Condividi:        

Lollipop.exe

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: Lollipop.exe

Postdi Deborah_ » 14/03/13 23:23

Si, hai ragione, ho sbagliato a copiare, quello con adwcleaner è questo:

Codice: Seleziona tutto
# AdwCleaner v2.114 - Logfile creato il 14/03/2013 alle 14:21:28
# Aggiornamento 05/03/2013 by Xplode
# Sistema Operativo : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Utente : Elisa - PC-ELISA
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Elisa\Downloads\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\Conduit
Cartella Eliminato : C:\Program Files\Iminent
Cartella Eliminato : C:\ProgramData\Babylon
Cartella Eliminato : C:\Users\Elisa\AppData\Local\Babylon
Cartella Eliminato : C:\Users\Elisa\AppData\Local\lollipop
Cartella Eliminato : C:\Users\Elisa\AppData\LocalLow\BabylonToolbar
Cartella Eliminato : C:\Users\Elisa\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\Elisa\AppData\LocalLow\PriceGong
Cartella Eliminato : C:\Users\Elisa\AppData\LocalLow\Softonic-IT
Cartella Eliminato : C:\Users\Elisa\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\qgn1fikr.default\Conduit
Cartella Eliminato : C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\qgn1fikr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Cartella Eliminato : C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\qgn1fikr.default\SweetIMToolbarData
File Eliminato : C:\END
File Eliminato : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Eliminato : C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\qgn1fikr.default\searchplugins\SweetIm.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Eliminata : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Softonic-IT
Chiave Eliminata : HKCU\Software\AppDataLow\Toolbar
Chiave Eliminata : HKCU\Software\Babylon
Chiave Eliminata : HKCU\Software\BabylonToolbar
Chiave Eliminata : HKCU\Software\InstallCore
Chiave Eliminata : HKCU\Software\lollipop
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\lollipop
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9FAE7E7-5D7F-4AB2-B7B8-AE589172D74D}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\Software\BabylonToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\BabyDict
Chiave Eliminata : HKLM\SOFTWARE\Classes\BabyGloss
Chiave Eliminata : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Chiave Eliminata : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Chiave Eliminata : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Chiave Eliminata : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BabyOptFile
Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chiave Eliminata : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2530241
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3393495-8103-46A0-8181-270273EDDD60}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B9FAE7E7-5D7F-4AB2-B7B8-AE589172D74D}
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chiave Eliminata : HKLM\Software\Softonic-IT
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E3393495-8103-46A0-8181-270273EDDD60}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E3393495-8103-46A0-8181-270273EDDD60}]
Valore Eliminata : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E3393495-8103-46A0-8181-270273EDDD60}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E3393495-8103-46A0-8181-270273EDDD60}]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registro Pulito.

-\\ Mozilla Firefox v [Impossibile rilevare la versione]

File : C:\Users\Elisa\AppData\Roaming\Mozilla\Firefox\Profiles\qgn1fikr.default\prefs.js

