RISOLTO claro search

[Dolcina86]

Buongiorno,
sono nuova di questo forum e spero di non sbagliare a postare.
Sono afflitta dal problema claro search da diversi giorni, ho risolto negli altri browser, ma su mozilla continua a riapparire come pagine iniziale.
Ho tolto i plugins sospetti, eliminato da pannello di controllo il programma, ho cercato in roaming ed eliminato da local una cartella claro, ho fatto la scansione sia con spybot search and destroy che non malwarebyts ma niente. Cercando su questo sito ho trovato una discussione di una ragazza che aveva il mio stesso problema, le avete indicato di scaricare otl di impostarlo in un certo modo e di fare la scansione riportando poi in allegato i report. Mi sono avvantaggiata e ho già fatto la scansione, Visualizza allegato Extras.Txt Visualizza allegato OTL.Txt
se mi potete aiutare vi ringrazio
ps: siccome avevo paura di qualche infezione, ho eliminato già firefox prima della scansione, non è che ora non trova questo claro?

 

[tecnico24]

Infatti firefox non appare tra gli elementi di analizzare , quindi installalo nuovamente e ripeti la scansione con OTL allegando i report.
Ci sono alcune cose da eliminare.

 

[SuIcIdE]

stesso problema. ditemi se posso continuare quì o se devo aprire un nuovo thread. grazie
Visualizza allegato Extras.Txt Visualizza allegato OTL.Txt

 

[tecnico24]

Ciao SuIcIde , continuamo qui , posta i report di OTL come descritto qui
http://www.tomshw.it/forum/sicurezza/267873-searchnu-con-chrome.html#post2704401

 

[Dolcina86]

tecnico ho reinstallato firefox allego il report:

Visualizza allegato OTL.Txt

extras non me l'ha dato stavolta. non so perché

 

[tecnico24]

tecnico ho reinstallato firefox allego il report:

Visualizza allegato 37851

extras non me l'ha dato stavolta. non so perché

Forse hai utilizzato un broswer diverso per scaricare OTL.
In questo caso mi servirò dell'altro che hai postato al primo post , procedi così:
Scarica FixperOTL.txt che ti ho allegato qui in basso sul desktop
Apri OTL
Copia tutto il contenuto del file scaricato ed incollalo nel box vuoto custom scans/fixes di OTL
clicca sul pulsante
Attendi le operazioni
Il pc si riavvierà
Al ritorno posta il report che ti appare e verifica la situazione.

 

[SuIcIdE]

Visualizza allegato OTL.Txt Visualizza allegato Extras.Txt

 

[tecnico24]

@SuIcIdE
scarica FixperOTL.txt che ti ho allegato qui in basso
copia il contenuto del file nel box vuoto custom scans/fixes di OTL
Clicca su

Attendi le operazioni e il riavvio del pc.
Verifica.

 

[Dolcina86]

Visualizza allegato report.txt

ecco qui, aprendo mozilla ora mi appare la pagina iniziale standard, e andando su about: config e mettendo claro come chiave, non trova più nulla (prima venivano fuori parecchie voci con impostato claro a destra). Dici che ho risolto?

 

[tecnico24]

Visualizza allegato 37860

ecco qui, aprendo mozilla ora mi appare la pagina iniziale standard, e andando su about: config e mettendo claro come chiave, non trova più nulla (prima venivano fuori parecchie voci con impostato claro a destra). Dici che ho risolto?

Tu che dici ? io dico di si :)
Imposta la pagina iniziale di tuo gradimento , claro search è stato eliminato.

 

[Dolcina86]

Ti ringrazio molto :):)

 

[SuIcIdE]

sembra che non ci sia più. comunque aspetto a riavviare il pc prima di cantare vittoria perchè quedsto è un virus davvero duro. Ti ringrazio a prescindere



All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named browsemngr.exe was found!
No active process named Program Files was found!
Service vToolbarUpdater13.2.0 stopped successfully!
Service vToolbarUpdater13.2.0 deleted successfully!
C:\Program Files (x86)\C-*ommon Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe moved successfully.
Service Browser Manager stopped successfully!
Service Browser Manager deleted successfully!
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-2543492721-1127952326-438798139-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: webbooster@iminent.com:5.14.1.0 removed from extensions.enabledAddons
Prefs.js: "" removed from browser.startup.homepage
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "Claro Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.claro-search.com/?affID=117449&tt=4612_7&babsrc=HP_ss&mntrId=4c1ac01a00000000000086d53d170978" removed from browser.startup.homepage
127.0.0.1 www.007guard.com removed from HOSTS file successfully
127.0.0.1 007guard.com removed from HOSTS file successfully
127.0.0.1 008i.com removed from HOSTS file successfully
127.0.0.1 008k.com removed from HOSTS file successfully
127.0.0.1 008k.com removed from HOSTS file successfully
127.0.0.1 00hq.com removed from HOSTS file successfully
127.0.0.1 00hq.com removed from HOSTS file successfully
127.0.0.1 010402.com removed from HOSTS file successfully
127.0.0.1 www.032439.com removed from HOSTS file successfully
127.0.0.1 032439.com removed from HOSTS file successfully
127.0.0.1 全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱 removed from HOSTS file successfully
127.0.0.1 0scan.com removed from HOSTS file successfully
127.0.0.1 1000gratisproben.com removed from HOSTS file successfully
127.0.0.1 1000gratisproben.com removed from HOSTS file successfully
127.0.0.1 1001namen.com removed from HOSTS file successfully
127.0.0.1 1001namen.com removed from HOSTS file successfully
127.0.0.1 100888290cs.com removed from HOSTS file successfully
127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ removed from HOSTS file successfully
127.0.0.1 100sexlinks.com - Le migliori risorse e informazioni sul tema: Sex links. Questa pagina è in vendita! removed from HOSTS file successfully
127.0.0.1 100sexlinks.com removed from HOSTS file successfully
127.0.0.1 10sek.com removed from HOSTS file successfully
127.0.0.1 10sek.com removed from HOSTS file successfully
127.0.0.1 www.1-2005-search.com removed from HOSTS file successfully
127.0.0.1 1-2005-search.com removed from HOSTS file successfully
127.0.0.1 Sex Dating Casual Friends | Social dating removed from HOSTS file successfully
========== FILES ==========
C:\Users\Suphattra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Suphattra\Desktop\cmd.bat deleted successfully.
C:\Users\Suphattra\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Suphattra
->Temp folder emptied: 50372579 bytes
->Temporary Internet Files folder emptied: 346388817 bytes
->FireFox cache emptied: 102333669 bytes
->Apple Safari cache emptied: 1094656 bytes
->Flash cache emptied: 4328 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715868 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50610982 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1490 bytes

