Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

per cortesia un controllo al log Opzioni
arcere84
Inviato: Wednesday, January 23, 2013 11:35:49 PM

Rank: AiutAmico

Iscritto dal : 1/1/2012
Posts: 166
salve per cortesia mi date n controllo al log
grazie


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:32:15, on 23/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Windows\vsnpstd3.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\gianni\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\gianni\AppData\Local\Lollipop\ljhfrpn.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/solidyoutube/{3126E66B-F28C-4318-9F58-6C34710B9F9D}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {e3393495-8103-46a0-8181-270273eddd60} - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Solid YouTube Downloader and Converter FileBulldog Toolbar\tbhelper.dll
R3 - URLSearchHook: (no name) - {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll
O2 - BHO: VirIT eXplorer Antivirus - {373BCD12-5B7A-4c09-897B-6B42EC48B0F8} - C:\VEXPLite\VIRITIE.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Solid YouTube Downloader and Converter FileBulldog Toolbar\tbcore3.dll
O3 - Toolbar: Solid YouTube Downloader and Converter FileBulldog Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Solid YouTube Downloader and Converter FileBulldog Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKCU\..\Run: [MediaGet2] C:\Users\gianni\AppData\Local\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ljhfrpn] "c:\users\gianni\appdata\local\lollipop\ljhfrpn.exe" ljhfrpn
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A8C8CA0-E3EE-4A61-92A5-60E4846B8394}: NameServer = 94.126.8.1,94.126.8.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8948800B-548E-4260-AC64-A56D0E3F0CFD}: NameServer = 79.137.95.200,80.79.48.66
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\251005~1.80\{c16c1~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\onda_mon.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8766 bytes
Sponsor
Inviato: Wednesday, January 23, 2013 11:35:49 PM

 
cbbusto
Inviato: Thursday, January 24, 2013 12:40:41 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Non hai detto che problemi hai, tento di indovinare, ti appaiono pagine non richieste e molta pubblicità ???
perchè hai imbarcato Lollipop il visualizzatore di pubblicità inutili, per il resto non vedo infezioni, ci sono solo toolbar inutili e voci da fixare.
Per prima cosa vai in installazioni applicazioni e cerca Lollipop e rimuovilo, poi apri Task Manager e cerca nei processi se ci sono queste voci: Lollipop.exe e ljhfrpn.exe, se ci sono clic su termina processo.

Poi Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:

R3 - URLSearchHook: (no name) - {e3393495-8103-46a0-8181-270273eddd60} - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Solid YouTube Downloader and Converter FileBulldog Toolbar\tbhelper.dll
R3 - URLSearchHook: (no name) - {1d03a978-ac0c-4004-b9fd-9cf361c7bd3f} - (no file)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Solid YouTube Downloader and Converter FileBulldog Toolbar\tbcore3.dll
O3 - Toolbar: Solid YouTube Downloader and Converter FileBulldog Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Solid YouTube Downloader and Converter FileBulldog Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MediaGet2] C:\Users\gianni\AppData\Local\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ljhfrpn] "c:\users\gianni\appdata\local\lollipop\ljhfrpn.exe" ljhfrpn
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')

Dimmi se conosci questi programmi e se li hai installati tu:
C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} \BrowserProtect.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (dubbio)
C:\Users\gianni\AppData\Local\MediaGet2\mediaget.exe

Poi conosci questi indirizzi IP:
NameServer = 94.126.8.1,94.126.8.2
NameServer = 79.137.95.200,80.79.48.66
Se questi DNS non li hai messi tu allora in HJT fixa anche queste voci:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A8C8CA0-E3EE-4A61-92A5-60E4846B8394}: NameServer = 94.126.8.1,94.126.8.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8948800B-548E-4260-AC64-A56D0E3F0CFD}: NameServer = 79.137.95.200,80.79.48.66

Poi Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

A risentirci, ciao.
arcere84
Inviato: Thursday, January 24, 2013 2:26:08 PM

Rank: AiutAmico

Iscritto dal : 1/1/2012
Posts: 166
ciao cbbusto
grazie di aermi risposto,siccome il pc non è mio ma di un mio collega purtroppo non ti so dire se i programmi sotto elencati sono validi,
pertanto se non danno problemi direi di lasciarli.
ho fatto tutto quello che mi hai chiesto ti posto il log fatto con Adwcleaner e resto in attesa.


