RISOLTO come eliminare claro search

[groovy]

ciao grazie per la risposta. Allego i link dei risultati di combofix e adw
Wikisend: free file sharing service Wikisend: free file sharing service[R1].txt
Wikisend: free file sharing service[S1].txt

 

[tecnico24]

Ti ho postato la guida per seguire le istruzioni di OTL , devi postare i suoi report.
Anche se non hai fatto male ad eseguire Combofix , eri infetto da ZeroAccess.
Quindi posta i due report di OTL ed esegui anche TDSSKiller.

 

[groovy]

ecco gli altri link Wikisend: free file sharing service

Wikisend: free file sharing service
Comunque avevo provato a cambiare il provider di ricerca di claro search e mi manda continuiamente il pc in crash non so se dipende da quello..mi si riavvia di continuo e mi viene la schermata blu.

 

[tecnico24]

Ciao groovy.

Chiudi tutti i programmi aperti.
Apri OTL
sotto il box custom scans / fixes
copia questo codice :

:OTL
PRC - C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe ()
MOD - C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe ()
MOD - C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
IE - HKU\S-1-5-21-1935655697-1078145449-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Claro Search
IE - HKU\S-1-5-21-1935655697-1078145449-1060284298-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4812_8&babsrc=SP_clro&mntrId=3c76ad22000000000000000e3585cb0a
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012/11/24 23.10.09 | 000,000,000 | ---D | M]
[2012/11/24 23.10.18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dome.DOME-80365B0E24\Menu Avvio\Programmi\Browser Manager
[2012/11/24 23.09.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Browser Manager
[2012/11/24 23.08.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\IBUpdaterService
[2012/11/24 22.17.04 | 000,000,000 | ---D | C] -- C:\a52a4cd594a05afc0df3b24636c9
[2012/11/26 14.19.35 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/21 19.02.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dome\Dati applicazioni\Babylon

:Files
C:\Documents and Settings\dome\Dati applicazioni\Unuqde
C:\Documents and Settings\dome\Dati applicazioni\Uqqee
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[CLEARALLRESTOREPOINTS]
[Reboot]




Clicca sul bottone RUN FIX
attendi le operazioni e il riavvio del pc
Posta il report e verifica.

 

[groovy]

Wikisend non mi allega il resoconto adesso. Comunque la pagina iniziale sembra tornata e non vedo piu claro.

 

[Marco1203]

ELIMINARE CLARO SEARCH DAL PC

Salve a tutti!!! Anche io ho problemi con claro search, ho letto le varie discussioni: ho avviato ODT e qui di seguito posto i link per i due report

Wikisend: free file sharing service
Wikisend: free file sharing service



Ringrazio chiunque possa aiutarmi!!!

 

[tecnico24]

Ciao Marco , benvenuto.
Apri OTL
in basso sotto custom scans / fixes
copia questo codice :

[B]:OTL[/B]
[B]PRC - C:\Users\Public\Documents\AppData\PoApp\PService.exe (PService)[/B]
[B]PRC - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe ()[/B]
[B]MOD - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe ()[/B]
[B]MOD - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()[/B]
[B]SRV - (SoftwareUpd) -- C:\Users\Marco\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)[/B]
[B]SRV - (PowerOffer Service) -- C:\Users\Marco\AppData\Local\PosService\Pos.exe (PowerOfferService)[/B]
[B]SRV - (ServUpdater) -- C:\Users\Marco\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)[/B]
[B]SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe ()[/B]
[B]IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com[/B]
[B]IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com[/B]
[B]IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com[/B]
[B]IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com[/B]
[B]IE - HKU\S-1-5-21-1964985950-1455284158-73322723-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-search.com/?affID=114506&tt=4912_7&babsrc=HP_clro&mntrId=d4388d6c0000000000005cac4c019731[/B]
[B]IE - HKU\S-1-5-21-1964985950-1455284158-73322723-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=114506&tt=4912_7&babsrc=HP_clro&mntrId=d4388d6c0000000000005cac4c019731[/B]
[B]IE - HKU\S-1-5-21-1964985950-1455284158-73322723-1001\..\SearchScopes\{00CE0DEF-8F01-44A0-91CB-F797E366E70D}: "URL" = http://www.google.it/search?hl=it&q={searchTerms}&meta=[/B]
[B]IE - HKU\S-1-5-21-1964985950-1455284158-73322723-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4912_7&babsrc=SP_clro&mntrId=d4388d6c0000000000005cac4c019731[/B]
[B]IE - HKU\S-1-5-21-1964985950-1455284158-73322723-1001\..\SearchScopes\{3D2BF1FA-6F17-407A-B1FB-AD7FE0211F30}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox[/B]
[B]IE - HKU\S-1-5-21-1964985950-1455284158-73322723-1001\..\SearchScopes\{E169F2B1-1EE1-4E0A-9B73-3BB9F3F10BF4}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF[/B]
[B]IE - HKU\S-1-5-21-1964985950-1455284158-73322723-1001\..\SearchScopes\{F70FFB3C-701E-43FE-95B2-AD50B2AED90C}: "URL" = http://it.wikipedia.org/wiki/Special:Search?search={searchTerms}[/B]
[B]FF - prefs.js..browser.search.defaultenginename: "Claro Search"[/B]
[B]FF - prefs.js..browser.search.order.1: "Claro Search"[/B]
[B]FF - prefs.js..browser.search.selectedEngine: "Claro Search"[/B]
[B]FF - prefs.js..browser.startup.homepage: "http://www.claro-search.com/?affID=114506&tt=4912_7&babsrc=HP_clro&mntrId=d4388d6c0000000000005cac4c019731"[/B]
[B]FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster@jeremy.d.gregorio.com:2.7.1[/B]
[B]FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.911.18[/B]
[B]FF - prefs.js..extensions.enabledAddons: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:4.0.0.1884[/B]
[B]FF - prefs.js..keyword.URL: "http://www.claro-search.com/?affID=114506&tt=4812_1&babsrc=KW_clro&mntrId=d4388d6c0000000000005cac4c019731&q="[/B]
[B]O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher)[/B]
[B]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DB18850-5DB9-4488-A62A-D5FCAC4332E6}: NameServer = 176.31.229.24,176.31.229.25[/B]
[B]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{535F1E75-4E6B-448A-9B83-820DA6956661}: NameServer = 176.31.229.24,176.31.229.25[/B]
[B]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25[/B]
[B]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94DCEBA7-7DAC-413B-8F9A-54357D0E1C84}: NameServer = 176.31.229.24,176.31.229.25[/B]
[B]O33 - MountPoints2\{189dd7f5-5fa7-11e1-94e3-b281baaf3ade}\Shell - "" = AutoRun[/B]
[B]O33 - MountPoints2\{189dd7f5-5fa7-11e1-94e3-b281baaf3ade}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\index.html[/B]
[B]O33 - MountPoints2\{6a5db903-78eb-11e1-a174-5cac4c019731}\Shell - "" = AutoRun[/B]
[B]O33 - MountPoints2\{6a5db903-78eb-11e1-a174-5cac4c019731}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a[/B]
[B]O33 - MountPoints2\{dc302d80-8f91-11e1-ab72-ea99b2afabde}\Shell - "" = AutoRun[/B]
[B]O33 - MountPoints2\{dc302d80-8f91-11e1-ab72-ea99b2afabde}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a[/B]
[B]O33 - MountPoints2\F\Shell - "" = AutoRun[/B]
[B]O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a[/B]
[B][2012/12/03 11:49:30 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\TestApp[/B]
[B][2012/12/03 11:05:14 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\PowerOffer[/B]
[B][2012/12/03 11:05:13 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\ServUpdater[/B]
[B][2012/12/03 11:05:13 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\PosService[/B]
[B][2012/11/28 13:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager[/B]
[B][2012/11/28 13:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService[/B]
[B][2012/11/28 13:16:36 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Local\SoftwareUpdater[/B]
[B][2012/10/23 16:30:44 | 000,003,488 | ---- | M] () -- C:\Windows\UDB.zip[/B]
[B][2012/10/23 16:30:44 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml[/B]
[B][2012/10/23 16:30:44 | 000,000,879 | ---- | M] () -- C:\Windows\RegISSImport.xml[/B]
[B][2012/10/23 16:30:44 | 000,000,131 | ---- | M] () -- C:\Windows\IDB.zip[/B]
[B][2012/12/03 11:05:13 | 000,715,038 | ---- | C] () -- C:\Users\Marco\AppData\Local\unins000.exe[/B]
[B][2012/12/03 11:05:12 | 000,004,067 | ---- | C] () -- C:\Users\Marco\AppData\Local\unins000.dat[/B]
[B][2011/11/29 12:02:57 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Babylon[/B]
[B]@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:DFC5A2B2[/B]
[B]@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84[/B]