Eliminata : user_pref("CT2530241.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Eliminata : user_pref("CT2530241.CTID", "CT2530241");
Eliminata : user_pref("CT2530241.CurrentServerDate", "21-2-2011");
Eliminata : user_pref("CT2530241.DialogsAlignMode", "LTR");
Eliminata : user_pref("CT2530241.DownloadReferralCookieData", "");
Eliminata : user_pref("CT2530241.EMailNotifierPollDate", "Mon Feb 21 2011 20:40:00 GMT+0100 (ora solare Europa o[...]
Eliminata : user_pref("CT2530241.FeedLastCount129102019943903009", 808);
Eliminata : user_pref("CT2530241.FeedPollDate6950684221136826014", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684221267301652", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684221524553831", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684221590001098", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684221785237350", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684222064595900", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684222129686883", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684222201547670", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684222513881372", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684222671718962", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684223112896107", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684223216229724", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684223476241864", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684223782977569", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684223899376495", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684224107713633", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684224160233948", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684224256660610", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684224303045800", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684224573631499", "Mon Feb 21 2011 19:48:03 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684224768320385", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedPollDate6950684224786818075", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solar[...]
Eliminata : user_pref("CT2530241.FeedTTL6950684222201547670", 2);
Eliminata : user_pref("CT2530241.FeedTTL6950684222671718962", 10);
Eliminata : user_pref("CT2530241.FeedTTL6950684223782977569", 2);
Eliminata : user_pref("CT2530241.FirstServerDate", "28-11-2010");
Eliminata : user_pref("CT2530241.FirstTime", true);
Eliminata : user_pref("CT2530241.FirstTimeFF3", true);
Eliminata : user_pref("CT2530241.FirstTimeSettingsDone", true);
Eliminata : user_pref("CT2530241.FixPageNotFoundErrors", true);
Eliminata : user_pref("CT2530241.GroupingServerCheckInterval", 1440);
Eliminata : user_pref("CT2530241.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Eliminata : user_pref("CT2530241.Initialize", true);
Eliminata : user_pref("CT2530241.InitializeCommonPrefs", true);
Eliminata : user_pref("CT2530241.InstallationAndCookieDataSentCount", 3);
Eliminata : user_pref("CT2530241.InstallationType", "UnknownIntegration");
Eliminata : user_pref("CT2530241.InstalledDate", "Sun Nov 28 2010 14:48:54 GMT+0100 (ora solare Europa occidenta[...]
Eliminata : user_pref("CT2530241.InvalidateCache", false);
Eliminata : user_pref("CT2530241.IsGrouping", false);
Eliminata : user_pref("CT2530241.IsMulticommunity", false);
Eliminata : user_pref("CT2530241.IsOpenThankYouPage", false);
Eliminata : user_pref("CT2530241.IsOpenUninstallPage", true);
Eliminata : user_pref("CT2530241.LanguagePackLastCheckTime", "Mon Feb 21 2011 13:04:42 GMT+0100 (ora solare Euro[...]
Eliminata : user_pref("CT2530241.LanguagePackReloadIntervalMM", 1440);
Eliminata : user_pref("CT2530241.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Eliminata : user_pref("CT2530241.LastLogin_2.7.1.3", "Mon Feb 21 2011 19:48:02 GMT+0100 (ora solare Europa occid[...]
Eliminata : user_pref("CT2530241.LatestVersion", "3.2.5.2");
Eliminata : user_pref("CT2530241.Locale", "it");
Eliminata : user_pref("CT2530241.LoginCache", 4);
Eliminata : user_pref("CT2530241.MCDetectTooltipHeight", "83");
Eliminata : user_pref("CT2530241.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Eliminata : user_pref("CT2530241.MCDetectTooltipWidth", "295");
Eliminata : user_pref("CT2530241.RadioIsPodcast", false);
Eliminata : user_pref("CT2530241.RadioLastCheckTime", "Mon Feb 21 2011 13:04:42 GMT+0100 (ora solare Europa occi[...]
Eliminata : user_pref("CT2530241.RadioLastUpdateIPServer", "3");
Eliminata : user_pref("CT2530241.RadioLastUpdateServer", "129167784706500000");
Eliminata : user_pref("CT2530241.RadioMediaID", "20503766");
Eliminata : user_pref("CT2530241.RadioMediaType", "Media Player");
