Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo del log di hijack

2 pages: 1 [2]
Controllo del log di hijack Opzioni
Topic Precedente · Topic Sucessivo
r16
Inviato: Wednesday, October 03, 2012 6:18:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


Code:
KillAll::

Driver::
PowerOffer Service
ServUpdater

File::
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\claudio\AppData\Local\PosService\Pos.exe

Folder::
c:\users\Public\Documents\AppData\PoApp
c:\users\claudio\AppData\Local\PosService
c:\users\claudio\AppData\Local\ServUpdater

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-

DDS::
mStart Page = hxxp://search.findeer.com


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.
Torna in alto
 
claudiric57
Inviato: Wednesday, October 03, 2012 7:24:15 PM
Rank: Member

Iscritto dal : 9/30/2012
Posts: 15


Fatto tutto quello che mi hai detto però da imbranato mi sono perso il log di combofix........si può recuperare??? Credevo di averlo salvato su desktop invece no!!!
Torna in alto
 
r16
Inviato: Wednesday, October 03, 2012 9:12:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Lo trovi in questo percorso:
C:\ComboFix.txt.
Riscontri problemi?
Torna in alto
 
claudiric57
Inviato: Thursday, October 04, 2012 5:11:09 PM
Rank: Member

Iscritto dal : 9/30/2012
Posts: 15


Allora guardl il percorso C:/Combofix.txt non l'ho trovato, ho anche fatto la ricerca ma mi dice che il file non esiste!!!!

Comunque si ho ancora dei problemi, ancora ogni tanto mi si aprono delle finestre indesiderate, meno di prima ma si aprono!!! E ancora soprattuto quando sono su google e faccio la ricerca mi si blocca il computer per alcuni secondi e mi si offusca la visione, dura pochissimo ma in quel poco tempo non mi fa fare nulla ed in alto mi dice che mozilla non risponde!!!
Torna in alto
 
r16
Inviato: Thursday, October 04, 2012 6:16:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.

Per postare i log:
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Torna in alto
 
claudiric57
Inviato: Thursday, October 04, 2012 6:52:33 PM
Rank: Member

Iscritto dal : 9/30/2012
Posts: 15
Ecco i due link che mi sono usciti:

OTL.Txt

Extras.Txt
Torna in alto
 
r16
Inviato: Thursday, October 04, 2012 7:37:44 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:


Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
[2012/06/09 15:34:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011/12/03 18:11:14 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\personas@christopher.beard.xpi
[2012/09/21 16:33:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012/10/04 18:11:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\251a01e6e21370e33021658d316cc1a2_expire
[2012/10/03 19:21:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012/08/12 18:05:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire
[2012/10/04 18:11:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\35c5ead7c694459d2b46d88482247348_expire
[2012/08/28 17:03:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire
[2012/09/02 06:41:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4b0e98311420d21d03c4ea36a788d6d7_expire
[2012/09/29 07:29:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012/09/04 18:12:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012/08/13 07:16:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6a549303124ba1b3ba81874e45b5f516_expire
[2012/10/04 18:11:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\79fb7d8c9c120c501ff74f2666f1ed76_expire
[2012/07/25 05:59:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire
[2012/08/24 17:18:38 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7cf04ffc65c19302872f4c23faa25a61_expire
[2012/08/27 16:41:37 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db338_expire
[2012/09/09 19:16:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bc8dad417f8f0fb33406e79ccd806c7f_expire
[2012/10/03 19:21:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\be618ea2f4f463a305fc75d122f2d990_expire
[2012/10/04 18:11:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c4f56b1faa9ea9bb7789728409bfc21f_expire
[2012/10/03 19:21:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c5538e5049ca9b04ad62d9a930947369_expire
[2012/09/10 18:02:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c695615035b25c404dbe6372f2672432_expire
[2012/08/18 17:59:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c920ba477ab4d054bcdfe1b9fc1c6e58_expire
[2012/08/18 17:59:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012/09/04 18:12:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cf48148729d10f9b8d2ad3b687ebfb80_expire
[2012/09/17 17:36:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d12f0f1c68a3d6a58fdb249c5dbfb676_expire
[2012/08/26 16:26:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6b_expire
[2012/07/25 05:59:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\da13d216564eb3ba7e1d2c6dcfa74204_expire
[2012/08/21 17:23:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012/09/20 16:54:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2012/08/26 06:17:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire
[2012/10/03 19:21:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012/09/10 18:02:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\eb04bdda55e3827d8df8b5e1afac83a2_expire
[2012/10/03 19:21:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012/10/03 19:21:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ee1ab4cb8e86769e288abaa46407a623_expire
[2012/10/03 19:21:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ef8b53537a5678ed1fcb65662c69bced_expire
[2012/10/03 19:21:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012/09/29 07:29:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012/09/29 07:29:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012/07/22 21:29:07 | 000,001,867 | ---- | M] () -- C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\searchplugins\findeer.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
[2012/10/02 15:29:01 | 000,002,710 | ---- | M] () -- C:\Users\claudio\Documents\cc_20121002_152857.reg
[2012/10/02 15:14:27 | 000,002,138 | ---- | M] () -- C:\Users\claudio\Documents\cc_20121002_151425.reg
[2012/10/02 15:14:15 | 000,005,496 | ---- | M] () -- C:\Users\claudio\Documents\cc_20121002_151411.reg
[2012/10/01 18:24:36 | 000,000,448 | ---- | M] () -- C:\Users\claudio\Documents\cc_20121001_182432.reg
[2012/09/30 14:37:18 | 000,000,448 | ---- | M] () -- C:\Users\claudio\Documents\cc_20120930_143715.reg
[2012/09/30 10:12:24 | 000,000,758 | ---- | M] () -- C:\Users\claudio\Documents\cc_20120930_101216.reg
[2012/09/15 12:19:58 | 000,001,064 | ---- | M] () -- C:\Users\claudio\Documents\cc_20120915_121955.reg
[2012/09/15 12:15:10 | 000,007,286 | ---- | M] () -- C:\Users\claudio\Documents\cc_20120915_121505.reg
[2012/06/10 21:41:53 | 000,000,000 | ---D | M] -- C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus
[2012/07/22 21:57:18 | 000,000,000 | ---D | M] -- C:\Users\claudio\AppData\Roaming\Iminent
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:4116B5AB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:81F83028
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:029E021F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:9FD757A9

