Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Bagle? di sicuro è uno tosto....

3 pages: [1] 2 3
Bagle? di sicuro è uno tosto.... Opzioni
Topic Precedente · Topic Sucessivo
49parallelo
Inviato: Friday, November 15, 2013 11:52:52 AM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
Salve,e vi dico grazie già da ora per quello che forse riuscirete a fare per me........penso di aver beccato un bagle è successo mentre l'antivirus Avast intenet security (a pagamento) si aggiornava.
Il pc è un assemblato con windows XP professional service pack 3 ed è vecchiotto ma faceva il suo servizio....
o lanciato findykill ha trovato qualcosa ma il problema persiste.
Non va in internet (è in una rete domestica) e ICS con conseguente firewall sono inarrivabili ed inattivabili.
Il firewall non si riesce ad attivare dal centro sicurezza .
Ho disinstallato completamente l'antivirus con il tool avast ma il centro di sicurezza mi dice ancora che "un antivirus e attivo e con la funzione ricerca attivata" io penso che sia un falso segnale dovuto al bagle.
Naturalmente sto inviando da altro pc.
Cercherò di inviare un txt di hjiactis se riesco ad installarlo sul pc...... per ora
vi allego il txt di findykill

############################## | FindyKill V5.002 |

# User : standard () # VECCHIO
# Update on 12/06/09 by Chiquitine29
# Start at: 11.22.58 | 15/11/2013
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

#
#
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 10.0.1.56 [ Enabled | Updated ]
# AV : AntiVir Desktop 10.0.1.56 [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition 8.0.1.18 [ Enabled | (!) Outdated ]
# FW : AVG Firewall[ (!) Disabled ]10.0



############################## | Active Processes |

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\acs.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ssstars.scr
E:\Programmi\Microsoft\BingBar\BBSvc.EXE
E:\Programmi\Microsoft\BingBar\SeaPort.EXE
E:\Programmi\D-Link\Bluetooth Software\bin\btwdins.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\FolderSize\FolderSizeSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Programmi\Java\jre7\bin\jqs.exe
E:\Programmi\File comuni\LightScribe\LSSrvc.exe
E:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\Skype\Updater\Updater.exe
E:\WINDOWS\system32\slserv.exe
E:\WINDOWS\system32\svchost.exe
E:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe

################## | E: |


################## | E:\WINDOWS |


################## | E:\WINDOWS\system32 |


################## | E:\WINDOWS\system32\drivers |


################## | E:\Documents and Settings\standard\Dati applicazioni |


################## | E:\Documents and Settings\Utente\Application Data |


################## | Other ... |


################## | Temporary Internet Files |


################## | Registry / Infected keys |


################## | State / Service / Information |

# Safe boot mode : OK


# Showing of hidden files : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | PEH ... |


################## | Cracks / Keygens / Serials |

"E:\Documents and Settings\standard\.housecall6.6\"patch.exe""
27/12/2008 14.25 |Size 218736 |Crc32 12c79c8b |Md5 b9a80ba0083fb8196f8ca0bef053ea4e

"E:\Documents and Settings\standard\winrare +crack\"WinRAR_Universal_Crack.exe""
21/01/2002 16.13 |Size 4608 |Crc32 614c0c0b |Md5 06f373fc861b27733b3754cdbab92cde

"E:\Documents and Settings\standard\winrare +crack\"wrar320fr.exe""
21/05/2003 10.23 |Size 1024234 |Crc32 23ec5b68 |Md5 5b5280873ba32f06e17bd42a5e60cc04


