RISOLTO come eliminare claro search

Pubblicità
ho anch'io lo stesso problema...appena puoi


:Processes
killallprocesses


:Services


:OTL
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851640
IE - HKU\S-1-5-21-1104732500-1895000396-1005763280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Claro Search
IE - HKU\S-1-5-21-1104732500-1895000396-1005763280-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1104732500-1895000396-1005763280-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851640
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_IT Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: fontfinder@bendodson.com:1.0
FF - prefs.js..extensions.enabledAddons: rankchecker@seobook.com:1.8.21
FF - prefs.js..extensions.enabledAddons: seostatus@rubyweb:1.5.9
FF - prefs.js..extensions.enabledAddons: xpirftoolbar@roboform.com:3.1.0
FF - prefs.js..extensions.enabledAddons: {2d4271b9-cc9f-4f37-8b1e-340293eacd5c}:0.9.9.7
FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6
FF - prefs.js..extensions.enabledAddons: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1
FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.3.796.11
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.8.5
FF - prefs.js..network.proxy.type: 0
O33 - MountPoints2\{45c189b0-26f5-11e1-9e07-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{45c189b0-26f5-11e1-9e07-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\DiskProtect.exe
O33 - MountPoints2\{71fa6cf7-40de-11e1-8124-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{71fa6cf7-40de-11e1-8124-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{af878ffe-9d91-11e1-9afb-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{af878ffe-9d91-11e1-9afb-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\.\Setup.exe
O33 - MountPoints2\{bb9855f0-4b16-11e1-80f5-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{bb9855f0-4b16-11e1-80f5-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\Windows\Autorun.exe
O33 - MountPoints2\{c719f27a-2bb9-11e1-9d2c-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{c719f27a-2bb9-11e1-9d2c-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\Windows\Autorun.exe
O33 - MountPoints2\{dcccb745-48df-11e1-9fee-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcccb745-48df-11e1-9fee-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dcccb74b-48df-11e1-9fee-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcccb74b-48df-11e1-9fee-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Windows\Autorun.exe
[2010/07/08 09:57:27 | 000,000,000 | ---D | M] -- C:\Users\Endoacustica Europe\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/10 15:51:26 | 000,000,000 | ---D | M] -- C:\Users\Endoacustica Europe\AppData\Roaming\Datagenn.com
[2010/03/31 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\Endoacustica Europe\AppData\Roaming\Bradsoft.com @alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:0A8E2C33 @alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:63238B95 @alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:FC3571BD


:Files
C:\Users\Endoacustica Europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
C:\Users\Endoacustica Europe\AppData\Roaming\Claro
C:\ProgramData\Browser Manager


:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


:commands
[purity]
[Emptytemp]
[RESETHOSTS]
[Reboot]
 
Tecnico 24, anche io ho bisogno del tuo aiuto! Ho problemi con Claro su google chrome