Eliminata : user_pref("CT2530241.RadioMenuSelectedID", "EBRadioMenu_CT253024120503766");
Eliminata : user_pref("CT2530241.RadioShrinked", "shrinked");
Eliminata : user_pref("CT2530241.RadioStationName", "Radio%20105");
Eliminata : user_pref("CT2530241.RadioStationURL", "hxxp://105.net/sezioni/inradio/radio/asx/ch_0.asx");
Eliminata : user_pref("CT2530241.SHRINK_TOOLBAR", 0);
Eliminata : user_pref("CT2530241.SearchEngine", "Cerca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM[...]
Eliminata : user_pref("CT2530241.SearchFromAddressBarIsInit", true);
Eliminata : user_pref("CT2530241.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT253[...]
Eliminata : user_pref("CT2530241.SearchInNewTabEnabled", true);
Eliminata : user_pref("CT2530241.SearchInNewTabIntervalMM", 1440);
Eliminata : user_pref("CT2530241.SearchInNewTabLastCheckTime", "Mon Feb 21 2011 13:04:40 GMT+0100 (ora solare Eu[...]
Eliminata : user_pref("CT2530241.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Eliminata : user_pref("CT2530241.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Eliminata : user_pref("CT2530241.SettingsCheckIntervalMin", 120);
Eliminata : user_pref("CT2530241.SettingsLastCheckTime", "Mon Feb 21 2011 19:48:00 GMT+0100 (ora solare Europa o[...]
Eliminata : user_pref("CT2530241.SettingsLastUpdate", "1295944955");
Eliminata : user_pref("CT2530241.ThirdPartyComponentsInterval", 504);
Eliminata : user_pref("CT2530241.ThirdPartyComponentsLastCheck", "Mon Feb 21 2011 13:04:40 GMT+0100 (ora solare [...]
Eliminata : user_pref("CT2530241.ThirdPartyComponentsLastUpdate", "1291279838");
Eliminata : user_pref("CT2530241.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Eliminata : user_pref("CT2530241.UserID", "UN68778261394654545");
Eliminata : user_pref("CT2530241.ValidationData_Toolbar", 2);
Eliminata : user_pref("CT2530241.WeatherNetwork", "");
Eliminata : user_pref("CT2530241.WeatherPollDate", "Mon Feb 21 2011 20:30:00 GMT+0100 (ora solare Europa occiden[...]
Eliminata : user_pref("CT2530241.WeatherUnit", "C");
Eliminata : user_pref("CT2530241.alertChannelId", "923244");
Eliminata : user_pref("CT2530241.backendstorage._fb_dailyactivity", "31323938323839383935393530");
Eliminata : user_pref("CT2530241.backendstorage._fb_lifetimesent", "54525545");
Eliminata : user_pref("CT2530241.backendstorage.facebook_ctid_connect_send", "73656E646564");
Eliminata : user_pref("CT2530241.clientLogIsEnabled", false);
Eliminata : user_pref("CT2530241.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Eliminata : user_pref("CT2530241.myStuffEnabled", true);
Eliminata : user_pref("CT2530241.myStuffPublihserMinWidth", 400);
Eliminata : user_pref("CT2530241.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Eliminata : user_pref("CT2530241.myStuffServiceIntervalMM", 1440);
Eliminata : user_pref("CT2530241.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Eliminata : user_pref("CT2530241.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Eliminata : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://utils.babylon.com/abt/index.php?u[...]
Eliminata : user_pref("CommunityToolbar.ToolbarsList", "CT2530241");
Eliminata : user_pref("CommunityToolbar.ToolbarsList2", "CT2530241");
Eliminata : user_pref("browser.babylon.HPOnNewTab", "1");
Eliminata : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Eliminata : user_pref("extensions.BabylonToolbar.cntry", "IT");
Eliminata : user_pref("extensions.BabylonToolbar.firstRun", false);
Eliminata : user_pref("extensions.BabylonToolbar.hdrMd5", "335E113214039A454F76E44F59A12265");
Eliminata : user_pref("extensions.BabylonToolbar.id", "9f164e0191db49179c4132feb1e6da8b");
Eliminata : user_pref("extensions.BabylonToolbar.instlDay", "14941");
Eliminata : user_pref("extensions.BabylonToolbar.lastActv", "19");
Eliminata : user_pref("extensions.BabylonToolbar.sid", "9f164e0191db49179c4132feb1e6da8b");
Eliminata : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Eliminata : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Eliminata : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Eliminata : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Eliminata : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Eliminata : user_pref("sweetim.toolbar.mode.debug", "false");
Eliminata : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.babylon.com/?babsrc=adbartrp&AF=156[...]
Eliminata : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Eliminata : user_pref("sweetim.toolbar.search.history.capacity", "10");
Eliminata : user_pref("sweetim.toolbar.searchguard.enable", "true");
Eliminata : user_pref("sweetim.toolbar.simapp_id", "{7679F8C0-FA33-11E0-888A-0023548E5125}");
Eliminata : user_pref("sweetim.toolbar.version", "1.3.0.1");