################## | End of Report # FindyKill V5.002 ! |
Torna in alto
 
Sponsor
Inviato: Friday, November 15, 2013 11:52:52 AM

 
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 12:26:01 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
Ecco il Txt di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12.18.54, on 15/11/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\acs.exe
E:\Programmi\Microsoft\BingBar\SeaPort.EXE
E:\Programmi\D-Link\Bluetooth Software\bin\btwdins.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\FolderSize\FolderSizeSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Programmi\Java\jre7\bin\jqs.exe
E:\Programmi\File comuni\LightScribe\LSSrvc.exe
E:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\slserv.exe
E:\WINDOWS\system32\svchost.exe
E:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Programmi\VIA\RAID\raid_tool.exe
E:\WINDOWS\PixArt\PAC7311\Monitor.exe
E:\Programmi\CyberLink\PCM4Everio\EverioService.exe
E:\Programmi\HP\HP Software Update\HPWuSchd2.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Programmi\File comuni\Java\Java Update\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe
E:\Programmi\D-Link\Bluetooth Software\BTTray.exe
E:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
E:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
E:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe
E:\Programmi\jZip\jZip.exe
E:\DOCUME~1\standard\IMPOST~1\Temp\jZip\jZip1B242\jZip202DE\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programmi\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RaidTool] E:\Programmi\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PAC7311_Monitor] E:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [EverioService] "E:\Programmi\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [hpqSRMon] E:\Programmi\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] E:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "E:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "E:\Programmi\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Facebook Update] "E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [msnmsgr] "E:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - E:\Programmi\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - E:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 4 missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - E:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - E:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programmi\D-Link\Bluetooth Software\bin\btwdins.exe
O23 - Service: Folder Size (FolderSize) - Brio - E:\Programmi\FolderSize\FolderSizeSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - E:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - E:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - E:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - E:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Programmi\Skype\Updater\Updater.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TomTomHOMEService - TomTom - E:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O24 - Desktop Component 0: (no name) - http://www.neverstop.it/phorum/images/logo.gif
O24 - Desktop Component 1: (no name) - http://www.ufficiobrevetti.it/resources/ico_brevetti.gif
O24 - Desktop Component 2: (no name) - http://www.giustiziatributaria.it/img/shim.gif

--
End of file - 8854 bytes
Torna in alto
 
cbbusto
Inviato: Friday, November 15, 2013 4:10:24 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Dal log non appaiono infezioni gravi, ci solo delle voci da eliminare, Avast è ancora presente.

Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:

O4 - HKLM\..\Run: [RaidTool] E:\Programmi\VIA\RAID\raid_tool.exe

O4 - HKLM\..\Run: [EverioService] "E:\Programmi\CyberLink\PCM4Everio\EverioService.exe"

O4 - HKLM\..\Run: [hpqSRMon] E:\Programmi\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [HP Software Update] E:\Programmi\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe ARM] "E:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AvastUI.exe] "E:\Programmi\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [Facebook Update] "E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [msnmsgr] "E:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe

O24 - Desktop Component 0: (no name) - http://www.neverstop.it/phorum/images/logo.gif

O24 - Desktop Component 1: (no name) - http://www.ufficiobrevetti.it/resources/ico_brevetti.gif

O24 - Desktop Component 2: (no name) - http://www.giustiziatributaria.it/img/shim.gif

Scarica QUESTO tool di rimozione e fai una scansione.

Vedo che hai malwarebytes, aggiornalo e poi fai una scansione COMPLETA non veloce, elimina quello che trova, posta il log.

Fai anche questa scansione:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Scan” finita la scansione clicca su Clean , conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log col Blocco Note.
Copialo e postalo qui.

Poi fai una pulizia con Ccleaner compreso il Registro, per il Registro spunta tutte le voci acconsenti al backup quando richiesto, sempre in Ccleaner vai in Strumenti Ripristino Sistema seleziona tutte le voci tranne l'ultima che non è selezionabile e rimane per sicurezza, poi clic su Rimuovi.
Dimmi se il pc è migliorato, altrimenti sarebbe il caso di lanciare combofix:

Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop. (è obligatorio)
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.
Doppio click su combofix.exe (se usi Vista o win 7: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )
E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.

PS- Se il file eseguibile di Combofix non apparisse scaricabile o non volesse avviarsi, è possibile che sul sistema sia presente un malware in grado di rilevare la presenza di questo strumento per la rimozione delle minacce. Al momento del download dell'applicazione, quindi, salvarla su disco modificando il nome predefinito – ovvero ComboFix.exe – (ad esempio abc123.exe)
Ciao
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 4:22:02 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
ciao cbbusto ...non dimenticare che non riesco ad andare in internet ....mi sto aiutando con l'altro pc (da dove risondo )e chiavetta....
ti premetto che all'accensione del pc (infetto?) è lentissimo da paura...
sto cercando di fare quello da te suggerito....
a fra poco
Torna in alto
 
cbbusto
Inviato: Friday, November 15, 2013 4:31:48 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
49parallelo ha scritto:
ciao cbbusto ...non dimenticare che non riesco ad andare in internet ....mi sto aiutando con l'altro pc (da dove risondo )e chiavetta....
ti premetto che all'accensione del pc (infetto?) è lentissimo da paura...
sto cercando di fare quello da te suggerito....
a fra poco


Se riesci a farle forse qualcosa migliora. Ciao
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 4:37:38 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
ho lanciato il tool microsoft come da te detto (e ho eliminato i file da te segnalati con hij) con scan completo...ci vorrà del tempo credo....
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 8:48:14 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
microsoft non ha rilevato nulla...nessuna infezione
proseguo con adwcleaner.....
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 8:58:21 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
49parallelo ha scritto:
microsoft non ha rilevato nulla...nessuna infezione
proseguo con adwcleaner.....


adwcleaner....... non va.... si è aperto ma dopo un primo esame sembra fermo...non fa nulla
Torna in alto
 
r16
Inviato: Friday, November 15, 2013 9:03:20 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Comincia ad eliminare i crack segnalati da FindyKill.
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 9:12:07 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
è andato...sta chiudendo il pc
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 9:14:37 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
solita lentezza.....al riavvio
come elimino i crak???
Torna in alto
 
r16
Inviato: Friday, November 15, 2013 9:28:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
I crack sono questi:
"E:\Documents and Settings\standard\winrare +crack\"WinRAR_Universal_Crack.exe""
21/01/2002 16.13 |Size 4608 |Crc32 614c0c0b |Md5 06f373fc861b27733b3754cdbab92cde

"E:\Documents and Settings\standard\winrare +crack\"wrar320fr.exe""
21/05/2003 10.23 |Size 1024234 |Crc32 23ec5b68 |Md5 5b5280873ba32f06e17bd42a5e60cc04
Segui il percorso ed elimina le cartelle in grassetto.
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 9:42:15 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
Ecco il log di adwcleaner:

# AdwCleaner v3.012 - Report created 15/11/2013 at 21:11:40
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : standard - VECCHIO
# Running from : E:\Documents and Settings\standard\desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : E:\Documents and Settings\All Users\Dati applicazioni\Babylon
Folder Deleted : E:\Documents and Settings\All Users\Menu Avvio\Programmi\jZip
Folder Deleted : E:\Programmi\jZip
Folder Deleted : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\Babylon
Folder Deleted : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\Conduit
Folder Deleted : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\jZip
Folder Deleted : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\OpenCandy
Folder Deleted : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\PackageAware
Folder Deleted : E:\DOCUME~1\standard\IMPOST~1\Temp\jZip
Folder Deleted : E:\Documents and Settings\standard\Dati applicazioni\OfferBox
Folder Deleted : E:\Documents and Settings\standard\Dati applicazioni\Systweak
Folder Deleted : E:\Documents and Settings\standard\Dati applicazioni\Mozilla\Firefox\Profiles\fnuinyhd.default\Conduit
Folder Deleted : E:\Documents and Settings\standard\Dati applicazioni\Mozilla\Firefox\Profiles\fnuinyhd.default\ConduitCommon
File Deleted : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\funmoods.crx
File Deleted : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\funmoods-speeddial_sf.crx
File Deleted : E:\Documents and Settings\standard\Dati applicazioni\Mozilla\Firefox\Profiles\fnuinyhd.default\searchplugins\funmoods.xml
File Deleted : E:\Documents and Settings\standard\Dati applicazioni\Mozilla\Firefox\Profiles\fnuinyhd.default\user.js
File Deleted : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : E:\WINDOWS\Tasks\OfferBoxUpdate.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Key Deleted : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0579B4B1-0293-4D73-B02D-5EBB0BA0F0A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\Messenger Plus!\OpenCandy
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (it)

[ File : E:\Documents and Settings\standard\Dati applicazioni\Mozilla\Firefox\Profiles\fnuinyhd.default\prefs.js ]