[B]:Files[/B]
[B]ipconfig /flushdns /c[/B]
[B]netsh int ip reset c:\resetlog.txt /c[/B]

[B]:reg[/B]
[B][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command][/B]
[B]""=""%1" %*" [/B]

[B]:commands[/B]
[B][purity][/B]
[B][emptytemp][/B]
[B][RESETHOSTS][/B]
[B][EMPTYFLASH][/B]
[B][start explorer][/B]
[B][CLEARALLRESTOREPOINTS][/B]
[B][Reboot][/B]

Clicca in alto su

Aspetta le operazioni e il riavvio del pc.

Al ritorno posta il log che ti appare.

 

[Marco1203]

Grazie! ecco qui il file:

Wikisend: free file sharing service

 

[tecnico24]

Esegui Adwcleaner:
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
posta il log dopo l'eliminazione.

 

[momy985]

Ciao a tutti,
anch'io problemi con claro search, su un pc sono riuscito a debellarlo, sull'altro persiste.

Ecco i log:
Wikisend: free file sharing service
Wikisend: free file sharing service
Wikisend: free file sharing service[R2].txt

 

[tecnico24]

Ciao.

Apri OTL ed inserisci questo codice nel box custom scans/fixes:

:OTL
MOD - c:\Documents and Settings\All Users\Dati applicazioni\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (i2omgmt) --  File not found
IE - HKU\S-1-5-21-1213354389-2003833180-871907280-6641\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4312_6&babsrc=SP_clro&mntrId=6c43316d0000000000000250f2000001
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{dfefbe51-ca52-484b-adf0-6b158b05262d}: C:\Documents and Settings\All Users\Dati applicazioni\Browser Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012/11/05 08.14.06 | 000,000,000 | ---D | M]

:Files
C:\Documents and Settings\All Users\Dati applicazioni\Browser Manager
C:\Documents and Settings\All Users\Dati applicazioni\IBUpdaterService
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*" 


:commands
[purity]
[emptytemp]

Clicca su RUN FIX
Aspetta le operazioni
posta il log.

 

[momy985]

Eccolo ora da IE è sparito, confermi?:
Wikisend: free file sharing service


Grazie mille.

 

[davidino67]

Caro Tecnico24, il tuo supporto è una manna. Ne approfitto anch'io.
Ti metto di seguito i link ai file di log che mi hanno sfornato OTL e ADVCLEANER:

Wikisend: free file sharing service
Wikisend: free file sharing service
Wikisend: free file sharing service

Grazie per l'aiuto!

 

[tecnico24]

Dopo Adwcleaner riscontri sempre Claro?

 

[davidino67]

No, in effetti non lo vedo più...
Ma allora perchè passare per OTL e il codice da dargli in pasto se ADWcleaner lo risolve in autonomia??