Dimmi se conosci questi programmi e se li hai installati tu:
C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} \BrowserProtect.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (dubbio)
C:\Users\gianni\AppData\Local\MediaGet2\mediaget.exe

Poi conosci questi indirizzi IP:
NameServer = 94.126.8.1,94.126.8.2
NameServer = 79.137.95.200,80.79.48.66
Se questi DNS non li hai messi tu allora in HJT fixa anche queste voci:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A8C8CA0-E3EE-4A61-92A5-60E4846B8394}: NameServer = 94.126.8.1,94.126.8.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8948800B-548E-4260-AC64-A56D0E3F0CFD}: NameServer = 79.137.95.200,80.79.48.66



# AdwCleaner v2.107 - Logfile creato il 24/01/2013 alle 14:13:22
# Aggiornamento 21/01/2013 by Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Utente : gianni - ACER
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\gianni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7X08WMT\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****

Fermato & Eliminato : BrowserProtect

***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\BabylonToolbar
Cartella Eliminato : C:\Program Files\Conduit
Cartella Eliminato : C:\ProgramData\Anti-phishing Domain Advisor
Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\ProgramData\Babylon
Cartella Eliminato : C:\Users\gianni\AppData\Local\Conduit
Cartella Eliminato : C:\Users\gianni\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
Cartella Eliminato : C:\Users\gianni\AppData\Local\lollipop
Cartella Eliminato : C:\Users\gianni\AppData\LocalLow\BabylonToolbar
Cartella Eliminato : C:\Users\gianni\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\gianni\AppData\LocalLow\PriceGong
Cartella Eliminato : C:\Users\gianni\AppData\LocalLow\Toolbar4
Cartella Eliminato : C:\Users\gianni\AppData\Roaming\BabSolution
Cartella Eliminato : C:\Users\gianni\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\gianni\AppData\Roaming\FissaSearch
Cartella Eliminato : C:\Users\gianni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Cartella Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\CT2849853
Cartella Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\extensions\{1d03a978-ac0c-4004-b9fd-9cf361c7bd3f}
Cartella Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Cartella Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\extensions\ffxtlbr@babylon.com
Cartella Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\Smartbar
Cartella Eliminato : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Eliminato al riavvio : C:\ProgramData\BrowserProtect
File Eliminato : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Eliminato : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\bprotector_extensions.sqlite
File Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\bprotector_prefs.js
File Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\searchplugins\Askcom.xml
File Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\searchplugins\babylon1.xml
File Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\searchplugins\Fissa.xml
File Eliminato : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\searchplugins\search.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Eliminata : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chiave Eliminata : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Eliminata : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Eliminata : HKCU\Software\BabylonToolbar
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\DataMngr
Chiave Eliminata : HKCU\Software\e53da88e239ec40
Chiave Eliminata : HKCU\Software\FissaSearch
Chiave Eliminata : HKCU\Software\Google\Chrome\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
Chiave Eliminata : HKCU\Software\lollipop
Chiave Eliminata : HKCU\Software\Microsoft\Babylon
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminata : HKCU\Software\SMTTB2009
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\Somoto
Chiave Eliminata : HKCU\Software\Somoto Toolbar
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\Software\BabylonToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\b
Chiave Eliminata : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Chiave Eliminata : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Chiave Eliminata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Chiave Eliminata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Chiave Eliminata : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Chiave Eliminata : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Chiave Eliminata : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\DataMngr
Chiave Eliminata : HKLM\SOFTWARE\e53da88e239ec40
Chiave Eliminata : HKLM\Software\FissaSearch
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\gkjdegoaioeecahaflmobghfcihcdkpf
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Chiave Eliminata : HKU\S-1-5-21-2706316590-3750122139-3013528784-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\251005~1.80\{c16c1~1\browse~1.dll
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valore Eliminata : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16457

Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.bigseekpro.com/solidyoutube/{3126E66B-F28C-4318-9F58-6C34710B9F9D}?s_src=newtab --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/solidyoutube/{3126E66B-F28C-4318-9F58-6C34710B9F9D} --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (it)

File : C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\prefs.js

C:\Users\gianni\AppData\Roaming\Mozilla\Firefox\Profiles\d6a9vgca.default\user.js ... Eliminato !