:Processes
killallprocesses


:Services


:OTL
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851640
IE - HKU\S-1-5-21-1104732500-1895000396-1005763280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Claro Search
IE - HKU\S-1-5-21-1104732500-1895000396-1005763280-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1104732500-1895000396-1005763280-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851640
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_IT Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: fontfinder@bendodson.com:1.0
FF - prefs.js..extensions.enabledAddons: rankchecker@seobook.com:1.8.21
FF - prefs.js..extensions.enabledAddons: seostatus@rubyweb:1.5.9
FF - prefs.js..extensions.enabledAddons: xpirftoolbar@roboform.com:3.1.0
FF - prefs.js..extensions.enabledAddons: {2d4271b9-cc9f-4f37-8b1e-340293eacd5c}:0.9.9.7
FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6
FF - prefs.js..extensions.enabledAddons: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1
FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.3.796.11
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.8.5
FF - prefs.js..network.proxy.type: 0
O33 - MountPoints2\{45c189b0-26f5-11e1-9e07-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{45c189b0-26f5-11e1-9e07-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\DiskProtect.exe
O33 - MountPoints2\{71fa6cf7-40de-11e1-8124-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{71fa6cf7-40de-11e1-8124-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{af878ffe-9d91-11e1-9afb-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{af878ffe-9d91-11e1-9afb-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\.\Setup.exe
O33 - MountPoints2\{bb9855f0-4b16-11e1-80f5-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{bb9855f0-4b16-11e1-80f5-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\Windows\Autorun.exe
O33 - MountPoints2\{c719f27a-2bb9-11e1-9d2c-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{c719f27a-2bb9-11e1-9d2c-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\Windows\Autorun.exe
O33 - MountPoints2\{dcccb745-48df-11e1-9fee-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcccb745-48df-11e1-9fee-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dcccb74b-48df-11e1-9fee-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcccb74b-48df-11e1-9fee-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Windows\Autorun.exe
[2010/07/08 09:57:27 | 000,000,000 | ---D | M] -- C:\Users\Endoacustica Europe\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/10 15:51:26 | 000,000,000 | ---D | M] -- C:\Users\Endoacustica Europe\AppData\Roaming\Datagenn.com
[2010/03/31 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\Endoacustica Europe\AppData\Roaming\Bradsoft.com @alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:0A8E2C33 @alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:63238B95 @alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:FC3571BD


:Files
C:\Users\Endoacustica Europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
C:\Users\Endoacustica Europe\AppData\Roaming\Claro
C:\ProgramData\Browser Manager


:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


:commands
[purity]
[Emptytemp]
[RESETHOSTS]
[Reboot]
 
Chiara7777 ha detto:
report.txt


.....è ok?

- - - Updated - - -

noto ora che pur non comparendo più all'apertura di mozilla, permane l'icona di claro sul desktop...
Clicca per espandere...
Eliminala tranquillamente...ma quante volte hai eseguito il fix?verifica in C:\_OTL se c'è un'altro report.

- - - Updated - - -

KathAgam ha detto:
Eminentissimo Tecnico 24, anche io ho bisogno del tuo aiuto! Ho problemi con Claro, uso mozilla, allego i risultati della scnsione di OTL.
Riesci a darmi le istruzioni per rimuovere il l'intruso? Grazie in anticipo.
Visualizza allegato 38770Visualizza allegato 38773
P.S.: è la prima volta che uso un forum, non ho esperienza riguardo a questo tipo di comunicazione, accetto suggerimenti, ciao.
Clicca per espandere...
Benvenuto KathAgam.
OTL va scaricato sul desktop , riesegui lo scan e posta i report.

- - - Updated - - -

francky ha detto:
Tecnico 24, anche io ho bisogno del tuo aiuto! Ho problemi con Claro su google chrome

