current context!
========== FILES ==========
File\Folder C:\Program Files\Pricora 4.1 not found.
File\Folder C:\Program Files\tuto4pc_it_8 not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\utente\Downloads\cmd.bat deleted successfully.
C:\Users\utente\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: utente
->Temp folder emptied: 1400 bytes
->Temporary Internet Files folder emptied: 1552 bytes
->FireFox cache emptied: 14530540 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 527506 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: utente

Total Java Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: utente
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08292013_185536

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
imothep
29-08-2013, 19:26
Originariamente inviato da imothep
All processes killed
Error: Unable to interpret <PRC - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe> in the current context!
Error: Unable to interpret <PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)> in the current context!
Error: Unable to interpret <MOD - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe> in the current context!
Error: Unable to interpret <SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)> in the current context!
Error: Unable to interpret <SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)> in the current context!
Error: Unable to interpret <SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)> in the current context!
Error: Unable to interpret <DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [upt4pc_it_8.exe] C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe ()> in the current context!
Error: Unable to interpret <[2013/08/23 21:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pricora 4.1> in the current context!
Error: Unable to interpret <[2013/07/23 08:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\tuto4pc_it_8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720> in the current context!
========== FILES ==========
File\Folder C:\Program Files\Pricora 4.1 not found.
File\Folder C:\Program Files\tuto4pc_it_8 not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\utente\Downloads\cmd.bat deleted successfully.
C:\Users\utente\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: utente
->Temp folder emptied: 1400 bytes
->Temporary Internet Files folder emptied: 1552 bytes
->FireFox cache emptied: 14530540 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 527506 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: utente

Total Java Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: utente
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08292013_185536

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


# AdwCleaner v2.107 - Logfile creato il 29/08/2013 alle 19:25:15
# Aggiornamento 21/01/2013 by Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Utente : utente - UTENTE-PC
# Modalitą Avvio : Modalitą Normale
# Eseguito da : C:\Users\utente\Downloads\adwcleaner.exe
# Opzioni [Cerca]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Trovato : C:\ProgramData\Babylon
Cartella Trovato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuto4pc
File Trovato : C:\Users\Public\Desktop\iLivid.lnk

***** [Registro] *****

Chiave Trovata : HKCU\Software\DataMngr
Chiave Trovata : HKCU\Software\DataMngr_Toolbar
Chiave Trovata : HKCU\Software\lollipop
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Chiave Trovata : HKCU\Software\Tuto4PC
Chiave Trovata : HKCU\Software\Tutorials
Chiave Trovata : HKCU\Software\TutoTag
Chiave Trovata : HKLM\SOFTWARE\59e888cb76ded49
Chiave Trovata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovata : HKLM\Software\DataMngr
Chiave Trovata : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Ap plication\WajamUpdater
Chiave Trovata : HKU\S-1-5-21-312015245-1627973798-3076774996-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Trovata : HKU\S-1-5-21-312015245-1627973798-3076774996-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

***** [Browser Internet] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registro Pulito.

-\\ Mozilla Firefox v24.0 (it)

File : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Pr ofiles\b30tma1l.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v29.0.1547.57

File : C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [2023 octets] - [29/08/2013 19:25:15]

########## EOF - C:\AdwCleaner[R1].txt - [2083 octets] ##########
friedr
29-08-2013, 19:54
riesegui Adwcleaner (http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner) con quest'ultima versione:
clicca su SCAN e poi su CLEAN.

Poi riesegui OTL:
copia/incolla nel box bianco quanto segue:

:OTL
PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)
SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)

:commands
[Reboot]


..........premi RUN FIX lascia fare la scansione, riavvia e posta il log.

disabilita questi 2 servizi : SsupdService e SsroService
imothep
30-08-2013, 11:21
Originariamente inviato da friedr
riesegui Adwcleaner (http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner) con quest'ultima versione:
clicca su SCAN e poi su CLEAN.

Poi riesegui OTL:
copia/incolla nel box bianco quanto segue:

:OTL
PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)
SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)


Ciao Friedr il problema sembra risolto ma l'ultima scansione con Otl che mi hai chiesto di fare non mi da il file log dopo il riavvio. Intanto ti ringrazio!
:commands
[Reboot]


..........premi RUN FIX lascia fare la scansione, riavvia e posta il log.

disabilita questi 2 servizi : SsupdService e SsroService
friedr
30-08-2013, 11:43
Ciao Friedr il problema sembra risolto ma l'ultima scansione con Otl che mi hai chiesto di fare non mi da il file log dopo il riavvio. Intanto ti ringrazio!
..bene, apri OTL e clicca su CLEAN UP . ;)
(pulizia finale con CCleaner di file e registro).
imothep
30-08-2013, 12:58
Originariamente inviato da friedr
..bene, apri OTL e clicca su CLEAN UP . ;)
(pulizia finale con CCleaner di file e registro).
Ok grazie milleee!!!
Loading