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Elisa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

-\\ Opera v [Impossibile rilevare la versione]

File : C:\Users\Elisa\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [24112 octets] - [14/03/2013 14:18:42]
AdwCleaner[S1].txt - [24107 octets] - [14/03/2013 14:21:28]

########## EOF - C:\AdwCleaner[S1].txt - [24168 octets] ##########



Per quanto riguarda lollipop no, purtroppo sta ancora li.

Scusatemi per la confusione ma non sono molto pratica di queste cose. Vi ringrazio dell'aiuto :)
Deborah_
Newbie
 
Post: 5
Iscritto il: 14/03/13 15:13

Sponsor
 

Re: Lollipop.exe

Postdi shel » 14/03/13 23:32

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Lollipop.exe

Postdi Deborah_ » 15/03/13 01:48

Fatto la scansione, ecco il report:

Codice: Seleziona tutto
ComboFix 13-03-14.02 - Elisa 15/03/2013   1.09.58.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.39.1040.18.3070.1606 [GMT 1:00]
Eseguito da: c:\users\Elisa\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\windows\msvcr71.dll
c:\windows\system32\ReadMe.txt
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-02-15 al 2013-03-15  )))))))))))))))))))))))))))))))))))
.
.
2013-03-15 00:26 . 2013-03-15 00:26   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-03-13 23:42 . 2013-03-13 23:42   --------   d-----w-   c:\users\Elisa\AppData\Roaming\Malwarebytes
2013-03-13 23:41 . 2013-03-13 23:41   --------   d-----w-   c:\programdata\Malwarebytes
2013-03-13 23:41 . 2013-03-13 23:41   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2013-03-13 23:41 . 2012-12-14 15:49   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-12 11:55 . 2013-02-08 00:45   6954968   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC7E28B7-93F5-4111-99DD-3A6CA31479E5}\mpengine.dll
2013-02-20 00:37 . 2013-02-20 00:37   --------   d-----w-   c:\users\Elisa\AppData\Roaming\dvdcss
2013-02-14 13:09 . 2013-01-08 22:01   768000   ----a-w-   c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-02-13 12:44 . 2013-01-04 01:38   2048512   ----a-w-   c:\windows\system32\win32k.sys
2013-02-13 12:44 . 2012-11-08 03:48   1314816   ----a-w-   c:\windows\system32\quartz.dll
2013-02-13 12:44 . 2013-01-04 11:28   905576   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:43 . 2013-01-05 05:26   3550072   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-02-13 12:43 . 2013-01-05 05:26   3602808   ----a-w-   c:\windows\system32\ntkrnlpa.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 00:30 . 2010-04-07 07:13   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2013-03-12 19:12 . 2012-05-19 16:45   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-03-12 19:12 . 2012-01-14 12:54   73432   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2010-04-06 18:43   232336   ------w-   c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-22 02:01   34304   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 02:01   293376   ----a-w-   c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50   121528   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08   143360   ----a-w-   c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-05-28 466704]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-10-26 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2010-04-06 17920]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-04-07 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2010-04-07 47672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 13:06   142120   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:11   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2011-10-24 15:51   801792   ----a-w-   c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59   18705664   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ      ASBroker ASChannel
bthsvcs   REG_MULTI_SZ      BthServ
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 09:30   1630672   ----a-w-   c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 19:12]
.
2013-03-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-08 11:03]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-17 09:28]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-17 09:28]
.
2013-03-15 c:\windows\Tasks\User_Feed_Synchronization-{B8FFAF07-A157-4F8C-BEF4-7727E9AF9A96}.job
- c:\windows\system32\msfeedssync.exe [2012-03-09 11:16]
.
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it/
IE: Cerca nel web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
Toolbar-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-lolipop - c:\users\elisa\appdata\local\lollipop\lolipop.bat
.
.
.
**************************************************************************
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(3204)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Ora fine scansione: 2013-03-15  01:40:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2013-03-15 00:40
.
Pre-Run: 14.609.092.608 byte disponibili
Post-Run: 14.047.236.096 byte disponibili
.
- - End Of File - - BEA2960BD0B20B85FB6D32B49515B403
Deborah_
Newbie
 
Post: 5
Iscritto il: 14/03/13 15:13

Re: Lollipop.exe

Postdi shel » 15/03/13 09:21

se visualizzi ancora lollipop fai una scansione con hitman scegli quello adatto al tuo sistema operativo poi usa anche malwarebytes esegui una scansione completa dopo averlo aggiornato ed elimina tutto quello che rileva, scaricalo da qui

posta i report
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: Lollipop.exe

Postdi alexxan » 08/04/13 19:26

ciao..
eccomi qui pure io..
con il medesimo problema.. m a con Windows 8

e il primo problema che riscontro è non riuscire ad installare combofix su w8!!

alternative?

grazie

ps: non sono un mago del PC :D
alexxan
Newbie
 
Post: 1
Iscritto il: 08/04/13 19:24

Re: Lollipop.exe

Postdi ennedip » 01/07/13 10:35

Ciao a tutti,
anche io ho un problema con Lollipop.
Ho eseguito come da istruzioni un lanci di OTL e allego i report


http://wikisend.com/download/203836/OTL.Txt
http://wikisend.com/download/419052/Extras.Txt

Qualcuno potrebbe darmi una mano?
Grazie in anticipo!
ciao
ennedip
Newbie
 
Post: 8
Iscritto il: 01/07/13 10:19

Re: Lollipop.exe

Postdi kyiv » 01/07/13 11:06

scarica sul desktop questi due tool e scansiona il pc : http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner (clicca su ELIMINA e posta il log)

e http://thisisudax.org/ (premi un qualsiasi tasto e posta il log)

poi riesegui OTL e posta un log ''nuovo''
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Lollipop.exe

Postdi ennedip » 01/07/13 13:59

Adwcleaner: [url]http://wikisend.com/download/574326/AdwCleaner[R1].txt[/url]
JRT http://wikisend.com/download/568708/JRT.txt
OTL http://wikisend.com/download/278686/OTL.Txt

Ecco il tutto! Io ci capisco poco, mi pare abbiano eliminato varie cose, ma io vedo ancora le fastidiosissime pubblicità
Grazie
ennedip
Newbie
 
Post: 8
Iscritto il: 01/07/13 10:19

Re: Lollipop.exe

Postdi kyiv » 01/07/13 14:19

con ADWCleaner devi cliccare su ELIMINA ;)
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Lollipop.exe

Postdi ennedip » 01/07/13 14:22

kyiv ha scritto:con ADWCleaner devi cliccare su ELIMINA ;)

Si fatto, forse ho postato il log sbagliato

[url]http://wikisend.com/download/361264/AdwCleaner[S1].txt[/url]
ennedip
Newbie
 
Post: 8
Iscritto il: 01/07/13 10:19

Re: Lollipop.exe

Postdi ennedip » 01/07/13 14:22

ennedip ha scritto:
kyiv ha scritto:con ADWCleaner devi cliccare su ELIMINA ;)

Si fatto, forse ho postato il log sbagliato

[url]http://wikisend.com/download/361264/AdwCleaner[S1].txt[/url]

Umf...con le quadre mi sa che mi sballa il link :lol:
ennedip
Newbie
 
Post: 8
Iscritto il: 01/07/13 10:19

Re: Lollipop.exe

Postdi kyiv » 01/07/13 15:08

..copia/incolla nel lo spazio bianco di OTL questo script:

:OTL
PRC - C:\Users\User\AppData\Local\ssupd\ssupd.exe (SsupdService)
PRC - C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe (ssadl)
SRV - (LiveUpSC) -- C:\Users\User\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\User\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\User\AppData\Local\ServiceManager\ssro.exe (SsroService)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe (ssadl)
O4 - HKU\S-1-5-21-2385872599-884203541-3247780510-1001..\Run: [lollipop_06171648] "c:\users\user\appdata\local\lollipop\lollipop_06171648.exe" lollipop_06171648 File not found

