Salve a tutti come posso rimuovere questo fastidioso virus? Grazie
Salve a tutti come posso rimuovere questo fastidioso virus? Grazie
da' una pulitina con Junkware Removal Tool
poi scarica sul desktop OTL
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
in File Age seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
premi RUN SCAN e allega i due log (OTL.txt e Extras.txt).
OTL.TxtOriginariamente inviato da friedr
da' una pulitina con Junkware Removal Tool
poi scarica sul desktop OTL
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
in File Age seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
premi RUN SCAN e allega i due log (OTL.txt e Extras.txt).
Extras.Txt
apri OTL, e copia/incolla nel box bianco il seguente codice:
:OTL
PRC - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe
PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)
MOD - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe
SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)
O4 - HKLM..\RunOnce: [upt4pc_it_8.exe] C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe ()
[2013/08/23 21:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pricora 4.1
[2013/07/23 08:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\tuto4pc_it_8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720
:Files
C:\Program Files\Pricora 4.1
C:\Program Files\tuto4pc_it_8
ipconfig /flushdns /c
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command]
""=""%1" %*"
:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]
.....premi RUN FIX , e posta il log.
poi esegui anche una scansione COMPLETA con Malwarebytes (aggiornato) ed elimina tutto quello che trova.
in più, allega un log di Adwcleaner:
clicca su SCAN, poi su REPORT e posta il log.
All processes killedOriginariamente inviato da friedr
apri OTL, e copia/incolla nel box bianco il seguente codice:
:OTL
PRC - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe
PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)
MOD - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe
SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)
O4 - HKLM..\RunOnce: [upt4pc_it_8.exe] C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe ()
[2013/08/23 21:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pricora 4.1
[2013/07/23 08:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\tuto4pc_it_8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720
:Files
C:\Program Files\Pricora 4.1
C:\Program Files\tuto4pc_it_8
ipconfig /flushdns /c
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command]
""=""%1" %*"
:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]
.....premi RUN FIX , e posta il log.
poi esegui anche una scansione COMPLETA con Malwarebytes (aggiornato) ed elimina tutto quello che trova.
in più, allega un log di Adwcleaner:
clicca su SCAN, poi su REPORT e posta il log.
Error: Unable to interpret <PRC - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe> in the current context!
Error: Unable to interpret <PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)> in the current context!
Error: Unable to interpret <MOD - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe> in the current context!
Error: Unable to interpret <SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)> in the current context!
Error: Unable to interpret <SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)> in the current context!
Error: Unable to interpret <SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)> in the current context!
Error: Unable to interpret <DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [upt4pc_it_8.exe] C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe ()> in the current context!
Error: Unable to interpret <[2013/08/23 21:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pricora 4.1> in the current context!
Error: Unable to interpret <[2013/07/23 08:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\tuto4pc_it_8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720> in the current context!
========== FILES ==========
File\Folder C:\Program Files\Pricora 4.1 not found.
File\Folder C:\Program Files\tuto4pc_it_8 not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\utente\Downloads\cmd.bat deleted successfully.
C:\Users\utente\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: utente
->Temp folder emptied: 1400 bytes
->Temporary Internet Files folder emptied: 1552 bytes
->FireFox cache emptied: 14530540 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 527506 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 14,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: utente
Total Java Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: utente
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 08292013_185536
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Originariamente inviato da imothep
All processes killed
Error: Unable to interpret <PRC - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe> in the current context!
Error: Unable to interpret <PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)> in the current context!
Error: Unable to interpret <MOD - C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe> in the current context!
Error: Unable to interpret <SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)> in the current context!
Error: Unable to interpret <SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)> in the current context!
Error: Unable to interpret <SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)> in the current context!
Error: Unable to interpret <DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)> in the current context!
Error: Unable to interpret <O4 - HKLM..\RunOnce: [upt4pc_it_8.exe] C:\Users\utente\AppData\Local\tuto4pc_it_8\upt4pc_ it_8.exe ()> in the current context!
Error: Unable to interpret <[2013/08/23 21:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Pricora 4.1> in the current context!
