mi controllereste il log, ho seguito la guida postata sul forum.. - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllereste il log, ho seguito la guida postata sul forum..

mi controllereste il log, ho seguito la guida postata sul forum..

Opzioni

Topic Precedente · Topic Sucessivo

uskebasi666

Inviato: Monday, June 30, 2014 8:37:17 PM

Rank: Newbie

Iscritto dal : 6/17/2014
Posts: 4

ciao ragazzi, sono reduce da un'infezione devastante sul pc. ho imparato a mie spese che quando un amico ti chiede : posso scaricare un programmino sul pc, è sicuro?..non bisogna mai abbassare la guardia! mi fareste un grande piacere perchè ho provato in tutti i modi e non so più cosa fare...vi ringrazio da ora.

1.txt

.txt]AdwCleaner[S0].txt

JRT 3.txt

OTL.Txt

Extras.Txt

ecco qui, spero di non aver fatto errori. Grazie mille per la disponibilità.

Torna in alto

Sponsor

Inviato: Monday, June 30, 2014 8:37:17 PM

Torna in alto

r16

Inviato: Monday, June 30, 2014 9:19:33 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:

:OTL
PRC - C:\Program Files (x86)\LSM\lsm.exe (MS)
PRC - C:\Program Files (x86)\LSM\aus.exe (MS)
SRV - (Log S.M.) -- C:\Program Files (x86)\LSM\lsm.exe (MS)
SRV - (AUS) -- C:\Program Files (x86)\LSM\aus.exe (MS)
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=210&systemid=488&v=a12834-356&apn_uid=0105318552004900&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-75219925-2578018681-3153491503-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-75219925-2578018681-3153491503-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-75219925-2578018681-3153491503-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
[2013/01/30 20:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\firefox\profiles\extensions\clickmoviedownloader@clickmoviedownloader.com.xpi
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-75219925-2578018681-3153491503-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 1039 bytes -> C:\Users\Utente\AppData\Local\vPOwZEk41q9m4:RpdzGv7x8zXXuyl7ODKXrZ8X

:Files
C:\Program Files (x86)\LSM\lsm.exe
C:\Program Files (x86)\LSM\aus.exe
C:\Program Files\Enigma Software Group
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]

Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log.
Testa il pc, e vedi se riscontri problemi.

Torna in alto

uskebasi666

Inviato: Tuesday, July 01, 2014 3:16:44 PM

Rank: Newbie

Iscritto dal : 6/17/2014
Posts: 4

All processes killed
========== OTL ==========
No active process named Program Files was found!
No active process named Program Files was found!
Service Log S.M. stopped successfully!
Service Log S.M. deleted successfully!
C:\Program Files (x86)\LSM\lsm.exe moved successfully.
Service AUS stopped successfully!
Service AUS deleted successfully!
C:\Program Files (x86)\LSM\aus.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-75219925-2578018681-3153491503-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-75219925-2578018681-3153491503-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-75219925-2578018681-3153491503-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
C:\Users\Utente\AppData\Roaming\mozilla\firefox\profiles\extensions\clickmoviedownloader@clickmoviedownloader.com.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-75219925-2578018681-3153491503-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
ADS C:\ProgramData\Temp:56E2E879 deleted successfully.
ADS C:\Users\Utente\AppData\Local\vPOwZEk41q9m4:RpdzGv7x8zXXuyl7ODKXrZ8X deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\LSM\lsm.exe not found.
File\Folder C:\Program Files (x86)\LSM\aus.exe not found.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Utente\Downloads\cmd.bat deleted successfully.
C:\Users\Utente\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Utente
->Temp folder emptied: 253976422 bytes
->Temporary Internet Files folder emptied: 595163670 bytes
->Java cache emptied: 191142 bytes
->Google Chrome cache emptied: 315781266 bytes
->Flash cache emptied: 55626 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1716008 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 954615985 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95714 bytes
RecycleBin emptied: 132486 bytes

Total Files Cleaned = 2.023,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: Utente
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: Utente
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 07012014_150432

Files\Folders moved on Reboot...
C:\Users\Utente\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Utente\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ho provato un po' ad usare internet e mi sembra che il problema sia stato risolto..nel caso mi rifaccio viva. Grazie mille, me lo avete salvato sto pc :))

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllereste il log, ho seguito la guida postata sul forum..

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded