Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » il babylon che non vuoi

il babylon che non vuoi Opzioni
Topic Precedente · Topic Sucessivo
verbis
Inviato: Thursday, October 04, 2012 7:49:27 AM
Rank: Member

Iscritto dal : 1/24/2005
Posts: 19
salve a tutti, nel mio portatile s.o vista, da qualche tempo sono assediato da componenti di "babylon" che sinceramente non riesco a togliere ad iniziare dal motore di ricerca che mi rimane come predefinito ad ogni accensione, allego il log, grazie anticipatamente
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7.24.07, on 04/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\tano\Desktop\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &AOL Toolbar Cerca - C:\ProgramData\AOL\ieToolbar\resources\it-IT\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} (DCPForm Control 1.0.1.1) - file:///E:/Mydlink/activeX/DCP.cab
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - file:///E:/Mydlink/activeX/aplugLiteDL.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9ddf79e32dd60) (gupdate1c9ddf79e32dd60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10798 bytes
Torna in alto
 
Sponsor
Inviato: Thursday, October 04, 2012 7:49:27 AM

 
Torna in alto
 
shapiro
Inviato: Thursday, October 04, 2012 11:39:59 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao segui questa procedura per eliminare babylon e affini

scarica adwcleaner clicca su delete e posta il log

poi fai questa scansione


Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt

Caricali su wikisend o qui > http://www.freefilehosting.net/
Torna in alto
 
verbis
Inviato: Thursday, October 04, 2012 1:48:12 PM
Rank: Member

Iscritto dal : 1/24/2005
Posts: 19
ecco il log
# AdwCleaner v2.003 - Logfile created 10/04/2012 at 13:35:23
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : tano - PC-TANO
# Boot Mode : Normal
# Running from : C:\Users\tano\Desktop\email\download\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\tano\AppData\Roaming\Babylon
Folder Deleted : C:\Users\tano\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\Users\tano\AppData\Roaming\Mozilla\Firefox\Profiles\olvjbxqm.default\ConduitCommon
Folder Deleted : C:\Users\tano\AppData\Roaming\Mozilla\Firefox\Profiles\olvjbxqm.default\extensions\ffxtlbr@babylon.com

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKU\S-1-5-21-1980086091-189894243-2288448114-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19328

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110823&tt=270912_7a_3912_8&babsrc=HP_ss&mntrId=58dfa40e00000000000000234e755a54 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110823&tt=270912_7a_3912_6&babsrc=NT_ss&mntrId=58dfa40e00000000000000234e755a54 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (it)

Profile name : default
File : C:\Users\tano\AppData\Roaming\Mozilla\Firefox\Profiles\olvjbxqm.default\prefs.js

C:\Users\tano\AppData\Roaming\Mozilla\Firefox\Profiles\olvjbxqm.default\user.js ... Deleted !