Error: Unable to interpret <[2013/07/23 08:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\tuto4pc_it_8> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:373E1720> in the current context!
========== FILES ==========
File\Folder C:\Program Files\Pricora 4.1 not found.
File\Folder C:\Program Files\tuto4pc_it_8 not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\utente\Downloads\cmd.bat deleted successfully.
C:\Users\utente\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: utente
->Temp folder emptied: 1400 bytes
->Temporary Internet Files folder emptied: 1552 bytes
->FireFox cache emptied: 14530540 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 527506 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 14,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: utente
Total Java Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: utente
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 08292013_185536
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
# AdwCleaner v2.107 - Logfile creato il 29/08/2013 alle 19:25:15
# Aggiornamento 21/01/2013 by Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Utente : utente - UTENTE-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\utente\Downloads\adwcleaner.exe
# Opzioni [Cerca]
***** [Servizi] *****
***** [File / Cartelle] *****
Cartella Trovato : C:\ProgramData\Babylon
Cartella Trovato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tuto4pc
File Trovato : C:\Users\Public\Desktop\iLivid.lnk
***** [Registro] *****
Chiave Trovata : HKCU\Software\DataMngr
Chiave Trovata : HKCU\Software\DataMngr_Toolbar
Chiave Trovata : HKCU\Software\lollipop
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Chiave Trovata : HKCU\Software\Tuto4PC
Chiave Trovata : HKCU\Software\Tutorials
Chiave Trovata : HKCU\Software\TutoTag
Chiave Trovata : HKLM\SOFTWARE\59e888cb76ded49
Chiave Trovata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovata : HKLM\Software\DataMngr
Chiave Trovata : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Ap plication\WajamUpdater
Chiave Trovata : HKU\S-1-5-21-312015245-1627973798-3076774996-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Trovata : HKU\S-1-5-21-312015245-1627973798-3076774996-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
***** [Browser Internet] *****
-\\ Internet Explorer v10.0.9200.16660
[OK] Registro Pulito.
-\\ Mozilla Firefox v24.0 (it)
File : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Pr ofiles\b30tma1l.default\prefs.js
[OK] File Pulito.
-\\ Google Chrome v29.0.1547.57
File : C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File Pulito.
*************************
AdwCleaner[R1].txt - [2023 octets] - [29/08/2013 19:25:15]
########## EOF - C:\AdwCleaner[R1].txt - [2083 octets] ##########
riesegui Adwcleaner con quest'ultima versione:
clicca su SCAN e poi su CLEAN.
Poi riesegui OTL:
copia/incolla nel box bianco quanto segue:
:OTL
PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)
SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)
:commands
[Reboot]
..........premi RUN FIX lascia fare la scansione, riavvia e posta il log.
disabilita questi 2 servizi : SsupdService e SsroService
Originariamente inviato da friedr
riesegui Adwcleaner con quest'ultima versione:
clicca su SCAN e poi su CLEAN.
Poi riesegui OTL:
copia/incolla nel box bianco quanto segue:
:OTL
PRC - C:\Users\Public\Documents\Application\CurrentFile\ ssadp.exe (ssadp)
SRV - (LiveUpSC) -- C:\Users\utente\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\utente\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\utente\AppData\Local\ServiceManager\ssro. exe (SsroService)
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ ssadl.exe (ssadl)
Ciao Friedr il problema sembra risolto ma l'ultima scansione con Otl che mi hai chiesto di fare non mi da il file log dopo il riavvio. Intanto ti ringrazio!
:commands
[Reboot]
..........premi RUN FIX lascia fare la scansione, riavvia e posta il log.
disabilita questi 2 servizi : SsupdService e SsroService
..bene, apri OTL e clicca su CLEAN UP .Ciao Friedr il problema sembra risolto ma l'ultima scansione con Otl che mi hai chiesto di fare non mi da il file log dopo il riavvio. Intanto ti ringrazio!
(pulizia finale con CCleaner di file e registro).
Ok grazie milleee!!!Originariamente inviato da friedr
..bene, apri OTL e clicca su CLEAN UP .
(pulizia finale con CCleaner di file e registro).