Eliminata : user_pref("CT2849853.1000234.TWC_TMP_city", "ISOLA VICENTINA");
Eliminata : user_pref("CT2849853.1000234.TWC_TMP_country", "IT");
Eliminata : user_pref("CT2849853.1000234.TWC_locId", "ITVE1556");
Eliminata : user_pref("CT2849853.1000234.TWC_location", "Isola Vicentina, Italy");
Eliminata : user_pref("CT2849853.1000234.TWC_region", "OT");
Eliminata : user_pref("CT2849853.1000234.TWC_temp_dis", "c");
Eliminata : user_pref("CT2849853.1000234.TWC_wind_dis", "kmh");
Eliminata : user_pref("CT2849853.1000234.weatherData", "{\"icon\":\"09.png\",\"temperature\":\"7°C\",\"temperatu[...]
Eliminata : user_pref("CT2849853.CBOpenMAMSettings.enc", "MA==");
Eliminata : user_pref("CT2849853.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Eliminata : user_pref("CT2849853.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Eliminata : user_pref("CT2849853.FirstTime", "true");
Eliminata : user_pref("CT2849853.FirstTimeFF3", "true");
Eliminata : user_pref("CT2849853.LoginRevertSettingsEnabled", true);
Eliminata : user_pref("CT2849853.RevertSettingsEnabled", true);
Eliminata : user_pref("CT2849853.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Eliminata : user_pref("CT2849853.UserID", "UN39672723604625726");
Eliminata : user_pref("CT2849853.addressBarTakeOverEnabledInHidden", "true");
Eliminata : user_pref("CT2849853.browser.search.defaultthis.engineName", true);
Eliminata : user_pref("CT2849853.cb_experience_000.enc", "MQ==");
Eliminata : user_pref("CT2849853.cb_user_id_000.enc", "Q0I5MzMyNjY1NTQ5MDJfMTM1ODE4MjAwMjE0NF9GaXJlZm94");
Eliminata : user_pref("CT2849853.cbcountry_001.enc", "SVQ=");
Eliminata : user_pref("CT2849853.cbfirsttime.enc", "U2F0IERlYyAyMiAyMDEyIDE0OjQ2OjIwIEdNVCswMTAwIChvcmEgc29sYXJl[...]
Eliminata : user_pref("CT2849853.embeddedsData", "[{\"appId\":\"129349796223719301\",\"apiPermissions\":{\"cross[...]
Eliminata : user_pref("CT2849853.enableAlerts", "always");
Eliminata : user_pref("CT2849853.firstTimeDialogOpened", "true");
Eliminata : user_pref("CT2849853.fixPageNotFoundErrorInHidden", "true");
Eliminata : user_pref("CT2849853.fixUrls", true);
Eliminata : user_pref("CT2849853.isCheckedStartAsHidden", true);
Eliminata : user_pref("CT2849853.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Eliminata : user_pref("CT2849853.isFirstTimeToolbarLoading", "false");
Eliminata : user_pref("CT2849853.isNewTabEnabled", false);
Eliminata : user_pref("CT2849853.isPerformedSmartBarTransition", "true");
Eliminata : user_pref("CT2849853.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Eliminata : user_pref("CT2849853.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Eliminata : user_pref("CT2849853.keyword", true);
Eliminata : user_pref("CT2849853.migrateAppsAndComponents", true);
Eliminata : user_pref("CT2849853.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Eliminata : user_pref("CT2849853.search.searchAppId", "129349796223719301");
Eliminata : user_pref("CT2849853.search.searchCount", "0");
Eliminata : user_pref("CT2849853.searchInNewTabEnabled", "false");
Eliminata : user_pref("CT2849853.searchInNewTabEnabledInHidden", "true");
Eliminata : user_pref("CT2849853.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Eliminata : user_pref("CT2849853.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Eliminata : user_pref("CT2849853.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Eliminata : user_pref("CT2849853.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Eliminata : user_pref("CT2849853.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Eliminata : user_pref("CT2849853.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Eliminata : user_pref("CT2849853.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Eliminata : user_pref("CT2849853.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1358021913372");
Eliminata : user_pref("CT2849853.serviceLayer_services_appTracking_lastUpdate", "1358021913629");
Eliminata : user_pref("CT2849853.serviceLayer_services_appsMetadata_lastUpdate", "1358684629823");
Eliminata : user_pref("CT2849853.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1358684629416");
Eliminata : user_pref("CT2849853.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358699032168");
Eliminata : user_pref("CT2849853.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1358684629249");
Eliminata : user_pref("CT2849853.serviceLayer_services_searchAPI_lastUpdate", "1358684632727");
Eliminata : user_pref("CT2849853.serviceLayer_services_serviceMap_lastUpdate", "1358684628469");
Eliminata : user_pref("CT2849853.serviceLayer_services_toolbarContextMenu_lastUpdate", "1358684629600");