:Files
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[CLEARALLRESTOREPOINTS]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log come hai fatto adesso.
Torna in alto
 
claudiric57
Inviato: Friday, October 05, 2012 5:05:22 PM
Rank: Member

Iscritto dal : 9/30/2012
Posts: 15

Ho fatto come mi hai detto e questo è il log:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\tests folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\lib folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\data folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\locale folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults\preferences folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\Firefox\Profiles\mku6vfwe.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack folder moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\personas@christopher.beard.xpi moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\251a01e6e21370e33021658d316cc1a2_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\35c5ead7c694459d2b46d88482247348_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4b0e98311420d21d03c4ea36a788d6d7_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6a549303124ba1b3ba81874e45b5f516_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\79fb7d8c9c120c501ff74f2666f1ed76_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7cf04ffc65c19302872f4c23faa25a61_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db338_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bc8dad417f8f0fb33406e79ccd806c7f_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\be618ea2f4f463a305fc75d122f2d990_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c4f56b1faa9ea9bb7789728409bfc21f_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c5538e5049ca9b04ad62d9a930947369_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c695615035b25c404dbe6372f2672432_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c920ba477ab4d054bcdfe1b9fc1c6e58_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cf48148729d10f9b8d2ad3b687ebfb80_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d12f0f1c68a3d6a58fdb249c5dbfb676_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6b_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\da13d216564eb3ba7e1d2c6dcfa74204_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\eb04bdda55e3827d8df8b5e1afac83a2_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ee1ab4cb8e86769e288abaa46407a623_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ef8b53537a5678ed1fcb65662c69bced_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire moved successfully.
C:\Users\claudio\AppData\Roaming\mozilla\firefox\profiles\mku6vfwe.default\searchplugins\findeer.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\claudio\Documents\cc_20121002_152857.reg moved successfully.
C:\Users\claudio\Documents\cc_20121002_151425.reg moved successfully.
C:\Users\claudio\Documents\cc_20121002_151411.reg moved successfully.
C:\Users\claudio\Documents\cc_20121001_182432.reg moved successfully.
C:\Users\claudio\Documents\cc_20120930_143715.reg moved successfully.
C:\Users\claudio\Documents\cc_20120930_101216.reg moved successfully.
C:\Users\claudio\Documents\cc_20120915_121955.reg moved successfully.
C:\Users\claudio\Documents\cc_20120915_121505.reg moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus\Logs\20120610T183835.109271PID3552 folder moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus\Logs\20120610T103111.573126PID4420 folder moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus\Logs\20120610T051932.739748PID2900 folder moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus\Logs\20120610T035923.583696PID4792 folder moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus\Logs\20120609T182628.898893PID2304 folder moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus\Logs\20120609T165459.646096PID4192 folder moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus\Logs\20120609T134338.925299PID4112 folder moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus\Logs\20120609T133302.618072PID4540 folder moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\claudio\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
C:\Users\claudio\AppData\Roaming\Iminent\Mediator\Datas folder moved successfully.
C:\Users\claudio\AppData\Roaming\Iminent\Mediator folder moved successfully.
C:\Users\claudio\AppData\Roaming\Iminent folder moved successfully.
ADS C:\ProgramData\Temp:4116B5AB deleted successfully.
ADS C:\ProgramData\Temp:981884E7 deleted successfully.
ADS C:\ProgramData\Temp:52DBE86F deleted successfully.
ADS C:\ProgramData\Temp:81F83028 deleted successfully.
ADS C:\ProgramData\Temp:5D458568 deleted successfully.
ADS C:\ProgramData\Temp:029E021F deleted successfully.
ADS C:\ProgramData\Temp:9FD757A9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\claudio\Desktop\cmd.bat deleted successfully.
C:\Users\claudio\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: claudio
->Temp folder emptied: 142790 bytes
->Temporary Internet Files folder emptied: 83495320 bytes
->Java cache emptied: 5391 bytes
->FireFox cache emptied: 96116783 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8120963 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69448 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50455 bytes
RecycleBin emptied: 1803264 bytes