Total Files Cleaned = 527,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Suphattra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11152012_165730

Files\Folders moved on Reboot...
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Users\Suphattra\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UHZ9UJVJ\like[2].htm moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UHZ9UJVJ\xd_arbiter[1].htm moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K02TB6RP\268427-claro-search[1].htm moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\47EEJX79\xd_arbiter[2].htm moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

- - - Updated - - -

sembra che non ci sia più. comunque aspetto a riavviare il pc prima di cantare vittoria perchè quedsto è un virus davvero duro. Ti ringrazio a prescindere



All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named browsemngr.exe was found!
No active process named Program Files was found!
Service vToolbarUpdater13.2.0 stopped successfully!
Service vToolbarUpdater13.2.0 deleted successfully!
C:\Program Files (x86)\C-*ommon Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe moved successfully.
Service Browser Manager stopped successfully!
Service Browser Manager deleted successfully!
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-2543492721-1127952326-438798139-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: webbooster@iminent.com:5.14.1.0 removed from extensions.enabledAddons
Prefs.js: "" removed from browser.startup.homepage
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "Claro Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.claro-search.com/?affID=117449&tt=4612_7&babsrc=HP_ss&mntrId=4c1ac01a00000000000086d53d170978" removed from browser.startup.homepage
127.0.0.1 www.007guard.com removed from HOSTS file successfully
127.0.0.1 007guard.com removed from HOSTS file successfully
127.0.0.1 008i.com removed from HOSTS file successfully
127.0.0.1 www.008k.com removed from HOSTS file successfully
127.0.0.1 008k.com removed from HOSTS file successfully
127.0.0.1 www.00hq.com removed from HOSTS file successfully
127.0.0.1 00hq.com removed from HOSTS file successfully
127.0.0.1 010402.com removed from HOSTS file successfully
127.0.0.1 www.032439.com removed from HOSTS file successfully
127.0.0.1 032439.com removed from HOSTS file successfully
127.0.0.1 www.0scan.com removed from HOSTS file successfully
127.0.0.1 0scan.com removed from HOSTS file successfully
127.0.0.1 www.1000gratisproben.com removed from HOSTS file successfully
127.0.0.1 1000gratisproben.com removed from HOSTS file successfully
127.0.0.1 1001namen.com removed from HOSTS file successfully
127.0.0.1 www.1001namen.com removed from HOSTS file successfully
127.0.0.1 100888290cs.com removed from HOSTS file successfully
127.0.0.1 www.100888290cs.com removed from HOSTS file successfully
127.0.0.1 www.100sexlinks.com removed from HOSTS file successfully
127.0.0.1 100sexlinks.com removed from HOSTS file successfully
127.0.0.1 www.10sek.com removed from HOSTS file successfully
127.0.0.1 10sek.com removed from HOSTS file successfully
127.0.0.1 www.1-2005-search.com removed from HOSTS file successfully
127.0.0.1 1-2005-search.com removed from HOSTS file successfully
127.0.0.1 www.123fporn.info removed from HOSTS file successfully
========== FILES ==========
C:\Users\Suphattra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Suphattra\Desktop\cmd.bat deleted successfully.
C:\Users\Suphattra\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Suphattra
->Temp folder emptied: 50372579 bytes
->Temporary Internet Files folder emptied: 346388817 bytes
->FireFox cache emptied: 102333669 bytes
->Apple Safari cache emptied: 1094656 bytes
->Flash cache emptied: 4328 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715868 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50610982 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1490 bytes

Total Files Cleaned = 527,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Public

User: Suphattra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11152012_165730

Files\Folders moved on Reboot...
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.3.796.11 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Users\Suphattra\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UHZ9UJVJ\like[2].htm moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UHZ9UJVJ\xd_arbiter[1].htm moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K02TB6RP\268427-claro-search[1].htm moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\47EEJX79\xd_arbiter[2].htm moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Suphattra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[tecnico24]

Riavvia il pc tranquillamente :)