Eliminata : user_pref("CT2849853.serviceLayer_services_toolbarSettings_lastUpdate", "1358699030842");
Eliminata : user_pref("CT2849853.serviceLayer_services_translation_lastUpdate", "1358684628695");
Eliminata : user_pref("CT2849853.settingsINI", true);
Eliminata : user_pref("CT2849853.smartbar.CTID", "CT2849853");
Eliminata : user_pref("CT2849853.smartbar.Uninstall", "0");
Eliminata : user_pref("CT2849853.smartbar.toolbarName", "BittorrentBar_IT ");
Eliminata : user_pref("CT2849853.startPage", "userChanged");
Eliminata : user_pref("CT2849853.toolbarBornServerTime", "20-12-2012");
Eliminata : user_pref("CT2849853.toolbarCurrentServerTime", "20-1-2013");
Eliminata : user_pref("CT2849853.url_history0001.enc", "aHR0cDovL3d3dy5mZWRlcm1vdG8uaXQvaG9tZS9tb3RvLWRlcG9jYS9y[...]
Eliminata : user_pref("CT2849853_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Eliminata : user_pref("Smartbar.ConduitSearchEngineList", "BittorrentBar_IT Customized Web Search");
Eliminata : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849853[...]
Eliminata : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bigseekpro.com/search/toolbar/solidyo[...]
Eliminata : user_pref("Smartbar.keywordURLSelectedCTID", "CT2849853");
Eliminata : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=114747&tt=5112_1&babsrc=HP[...]
Eliminata : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Eliminata : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114747&tt=5112_1&babsrc=NT_ss&mntr[...]
Eliminata : user_pref("browser.search.defaultengine", "Ask.com");
Eliminata : user_pref("browser.search.defaultthis.engineName", "ST-IT2 Customized Web Search");
Eliminata : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2530241&Sea[...]
Eliminata : user_pref("browser.search.selectedEngine", "BittorrentBar_IT Customized Web Search");
Eliminata : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1");
Eliminata : user_pref("extensions.BabylonToolbar.admin", false);
Eliminata : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Eliminata : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Eliminata : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Eliminata : user_pref("extensions.BabylonToolbar.bbDpng", "23");
Eliminata : user_pref("extensions.BabylonToolbar.cntry", "IT");
Eliminata : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Eliminata : user_pref("extensions.BabylonToolbar.dpkLst", "");
Eliminata : user_pref("extensions.BabylonToolbar.excTlbr", false);
Eliminata : user_pref("extensions.BabylonToolbar.hdrMd5", "E549C8EEF905150E7F7019A3241601B2");
Eliminata : user_pref("extensions.BabylonToolbar.id", "ee4af501000000000000001f3a2995f8");
Eliminata : user_pref("extensions.BabylonToolbar.instlDay", "15694");
Eliminata : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Eliminata : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.218:18:24");
Eliminata : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"61\",\"lastVrsn\":\"61\",\"vrsnLoad\[...]
Eliminata : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Eliminata : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Eliminata : user_pref("extensions.BabylonToolbar.rvrt", "false");
Eliminata : user_pref("extensions.BabylonToolbar.sg", "azb");
Eliminata : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Eliminata : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Eliminata : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Eliminata : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Eliminata : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Eliminata : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114747&tt=5112_1");
Eliminata : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Eliminata : user_pref("extensions.BabylonToolbar_i.newTab", false);
Eliminata : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Eliminata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.218:18:26");
Eliminata : user_pref("extensions.enabledAddons", "%7B5C46D283-ABDE-4dce-B83C-08881401921C%7D:2.1.7.1,%7B7565679[...]
Eliminata : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&SearchSource=2&q=[...]
Eliminata : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Eliminata : user_pref("smartbar.originalSearchAddressUrl", "hxxp://www.bigseekpro.com/search/toolbar/solidyoutub[...]
Eliminata : user_pref("smartbar.originalSearchEngine", "Search the web (Babylon)");
Eliminata : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/solidyoutube/{3126E66B-F28C-4[...]
Eliminata : user_pref("somoto.homepage", "hxxp://www.bigseekpro.com/solidyoutube/{3126E66B-F28C-4318-9F58-6C3471[...]
Eliminata : user_pref("somoto.old_homepage", "hxxp://search.babylon.com/?affID=114747&tt=5112_1&babsrc=HP_ss&mnt[...]

