Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problema con il log di hiack

problema con il log di hiack Opzioni
Topic Precedente · Topic Sucessivo
jkl
Inviato: Friday, November 01, 2013 5:10:56 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
Ciao a tutti, purtroppo scaricando un programma mi sono ritrovato vari problemi come Qone8 impostato come homepage del mio chrome e vari programmi virus come Electrolyrics. ho scaricato hijack e volevo farvi analizzare il mio LOG ma non mi fa leggere il log. come posso muovermi a proposito?
Torna in alto
 
Sponsor
Inviato: Friday, November 01, 2013 5:10:56 PM

 
Torna in alto
 
r16
Inviato: Friday, November 01, 2013 5:23:24 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Segui le indicazioni di questa guida:
http://forum.aiutamici.com/yaf_postst90814_Guida-per-eliminare-le-pagine-pubblicitarie-SOLO-LETTURA.aspx
Posta i log nel modo segnalato a fine guida.
Torna in alto
 
jkl
Inviato: Saturday, November 02, 2013 2:18:07 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
log malwarebytes: mbam-log-2013-11-02 (10-40-55).txt
log adw: .txt]AdwCleaner[S0].txt
log JRT: JRT.txt
LOG OTL: OTL.Txt
LOG EXTRAS: Extras.Txt
Torna in alto
 
jkl
Inviato: Saturday, November 02, 2013 2:19:17 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
Inoltre continuo a riscontrare continui pop up molesti.... ce ancora qualche rimasuglio di virus o cos'altro?
Torna in alto
 
r16
Inviato: Saturday, November 02, 2013 2:20:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:
:OTL
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
CHR - Extension: ElectroLyrics-16 = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\crossrider
CHR - Extension: ElectroLyrics-16 = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\
CHR - Extension: Lavasoft NewTab = C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.13_0\
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
[2013/11/01 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\LavasoftStatistics
[2013/11/01 15:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2013/11/01 14:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/11/01 14:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2013/11/01 14:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

:Files
C:\Program Files\Enigma Software Group\SpyHunter
C:\Program Files\Enigma Software Group
C:\ProgramData\Ad-Aware Browsing Protection
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log.
Dimmi se i problemi persistono.

Se persistono dimmi in quali browser si verificano.
Torna in alto
 
jkl
Inviato: Saturday, November 02, 2013 2:31:23 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
qone8 non c'è più...ogni tanto mi compaiono ancora dei pop-up che secondo me e la mia ignoranza sono di tipo virale...xk sn gli stessi che avevo quando avevo il pc infetto..
Torna in alto
 
r16
Inviato: Saturday, November 02, 2013 2:38:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Quando ho chiesto info sul pc, dovevo ancora controllare il log di OTL.
Finite le indicazioni, dimmi anche con quali browser riscontri (se li riscontri ancora) i problemi.
Torna in alto
 
jkl
Inviato: Saturday, November 02, 2013 3:02:46 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
All processes killed
========== OTL ==========
Service esgiguard stopped successfully!
Service esgiguard deleted successfully!
File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found.
File C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\crossrider not found.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\js\lib\popupResource folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\js\lib folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\js\api folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\js folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\icons\actions folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\icons folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\extensionData\userCode folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\extensionData\plugins folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0\extensionData folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemfpepmlfpoeaopamikcgielgbdfndp\1.25.18_0 folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.13_0\img\CVS folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.13_0\img folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.13_0\CVS folder moved successfully.
C:\Users\Marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.13_0 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe moved successfully.
C:\Users\Marco\AppData\Roaming\LavasoftStatistics folder moved successfully.
C:\ProgramData\BitDefender\DTrace folder moved successfully.
C:\ProgramData\BitDefender folder moved successfully.
C:\ProgramData\Ad-Aware Browsing Protection folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\components folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\options folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\js folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin\lib folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\skin folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\locale\toolbar folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\locale\lib folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\locale folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\data\search folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\data folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets\net.vmn.www.ToolbarCleaner folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets\net.vmn.www.SecuredSearch folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets\net.vmn.www.BrowserDataCleaner folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets\com.mystart.BrowserHistoryCleaner folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\widgets folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\newtab folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\modules folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\content\lib folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome\content folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome folder moved successfully.
C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar folder moved successfully.
C:\Program Files\Lavasoft\Ad-Aware Antivirus\WebFiltering Engine folder moved successfully.
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine folder moved successfully.
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine folder moved successfully.
C:\Program Files\Lavasoft\Ad-Aware Antivirus folder moved successfully.
C:\Program Files\Lavasoft folder moved successfully.
C:\ProgramData\Lavasoft\Ad-Aware 11\Logs\20131101T151907.171181PID1580 folder moved successfully.
C:\ProgramData\Lavasoft\Ad-Aware 11\Logs folder moved successfully.
C:\ProgramData\Lavasoft\Ad-Aware 11 folder moved successfully.
C:\ProgramData\Lavasoft folder moved successfully.
========== FILES ==========
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
File\Folder C:\ProgramData\Ad-Aware Browsing Protection not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Marco\Downloads\cmd.bat deleted successfully.
C:\Users\Marco\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marco
->Temp folder emptied: 65284479 bytes
->Temporary Internet Files folder emptied: 6646862 bytes
->Google Chrome cache emptied: 368994016 bytes
->Flash cache emptied: 1504 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1640761 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10468 bytes
RecycleBin emptied: 18618649 bytes

Total Files Cleaned = 440,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Marco

User: Public

Total Java Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Marco
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11022013_145836

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Torna in alto
 
r16
Inviato: Saturday, November 02, 2013 4:15:38 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Problemi?
Torna in alto
 
jkl
Inviato: Sunday, November 03, 2013 1:27:57 PM
Rank: AiutAmico

Iscritto dal : 6/3/2005
Posts: 129
Finalmene no!! grazie mille!!
Torna in alto
 
r16
Inviato: Sunday, November 03, 2013 2:00:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ottimo.
Apri OTL e clicca su CleanUP.
Si disistallerà OTL.
Ti chiede di riavviare il pc: acconsenti.
Ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problema con il log di hiack


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.