:Processes
killallprocesses


:Services


:OTL
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851640
IE - HKU\S-1-5-21-1104732500-1895000396-1005763280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Claro Search
IE - HKU\S-1-5-21-1104732500-1895000396-1005763280-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKU\S-1-5-21-1104732500-1895000396-1005763280-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851640
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_IT Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851640&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: fontfinder@bendodson.com:1.0
FF - prefs.js..extensions.enabledAddons: rankchecker@seobook.com:1.8.21
FF - prefs.js..extensions.enabledAddons: seostatus@rubyweb:1.5.9
FF - prefs.js..extensions.enabledAddons: xpirftoolbar@roboform.com:3.1.0
FF - prefs.js..extensions.enabledAddons: {2d4271b9-cc9f-4f37-8b1e-340293eacd5c}:0.9.9.7
FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6
FF - prefs.js..extensions.enabledAddons: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.12.9.1
FF - prefs.js..extensions.enabledAddons: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.3.796.11
FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.8.5
FF - prefs.js..network.proxy.type: 0
O33 - MountPoints2\{45c189b0-26f5-11e1-9e07-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{45c189b0-26f5-11e1-9e07-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\DiskProtect.exe
O33 - MountPoints2\{71fa6cf7-40de-11e1-8124-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{71fa6cf7-40de-11e1-8124-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{af878ffe-9d91-11e1-9afb-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{af878ffe-9d91-11e1-9afb-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\.\Setup.exe
O33 - MountPoints2\{bb9855f0-4b16-11e1-80f5-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{bb9855f0-4b16-11e1-80f5-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\Windows\Autorun.exe
O33 - MountPoints2\{c719f27a-2bb9-11e1-9d2c-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{c719f27a-2bb9-11e1-9d2c-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\Windows\Autorun.exe
O33 - MountPoints2\{dcccb745-48df-11e1-9fee-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcccb745-48df-11e1-9fee-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dcccb74b-48df-11e1-9fee-e0cb4eb15b2f}\Shell - "" = AutoRun
O33 - MountPoints2\{dcccb74b-48df-11e1-9fee-e0cb4eb15b2f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Windows\Autorun.exe
[2010/07/08 09:57:27 | 000,000,000 | ---D | M] -- C:\Users\Endoacustica Europe\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/10 15:51:26 | 000,000,000 | ---D | M] -- C:\Users\Endoacustica Europe\AppData\Roaming\Datagenn.com
[2010/03/31 10:03:59 | 000,000,000 | ---D | M] -- C:\Users\Endoacustica Europe\AppData\Roaming\Bradsoft.com @alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:0A8E2C33 @alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:63238B95 @alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:FC3571BD


:Files
C:\Users\Endoacustica Europe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
C:\Users\Endoacustica Europe\AppData\Roaming\Claro
C:\ProgramData\Browser Manager


:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


:commands
[purity]
[Emptytemp]
[RESETHOSTS]
[Reboot]
Clicca per espandere...
Questo è lo script , servono i report.
 
KathAgam ha detto:
Pardon!:inchino:
Aallego i file.Visualizza allegato 38780
Clicca per espandere...
Apri OTL
sotto il box custom scans/fixes in basso
copia e incolla queste righe in grassetto:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{497D1B4B-D9CD-46EB-A9FE-45B6DA0895BB}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{497D1B4B-D9CD-46EB-A9FE-45B6DA0895BB}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-1054336068-248441666-2951071471-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4612_2&babsrc=SP_ss&mntrId=ae4a1aa500000000000074de2be69ac9
IE - HKU\S-1-5-21-1054336068-248441666-2951071471-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-1054336068-248441666-2951071471-1000\..\SearchScopes\{497D1B4B-D9CD-46EB-A9FE-45B6DA0895BB}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..keyword.URL: "http://www.claro-search.com/?affID=117423&tt=4612_2&babsrc=KW_ss&mntrId=ae4a1aa500000000000074de2be69ac9&q="
FF - user.js - File not found

:Files
C:\Program Files (x86)\Claro LTD
C:\Users\ZERO\AppData\Roaming\Babylon
C:\Users\ZERO\AppData\Roaming\WildTangent

:Commands
[purity]
[EMPTYTEMP]
[EMPTYFLASH]
[Reboot]



clicca sul bottone
2eejtxj.jpg

Attendi le operazioni e il riavvio del pc.

Al ritorno posta il report e verifica.
 