Line Deleted : user_pref("CT2905319..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2905319..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2905319..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2905319.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2905319.AppTrackingLastCheckTime", "Wed Aug 03 2011 13:38:42 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.BrowserCompStateIsOpen_129457148143025612", true);
Line Deleted : user_pref("CT2905319.BrowserCompStateIsOpen_129457148143338114", true);
Line Deleted : user_pref("CT2905319.BrowserCompStateIsOpen_129465649439512703", true);
Line Deleted : user_pref("CT2905319.CTID", "CT2905319");
Line Deleted : user_pref("CT2905319.CurrentServerDate", "28-8-2011");
Line Deleted : user_pref("CT2905319.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2905319.DialogsGetterLastCheckTime", "Sun Aug 28 2011 17:16:47 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2905319.EMailNotifierPollDate", "Thu Mar 24 2011 09:40:26 GMT+0100 (ora solare Europa occidentale)");
Line Deleted : user_pref("CT2905319.FirstServerDate", "20-3-2011");
Line Deleted : user_pref("CT2905319.FirstTime", true);
Line Deleted : user_pref("CT2905319.FirstTimeFF3", true);
Line Deleted : user_pref("CT2905319.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2905319.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2905319.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2905319.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2905319.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2905319.Initialize", true);
Line Deleted : user_pref("CT2905319.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2905319.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2905319.InstallationId", "Messenger_Plus_IT.exe");
Line Deleted : user_pref("CT2905319.InstallationType", "ConduitIntegration");
Line Deleted : user_pref("CT2905319.InstalledDate", "Sun Mar 20 2011 21:20:41 GMT+0100 (ora solare Europa occidentale)");
Line Deleted : user_pref("CT2905319.InvalidateCache", false);
Line Deleted : user_pref("CT2905319.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2905319.IsGrouping", false);
Line Deleted : user_pref("CT2905319.IsMulticommunity", false);
Line Deleted : user_pref("CT2905319.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2905319.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2905319.LanguagePackLastCheckTime", "Sun Aug 28 2011 17:16:47 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2905319.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2905319.LastLogin_3.2.5.2", "Thu Mar 24 2011 09:40:30 GMT+0100 (ora solare Europa occidentale)");
Line Deleted : user_pref("CT2905319.LastLogin_3.3.3.2", "Mon Jun 27 2011 08:04:59 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.LastLogin_3.5.0.12", "Sun Aug 28 2011 17:16:47 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.LastLogin_3.6.0.10", "Sun Aug 28 2011 17:24:56 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.LatestVersion", "3.6.0.10");
Line Deleted : user_pref("CT2905319.Locale", "it");
Line Deleted : user_pref("CT2905319.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2905319.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2905319.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2905319.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2905319.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2905319.RadioIsPodcast", false);
Line Deleted : user_pref("CT2905319.RadioLastCheckTime", "Sat Jul 30 2011 23:48:36 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2905319.RadioLastUpdateServer", "129406033977030000");
Line Deleted : user_pref("CT2905319.RadioMediaID", "21761729");
Line Deleted : user_pref("CT2905319.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2905319.RadioMenuSelectedID", "EBRadioMenu_CT290531921761729");
Line Deleted : user_pref("CT2905319.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT2905319.RadioStationName", "Rock104%20-%20The%20Hard%20Rock%20Channel");
Line Deleted : user_pref("CT2905319.RadioStationURL", "hxxp://wma3.cdn.radiostorm.com/rock104hr");
Line Deleted : user_pref("CT2905319.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2905319.SearchEngineBeforeUnload", "AVG Secure Search");
Line Deleted : user_pref("CT2905319.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2905319.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2905319&SearchSource=2&q=");
Line Deleted : user_pref("CT2905319.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2905319.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2905319.SearchInNewTabLastCheckTime", "Sun Aug 28 2011 17:16:36 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2905319.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2905319.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2905319.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2905319.ServiceMapLastCheckTime", "Sun Aug 28 2011 17:16:48 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.SettingsLastCheckTime", "Sun Aug 28 2011 17:16:36 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.SettingsLastUpdate", "1314027854");
Line Deleted : user_pref("CT2905319.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2905319.ThirdPartyComponentsLastCheck", "Sun Aug 28 2011 17:16:36 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.ThirdPartyComponentsLastUpdate", "1291279838");
Line Deleted : user_pref("CT2905319.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2905319");
Line Deleted : user_pref("CT2905319.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2905319.UserID", "UN79555299494767946");
Line Deleted : user_pref("CT2905319.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2905319.WeatherNetwork", "");
Line Deleted : user_pref("CT2905319.WeatherPollDate", "Thu Mar 24 2011 09:40:56 GMT+0100 (ora solare Europa occidentale)");
Line Deleted : user_pref("CT2905319.WeatherUnit", "C");
Line Deleted : user_pref("CT2905319.alertChannelId", "1297244");
Line Deleted : user_pref("CT2905319.approveUntrustedApps", false);
Line Deleted : user_pref("CT2905319.backendstorage._fb_dailyactivity", "31333032333730373236363336");
Line Deleted : user_pref("CT2905319.backendstorage._fb_lifetimesent", "54525545");
Line Deleted : user_pref("CT2905319.backendstorage.ct2905319ads1", "25374225323261647325323225334125354225374225323261696425323225334125323232303833362532322532432532327469746C652532322533412532322575323733302532305[...]
Line Deleted : user_pref("CT2905319.backendstorage.ct2905319current_term", "61697574616D696369");
Line Deleted : user_pref("CT2905319.backendstorage.ct2905319sdate", "3238");
Line Deleted : user_pref("CT2905319.backendstorage.d_ginyas1_d", "");
Line Deleted : user_pref("CT2905319.backendstorage.d_ginyas1_t", "31333039363036313330393737");
Line Deleted : user_pref("CT2905319.backendstorage.facebook_ctid_connect_send", "73656E646564");
Line Deleted : user_pref("CT2905319.backendstorage.fb_dailyactivity", "31333033383036353833333933");