-\\ Google Chrome v24.0.1312.56

File : C:\Users\gianni\AppData\Local\Google\Chrome\User Data\Default\Preferences

Eliminata [l.23] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Eliminata [l.26] : keyword = "isearch.avg.com",
Eliminata [l.29] : search_url = "hxxp://isearch.avg.com/search?cid={022945E8-F999-4F4E-8C4E-6FB46EC3F0D5}&mid=99201a[...]
Eliminata [l.798] : homepage = "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1",
Eliminata [l.946] : urls_to_restore_on_startup = ["hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1", "hxxp://s[...]
Eliminata [l.953] : homepage = "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1",
Eliminata [l.956] : urls_to_restore_on_startup = ["hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1"],

*************************

AdwCleaner[S1].txt - [29879 octets] - [24/01/2013 14:13:22]

########## EOF - C:\AdwCleaner[S1].txt - [29940 octets] ##########
cbbusto
Inviato: Thursday, January 24, 2013 2:38:13 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
ADW ha fatto una bella pulizia.
Rifai una scansione con HJT e posta il log aggiornato, vediamo cos'è rimasto.
Poi mi dovresti dire coma va il pc. Ciao
arcere84
Inviato: Thursday, January 24, 2013 7:10:51 PM

Rank: AiutAmico

Iscritto dal : 1/1/2012
Posts: 166
eccomi scusa cbbusto ma sono uscito
il PC mi sembra che vada molto meglio e non esce tutta la publicità di prima ti posto il log richiesto

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:13, on 24/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\vsnpstd3.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: VirIT eXplorer Antivirus - {373BCD12-5B7A-4c09-897B-6B42EC48B0F8} - C:\VEXPLite\VIRITIE.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [*ForceDelete] C:\Users\gianni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7X08WMT\adwcleaner.exe /forcedelete
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A8C8CA0-E3EE-4A61-92A5-60E4846B8394}: NameServer = 94.126.8.1,94.126.8.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8948800B-548E-4260-AC64-A56D0E3F0CFD}: NameServer = 79.137.95.200,80.79.48.66
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\251005~1.80\{c16c1~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\onda_mon.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5410 bytes
cbbusto
Inviato: Thursday, January 24, 2013 10:40:25 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Allora il log è pulito ci sono solo 2 rimasugli da eliminare questi:
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
N.B. se no fosse possibile eliminarli non è un problema.

Oltre ai programmi ti avevo chiesto se conosci gli indirizzi IP riportati sotto, quindi chiedi al tuo amico se li ha messi lui, tutto bene, se invece non li conosce è meglio eliminare le 2 voci perchè si tratterebbe di indirizzi IP che dirottano verso siti di pubblicità.

NameServer = 94.126.8.1,94.126.8.2
NameServer = 79.137.95.200,80.79.48.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{3A8C8CA0-E3EE-4A61-92A5-60E4846B8394}: NameServer = 94.126.8.1,94.126.8.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8948800B-548E-4260-AC64-A56D0E3F0CFD}: NameServer = 79.137.95.200,80.79.48.66

Ora fai una pulizia con Ccleaner compreso il Registro, per il registro spunta tutte le voci, acconsenti al backup quando richiesto. Il resto è tutto a posto quindi avremmo finito. Ciao
arcere84
Inviato: Thursday, January 24, 2013 11:01:03 PM

Rank: AiutAmico

Iscritto dal : 1/1/2012
Posts: 166
grazie cbbusto tutto apposto ho cancellato anche le 2 ultime voci e fatto anche la scansione con ccleaner
grazie ancora
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.