Total Files Cleaned = 181,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.70.2 log created on 10052012_165535

Files\Folders moved on Reboot...
C:\Users\claudio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Torna in alto
 
r16
Inviato: Friday, October 05, 2012 5:26:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dimmi se riscontri ancora problemi.
Torna in alto
 
claudiric57
Inviato: Friday, October 05, 2012 6:28:00 PM
Rank: Member

Iscritto dal : 9/30/2012
Posts: 15

PUrtroppo devo dirti che ancora mi si aprono finestre e siti strani senza che io li richieda, ancora su mozilla ogni tanto mi si blocca e mi si offusca la pagina senza riuscire a linkare, sono pochissimi secondi. Ho notato però che alcuni altri siti che mi si aprivano non mi si aprono più quindi deduco che qualcosa è stato fatto ma non tutto!!!
Torna in alto
 
r16
Inviato: Friday, October 05, 2012 6:41:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante search.
Finita la scansione, elimina il log che rilascia sul desktop, e clicca su "Delete".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui. (con Wikisend)


Fai una nuova scansione con OTL.
Posta il log con Wikisend.
Torna in alto
 
claudiric57
Inviato: Friday, October 05, 2012 7:20:09 PM
Rank: Member

Iscritto dal : 9/30/2012
Posts: 15
Ecco i due forum link che mi sono usciti:



.txt]AdwCleaner[S1].txt



OTL.Txt
Torna in alto
 
r16
Inviato: Friday, October 05, 2012 7:38:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
In teoria il problema dovrebbe essere risolto, visto le eliminazioni di adwcleaner, e il log pulito di OTL.
Torna in alto
 
claudiric57
Inviato: Saturday, October 06, 2012 3:56:00 PM
Rank: Member

Iscritto dal : 9/30/2012
Posts: 15

Ho navigato un pò per vedere e finalmente pare che non ci siano più problemi!!!

Ti ringrazio r16 è stata lunga e dura ma ce l'hai fatta!!! Se mi puoi o mi vuoi dare qualche consiglio in più per evitare di avere infezioni come è successo è ben accetto. Ringrazio anche cbbusto naturalmente, spero di non tornare presto!!!

Grazie Veramente di tutto!!!
Torna in alto
 
r16
Inviato: Saturday, October 06, 2012 8:33:35 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
claudiric57 ha scritto:

Se mi puoi o mi vuoi dare qualche consiglio in più per evitare di avere infezioni come è successo è ben accetto.

L'unico consiglio che posso darti, è quello di scaricare i programmi dai siti ufficiali.
Di solito queste infezioni si prendono scaricando i programmi dal primo sito che capita.
Ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo del log di hijack


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.