Line Deleted : user_pref("CT2905319.backendstorage.fb_lifetimesent", "54525545");
Line Deleted : user_pref("CT2905319.backendstorage.for_aoi", "31333134353434363330");
Line Deleted : user_pref("CT2905319.backendstorage.for_ccid", "42617269");
Line Deleted : user_pref("CT2905319.backendstorage.for_cdtr5", "31333134353434363330");
Line Deleted : user_pref("CT2905319.backendstorage.for_cid", "4954");
Line Deleted : user_pref("CT2905319.backendstorage.for_ip", "3135312E34352E38342E3337");
Line Deleted : user_pref("CT2905319.backendstorage.for_lcut", "31333134353434363332");
Line Deleted : user_pref("CT2905319.backendstorage.for_pid", "31303132");
Line Deleted : user_pref("CT2905319.backendstorage.for_rid", "3133");
Line Deleted : user_pref("CT2905319.backendstorage.for_zoneid", "3130303832");
Line Deleted : user_pref("CT2905319.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Line Deleted : user_pref("CT2905319.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_affid", "6272617A696C");
Line Deleted : user_pref("CT2905319.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_bguid", "6272617A696C2D42423441333841332D364442462D444246322D373334332D383334453545323436434539");
Line Deleted : user_pref("CT2905319.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_dafl", "31");
Line Deleted : user_pref("CT2905319.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba", "3231393039303737");
Line Deleted : user_pref("CT2905319.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_lba1", "323031312D382D3238");
Line Deleted : user_pref("CT2905319.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_leadscattimestamp", "736D6565745F61762E32313837353530312E31");
Line Deleted : user_pref("CT2905319.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_updatesliststr1", "6176672E636F6D3A3231383230383238");
Line Deleted : user_pref("CT2905319.backendstorage.hxxp://www_blabbers_com/app/conduit.bbrs_updatesliststr1_exp", "3231383236393537");
Line Deleted : user_pref("CT2905319.backendstorage.ytapp_dailyactivity", "31333035353538353132323833");
Line Deleted : user_pref("CT2905319.backendstorage.ytapp_lifetimesent", "54525545");
Line Deleted : user_pref("CT2905319.components.1000082", false);
Line Deleted : user_pref("CT2905319.components.129391537900462547", false);
Line Deleted : user_pref("CT2905319.globalFirstTimeInfoLastCheckTime", "Sun Aug 28 2011 17:16:47 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2905319.initDone", true);
Line Deleted : user_pref("CT2905319.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2905319.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT2905319.myStuffEnabled", true);
Line Deleted : user_pref("CT2905319.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2905319.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2905319.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2905319.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2905319.oldAppsList", "129391537898431271,129391537898900025,111,129409480754837541,129391537899056276,129391537899056277,129391537899212528,129405961670150070,129417342132606878,12950204[...]
Line Deleted : user_pref("CT2905319.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2905319.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2905319.testingCtid", "");
Line Deleted : user_pref("CT2905319.toolbarAppMetaDataLastCheckTime", "Sun Aug 28 2011 17:16:47 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.toolbarContextMenuLastCheckTime", "Sun Aug 28 2011 17:16:47 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CT2905319.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=it", "BQdZLtDml9CpM6IvNWt3SQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=it", "OSAmzMyf1A5YH1UOZc0W8A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=it", "Tzaur4giknJhip2o3N9oCw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=it", "ZZyuTOaNMQtvjkuch6tB6g==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{4619105f-8f56-4dc3-bb47-ede6e2993355}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "messenger_plus_it");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///E:\\Documents and Settings\\standard\\Dati applicazioni\\Mozilla\\Firefox\\Profiles\\fnuinyhd.default\\conduitCommon\\modules\\3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2905319");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{4619105f-8f56-4dc3-bb47-ede6e2993355}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "messenger_plus_it");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2905319");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2905319");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Mar 25 2011 11:36:45 GMT+0100 (ora solare Europa occidentale)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 08:03:38 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 08:03:06 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "878deb01-e27a-46aa-bcd0-02693966eb1e");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "688b85f5-ca74-4ed4-960b-9d9096ef4c51");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.killedEngine", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Aug 28 2011 17:16:47 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Aug 28 2011 17:16:46 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Aug 28 2011 17:16:39 GMT+0200 (ora legale Europa occidentale)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "dfaaf6b7-4cfa-4971-84ac-f99be437da8e");
Line Deleted : user_pref("CommunityToolbar.undefined", "");
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{CAFEEFAC-0016-0000-0017[...]
Line Deleted : user_pref("extensions.funmoods.aflt", "nv1");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.cntry", "IT");
Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "D70FB2CFCF7BCD0E192046C78ABCE71B");
Line Deleted : user_pref("extensions.funmoods.hmpg", true);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0BtDyEzzyB0AzyyDyBtC0Czz0CtC0CyDtN0D0Tzu0CtAyDtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=34721567");
Line Deleted : user_pref("extensions.funmoods.id", "B0487A9571C8C1C5");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15690");
Line Deleted : user_pref("extensions.funmoods.instlRef", "nv1");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2213:53:28");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTab", true);
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0BtDyEzzyB0AzyyDyBtC0Czz0CtC0CyDtN0D0Tzu0CtAyDtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=34721567");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.sg", "none");
Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0BtDyEzzyB0AzyyDyBtC0Czz0CtC0CyDtN0D0Tzu0CtAyDtCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=34721567&q=")[...]
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2213:53:28");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2213:53:28");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

[ File : E:\Documents and Settings\standard\Dati applicazioni\Mozilla\Firefox\Profiles\zqe5mf6v.default-1355672259015\prefs.js ]


-\\ Google Chrome v

[ File : E:\Documents and Settings\standard\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [26389 octets] - [15/11/2013 20:49:56]
AdwCleaner[R1].txt - [26450 octets] - [15/11/2013 21:10:39]
AdwCleaner[S0].txt - [26946 octets] - [15/11/2013 21:11:40]

########## EOF - E:\AdwCleaner\AdwCleaner[S0].txt - [27007 octets] ##########
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 9:46:10 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
ho eliminato la cartella con i 2 crack
Torna in alto
 
r16
Inviato: Friday, November 15, 2013 9:52:10 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

scarica Junkware Removal Tool sul desktop.
http://www.majorgeeks.com/mg/get/junkware_removal_tool,1.html
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 11:14:50 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
ciao R16.... io l'antivirus l'ho disinstallato...
ma cmq non riesco ad andare in internet con il wifi (tp-Link) l'icona sulla sbarra è barrata
ma hai un'idea perchè l'ICS ed il firewall non funzionano più?
mi dice sempre impossibile visualizzare le impostazioni di Windows firewall . Il relativo servizio non è avviato.Avviare il servizio Windows firewall/Internet connection Sharing(ICS)?
clicco si
e mi risponde impossibile avviare il servizio Windows Firewall/Internet connection Sharing(ICS)
e.....amen
...ho lanciato JRT.....
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 11:24:07 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
ma ...ha già finito!!! è stato velocissimo....

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by standard on 15/11/2013 at 23.14.35,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: E:\Documents and Settings\standard\Dati applicazioni\mozilla\firefox\profiles\fnuinyhd.default\minidumps [16 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/11/2013 at 23.20.19,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Torna in alto
 
49parallelo
Inviato: Friday, November 15, 2013 11:57:27 PM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
chiudo ci risentiamo domani, grazie ciao.
Torna in alto
 
49parallelo
Inviato: Saturday, November 16, 2013 10:23:44 AM

Rank: AiutAmico

Iscritto dal : 12/23/2008
Posts: 83
49parallelo ha scritto:
chiudo ci risentiamo domani, grazie ciao.


r 16 penso che se sei disponibile possiamo iniziare da dove abbiamo finito...
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: [1] 2 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Bagle? di sicuro è uno tosto....


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.