Deleted : user_pref("CT2977475..clientLogIsEnabled", false);
Deleted : user_pref("CT2977475..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2977475..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2977475.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2977475.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2977475.CT2977475", "CT2977475");
Deleted : user_pref("CT2977475.CurrentServerDate", "13-5-2012");
Deleted : user_pref("CT2977475.DSInstall", true);
Deleted : user_pref("CT2977475.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2977475.DialogsGetterLastCheckTime", "Sat May 12 2012 18:26:10 GMT+0200 (ora legale Eur[...]
Deleted : user_pref("CT2977475.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2977475.FirstServerDate", "12-5-2012");
Deleted : user_pref("CT2977475.FirstTime", true);
Deleted : user_pref("CT2977475.FirstTimeFF3", true);
Deleted : user_pref("CT2977475.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2977475.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2977475.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2977475.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2977475.HPInstall", false);
Deleted : user_pref("CT2977475.HPProtectChoice", true);
Deleted : user_pref("CT2977475.HPProtectCount", 1);
Deleted : user_pref("CT2977475.HasUserGlobalKeys", true);
Deleted : user_pref("CT2977475.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2977475.HomepageBeforeUnload", "www.tuttogratis.it");
Deleted : user_pref("CT2977475.Initialize", true);
Deleted : user_pref("CT2977475.InitializeCommonPrefs", true);
Deleted : user_pref("CT2977475.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2977475.InstallationType", "DirectDownload");
Deleted : user_pref("CT2977475.InstalledDate", "Sat May 12 2012 18:26:25 GMT+0200 (ora legale Europa occidenta[...]
Deleted : user_pref("CT2977475.IsAlertDBUpdated", true);
Deleted : user_pref("CT2977475.IsGrouping", false);
Deleted : user_pref("CT2977475.IsInitSetupIni", true);
Deleted : user_pref("CT2977475.IsMulticommunity", false);
Deleted : user_pref("CT2977475.IsOpenThankYouPage", true);
Deleted : user_pref("CT2977475.IsOpenUninstallPage", true);
Deleted : user_pref("CT2977475.IsProtectorsInit", true);
Deleted : user_pref("CT2977475.LanguagePackLastCheckTime", "Sat May 12 2012 18:26:11 GMT+0200 (ora legale Euro[...]
Deleted : user_pref("CT2977475.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2977475.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2977475.LastLogin_3.12.2.3", "Sun May 13 2012 08:45:54 GMT+0200 (ora legale Europa occi[...]
Deleted : user_pref("CT2977475.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2977475.Locale", "en");
Deleted : user_pref("CT2977475.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2977475.MCDetectTooltipShow", false);
Deleted : user_pref("CT2977475.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2977475.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2977475.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2977475.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT2977475.SearchCaption", "ReversoEN Customized Web Search");
Deleted : user_pref("CT2977475.SearchEngineBeforeUnload", "ReversoEN Customized Web Search");
Deleted : user_pref("CT2977475.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2977475.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT297[...]
Deleted : user_pref("CT2977475.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2977475.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2977475.SearchInNewTabLastCheckTime", "Sat May 12 2012 18:26:43 GMT+0200 (ora legale Eu[...]
Deleted : user_pref("CT2977475.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2977475.SearchProtectorEnabled", true);
Deleted : user_pref("CT2977475.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2977475.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2977475.ServiceMapLastCheckTime", "Sat May 12 2012 18:26:08 GMT+0200 (ora legale Europa[...]
Deleted : user_pref("CT2977475.SettingsLastCheckTime", "Sun May 13 2012 08:45:40 GMT+0200 (ora legale Europa o[...]
Deleted : user_pref("CT2977475.SettingsLastUpdate", "1336498559");
Deleted : user_pref("CT2977475.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2977475&SearchSource=13");
Deleted : user_pref("CT2977475.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2977475.ThirdPartyComponentsLastCheck", "Sat May 12 2012 18:26:08 GMT+0200 (ora legale [...]
Deleted : user_pref("CT2977475.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2977475.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2977475.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2977475");
Deleted : user_pref("CT2977475.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2977475.UserID", "UN54439387719771337");
Deleted : user_pref("CT2977475.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2977475.alertChannelId", "1369207");
Deleted : user_pref("CT2977475.approveUntrustedApps", true);
Deleted : user_pref("CT2977475.backendstorage.langfrom", "656E676C697368");
Deleted : user_pref("CT2977475.backendstorage.langto", "6974616C69616E");
Deleted : user_pref("CT2977475.backendstorage.lcidfrom", "31303333");
Deleted : user_pref("CT2977475.backendstorage.lcidto", "31303430");
Deleted : user_pref("CT2977475.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2977475.globalFirstTimeInfoLastCheckTime", "Sat May 12 2012 18:26:10 GMT+0200 (ora lega[...]
Deleted : user_pref("CT2977475.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2977475.initDone", true);
Deleted : user_pref("CT2977475.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2977475.myStuffEnabled", true);
Deleted : user_pref("CT2977475.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2977475.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2977475.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2977475.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2977475.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2977475.revertSettingsEnabled", true);
Deleted : user_pref("CT2977475.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2977475.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2977475.testingCtid", "");
Deleted : user_pref("CT2977475.toolbarAppMetaDataLastCheckTime", "Sat May 12 2012 18:26:10 GMT+0200 (ora legal[...]
Deleted : user_pref("CT2977475.toolbarContextMenuLastCheckTime", "Sat May 12 2012 18:26:12 GMT+0200 (ora legal[...]
Deleted : user_pref("CT2977475.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "ReversoEN Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2977475/CT2977475[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1369207/1364866/IT", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2977475", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2977475",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\tano\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2977475");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2977475");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2977475");
Deleted : user_pref("CommunityToolbar.globalUserId", "dbd39600-3604-416b-9f55-294a592070f0");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2977475");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat May 12 2012 18:26:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun May 13 2012 08:45:55 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat May 12 2012 18:26:08 GMT+0200 (o[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "2a6a983d-bfba-4c93-b40e-5d128ec6ee15");
Deleted : user_pref("CommunityToolbar.originalHomepage", "www.tuttogratis.it");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110823&tt=270912_7a_3912_8[...]
Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110823&tt=270912_7a_3912_6&babsrc=[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultthis.engineName", "ReversoEN Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2977475&Sea[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110823&tt=270912_7a_3912_6");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "28");
Deleted : user_pref("extensions.BabylonToolbar.cntry", "IT");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "92204ABB12A52D464AEE2B74C43C9A2C");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "58dfa40e00000000000000234e755a54");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15611");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1210:53:11");
Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1210:53:11");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110823&tt=270912_7a_3912_6");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1210:53:11");
Deleted : user_pref("extensions.enabledAddons", "{1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.14,{398e77b8-2304-[...]
Deleted : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=110823&tt=270912_7a_391[...]

*************************

AdwCleaner[S1].txt - [24161 octets] - [04/10/2012 13:35:23]

########## EOF - C:\AdwCleaner[S1].txt - [24222 octets] ##########
Torna in alto
 
shapiro
Inviato: Thursday, October 04, 2012 6:40:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


fai anche la scansione con otl come ti ho comsigliato, posta il log ma non copiarlo, allegalo tramite wikisend
Torna in alto
 
verbis
Inviato: Friday, October 05, 2012 7:33:15 AM
Rank: Member

Iscritto dal : 1/24/2005
Posts: 19
eccomi
download link: http://wikisend.com/download/514674/Extras.Txt2.txt
download link: http://wikisend.com/download/466984/OTL.Txt1.txt
Torna in alto
 
shapiro
Inviato: Friday, October 05, 2012 9:37:05 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
questo non lo conosco => C:\Users\tano\AppData\Roaming\mainhst.zgh

ti consiglio di analizzarlo su virustotal

apri otl e copia questo ( non copiare Code:)




Code:
:OTL
DRV - (SYMREDRV) -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS File not found
DRV - (SYMDNS) -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1980086091-189894243-2288448114-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1980086091-189894243-2288448114-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=270912_7a_3912_8&babsrc=SP_ss&mntrId=58dfa40e00000000000000234e755a54
[2009/02/06 11.49.55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tano\AppData\Roaming\mozilla\Extensions
[2009/02/06 11.49.55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tano\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/10/04 13.35.28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1980086091-189894243-2288448114-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1980086091-189894243-2288448114-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O20 - AppInit_DLLs: (c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll) -  File not found
[2009/02/12 19.00.49 | 000,000,788 | ---- | C] () -- C:\Users\tano\AppData\Roaming\wklnhst.dat

:Files
ipconfig /flushdns /c

:commands
[purity]
[Reboot]






clicca su RUN FIX e allega il log che rilascia

fai anche una scansione con malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
Elimina tutto cio' che trova
A scansione completata, posta il rapporto.
Torna in alto
 
verbis
Inviato: Tuesday, October 09, 2012 7:19:06 AM
Rank: Member

Iscritto dal : 1/24/2005
Posts: 19
ciao, sussiste un problema, ho incollato la sequenza su OTP, ma appena cliccato run fix il programma si è bloccato dandomi l'indicazione (non risponde), per quanto riguarda malwarebytes ecco il log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Versione database: v2012.10.09.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
tano :: PC-TANO [amministratore]

09/10/2012 7.06.14
mbam-log-2012-10-09 (07-06-14).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 198987
Tempo impiegato: 11 minuti, 7 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
Torna in alto
 
shapiro
Inviato: Tuesday, October 09, 2012 11:48:41 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
apri otl clicca su clean up, ci sara' un riavvio automatico

scaricalo nuovamente dall'indirizzo che ti ho dato e segui la stessa procedura, se non dovesse funzionare prova da modalita' provvisoria (F8 all'avvio di windows)

riesegui anche malwarebytes con una scansione completa, quella che hai fatto non lo e'

fammi sapere
Torna in alto
 
verbis
Inviato: Wednesday, October 10, 2012 7:06:06 AM
Rank: Member

Iscritto dal : 1/24/2005
Posts: 19
ecco il log:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Versione database: v2012.10.09.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
tano :: PC-TANO [amministratore]

09/10/2012 13.07.47
mbam-log-2012-10-09 (13-07-47).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 237993
Tempo impiegato: 3 ore, 10 minuti, 13 secondi [interrotto]

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 2
C:\Users\tano\Documents\email\download\MyWebFace.exe (PUP.FunWebProducts) -> Spostato in quarantena ed eliminato con successo.
C:\Users\tano\Documents\email\download\vispa\vispa.exe (Backdoor.Small) -> Spostato in quarantena ed eliminato con successo.

(fine)
Torna in alto
 
shapiro
Inviato: Wednesday, October 10, 2012 1:33:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
manca OTL leggi cosa ho scritto ^
Torna in alto
 
verbis
Inviato: Wednesday, October 10, 2012 2:48:13 PM
Rank: Member

Iscritto dal : 1/24/2005
Posts: 19
ecco OTL log, scusa per la svista,


========== OTL ==========
Error: No service named SYMREDRV was found to stop!
Service\Driver key SYMREDRV not found.
File C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS File not found not found.
Error: No service named SYMDNS was found to stop!
Service\Driver key SYMDNS not found.
File C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS File not found not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys File not found not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1980086091-189894243-2288448114-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1980086091-189894243-2288448114-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Users\tano\AppData\Roaming\mozilla\Extensions folder moved successfully.
Folder C:\Users\tano\AppData\Roaming\mozilla\Extensions\home2@tomtom.com\ not found.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\plugins folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\META-INF folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\libs\9.0 folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\libs\8.0 folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\libs\7.0 folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\libs\6.0 folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\libs\5.0 folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\libs\2.0 folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\libs\10.0 folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\libs folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\components folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\chrome\content\images folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\chrome\content folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com\chrome folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions\piclens@cooliris.com folder moved successfully.
C:\Users\tano\AppData\Roaming\mozilla\Firefox\Profiles\olvjbxqm.default\extensions folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Programmi\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll not found.
Registry value HKEY_USERS\S-1-5-21-1980086091-189894243-2288448114-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Programmi\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-1980086091-189894243-2288448114-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
File C:\Programmi\AOL\AOL Toolbar 5.0\aoltb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll deleted successfully.
C:\Users\tano\AppData\Roaming\wklnhst.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\tano\Desktop\email\download\cmd.bat deleted successfully.
C:\Users\tano\Desktop\email\download\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 10102012_143655

Files\Folders moved on Reboot...
File move failed. C:\Programmi\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Torna in alto
 
shapiro
Inviato: Wednesday, October 10, 2012 8:59:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
apri OTL e clicca su clean up

disattiva il ripristino > riavvia > riattivalo e crea un nuovo punto

scarica e installa ccleaner
Importante:
In fase d’installazione togli la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

Correzione errori File di Registro
CCleaner
Clicca i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati Pulsante in basso a Destra
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI


- ScaricaATF-Cleaner
(Non richiede installazione)
Spunta la voce:
- Select all
Premi il tasto:
- Empty Select


svuora la cartella prefetch ( non eliminarla)

dimmi se il pc ora e' migliorato
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » il babylon che non vuoi


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.