Questo è il report. Il problema non pare risolto quando apro una pagina vuota appare ancora claro search. Ho saltato qualche altro passaggio con OTL?
>>>
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{497D1B4B-D9CD-46EB-A9FE-45B6DA0895BB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{497D1B4B-D9CD-46EB-A9FE-45B6DA0895BB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{497D1B4B-D9CD-46EB-A9FE-45B6DA0895BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{497D1B4B-D9CD-46EB-A9FE-45B6DA0895BB}\ not found.
Registry key HKEY_USERS\S-1-5-21-1054336068-248441666-2951071471-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1054336068-248441666-2951071471-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-1054336068-248441666-2951071471-1000\Software\Microsoft\Internet Explorer\SearchScopes\{497D1B4B-D9CD-46EB-A9FE-45B6DA0895BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{497D1B4B-D9CD-46EB-A9FE-45B6DA0895BB}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Claro Search" removed from browser.search.defaultenginename
Prefs.js: "Claro Search" removed from browser.search.order.1
Prefs.js: "Claro Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.google.it/" removed from browser.startup.homepage
Prefs.js: "http://www.claro-search.com/?affID=117423&tt=4612_2&babsrc=KW_ss&mntrId=ae4a1a a500000000000074de2be69ac9&q=" removed from keyword.URL
========== FILES ==========
C:\Program Files (x86)\Claro LTD\claro folder moved successfully.
C:\Program Files (x86)\Claro LTD folder moved successfully.
C:\Users\ZERO\AppData\Roaming\Babylon folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\Settings folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\zuma folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\virtualvillagers5newbelievers folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\vacationquestthehawaiianislands folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\slingodeluxe folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\seafight folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\polargolfer folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\polarbowler folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\plantsvszombies folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\penguins folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\namcoallstarspacman folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\mysteryofmortlakemansion folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\mahjongmedley folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\jewelquestthesleeplessstar folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\governorofpoker2premiumedition folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\fate folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\farmfrenzy folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\clubpenguin folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\chuzzledeluxe folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\cakemania folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\buildalot folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\bounce folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\bejeweled3 folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\azteca folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\airportmania folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames\agathachristieperilatendhouse folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\MyGames folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App\Downloads folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games\App folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\WildTangent Games folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\Logs folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent\Analytics folder moved successfully.
C:\Users\ZERO\AppData\Roaming\WildTangent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: ZERO
->Temp folder emptied: 669597 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78976279 bytes
->Flash cache emptied: 1275 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2680 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 48142924 bytes

Total Files Cleaned = 122.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: ZERO
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11242012_224052

Files\Folders moved on Reboot...
C:\Users\ZERO\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
<<<
 
tecnico24 ha detto:
Esegui Adwcleaner e posta il report post-eliminazione
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
Clicca per espandere...
Problema risolto, grazie!SALAM.gif Allego il report di adw.

P.S.: Ringraziamento Ufficiale.
Preg.mo Tecnico 24,
Forse per Lei é stata "poca cosa", ma per quelli come me, consapevoli e vulnerabili al "malware", la luce di un intelletto fulgido come il Suo è fonte indispensabile. Sappia, se può esserLe di conforto, che troverà presso di "noi" sempre sostegno e riconoscenza per la Sua dote.
Grazie. Resto a disposizione per ogni evenienza ...Con tutto il senso della mia stima.
KathAgam
 

Allegati

KathAgam ha detto:
Problema risolto, grazie!Visualizza allegato 38809 Allego il report di adw.

P.S.: Ringraziamento Ufficiale.
Preg.mo Tecnico 24,
Forse per Lei é stata "poca cosa", ma per quelli come me, consapevoli e vulnerabili al "malware", la luce di un intelletto fulgido come il Suo è fonte indispensabile. Sappia, se può esserLe di conforto, che troverà presso di "noi" sempre sostegno e riconoscenza per la Sua dote.
Grazie. Resto a disposizione per ogni evenienza ...Con tutto il senso della mia stima.
KathAgam
Clicca per espandere...
Grazie Mille a te.
Ciao ;)
 
Il pc è infetto , non solo da Claro.
Scarica il file fixperOTL.txt che ti ho allegato qui in basso
aprilo
copia ed incolla tutto il codice nel box vuoto custom scans/fixes di OTL
clicca in alto su
2eejtxj.jpg

Attendi le operazioni e il riavvio del pc
Al ritorno posta il report in allegato.

Per Chrome segui queste indicazioni in questo post
http://www.tomshw.it/forum/sicurezz...ro-search-da-google-chrome-3.html#post2722209

Link download fixperOTL
http://wikisend.com/download/467034/fixperOTL.txt

Riscontro problemi ad allegare i files , segnalo.
 
Ultima modifica:
Pubblicità
Pubblicità
Indietro
Top