:Files
C:\Users\User\AppData\Local\ssupd
C:\Users\User\AppData\Local\SoftwareUpdater
c:\users\user\appdata\local\lollipop
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]


....premi RUNFIX e posta il log
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Lollipop.exe

Postdi ennedip » 01/07/13 15:17

niente! maledettissime pubblicità! :-?

ecco il log:

All processes killed
========== OTL ==========
Process ssupd.exe killed successfully!
No active process named ssadl.exe was found!
Service LiveUpSC stopped successfully!
Service LiveUpSC deleted successfully!
C:\Users\User\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe moved successfully.
Service SsupdService stopped successfully!
Service SsupdService deleted successfully!
C:\Users\User\AppData\Local\ssupd\ssupd.exe moved successfully.
Service SsroService stopped successfully!
Service SsroService deleted successfully!
C:\Users\User\AppData\Local\ServiceManager\ssro.exe moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SsroService deleted successfully.
C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2385872599-884203541-3247780510-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lollipop_06171648 deleted successfully.
========== FILES ==========
C:\Users\User\AppData\Local\ssupd\settings folder moved successfully.
C:\Users\User\AppData\Local\ssupd folder moved successfully.
C:\Users\User\AppData\Local\SoftwareUpdater\settings folder moved successfully.
C:\Users\User\AppData\Local\SoftwareUpdater folder moved successfully.
File\Folder c:\users\user\appdata\local\lollipop not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\User\Downloads\cmd.bat deleted successfully.
C:\Users\User\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 882406674 bytes
->Temporary Internet Files folder emptied: 200139038 bytes
->Java cache emptied: 188383 bytes
->FireFox cache emptied: 8029074 bytes
->Google Chrome cache emptied: 369437700 bytes
->Flash cache emptied: 1677 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73774072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 10764638 bytes

Total Files Cleaned = 1.473,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: User
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07012013_161011

Files\Folders moved on Reboot...
File move failed. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\User\aipflib.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\User\LMutilps32.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\lm\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
ennedip
Newbie
 
Post: 8
Iscritto il: 01/07/13 10:19

Re: Lollipop.exe

Postdi kyiv » 01/07/13 18:36

prova ad ''abilitare i file e cartelle nascoste'' http://windows.microsoft.com/it-it/windows-vista/show-hidden-files

e riesegui OTL , così vediamo se c'è ancora qualcosa.
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Lollipop.exe

Postdi ennedip » 02/07/13 09:49

Ho messo la spunta per le cartelle nascoste e questo è il log di OTL di oggi
Thanks!

http://wikisend.com/download/430058/OTL.Txt
ennedip
Newbie
 
Post: 8
Iscritto il: 01/07/13 10:19

Re: Lollipop.exe

Postdi kyiv » 02/07/13 11:20

utilizzi un proxy ? resettalo in IE (non utilizzare un proxy ......ecc ecc)
resetta anche la pagina in avvio di Chrome ed elimina le altre.

poi disinstalla LyricsPal

e copia/incolla questo script nel box bianco di OTL:

:OTL
CHR - homepage: http://search.babylon.com/?affID=119816 ... 2F2FEA4F11
CHR - Extension: Lyrics-Pal = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.116_0\
O2 - BHO: (Lyrics-Pal) - {C8FBE488-BAF5-4019-A7F7-C888045987D3} - C:\Program Files (x86)\LyricsPal\116.dll (LyricsPal Soft. LTD)

Files:
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bviclgl2.default\extensions\116

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]

....premi RUNFIX e posta il log :D

....pulizia di file e registro con CCleaner.
kyiv
Utente Junior
 
Post: 87
Iscritto il: 24/01/13 10:51

Re: Lollipop.exe

Postdi ennedip » 02/07/13 13:53

Ok riprovo da casa senza Proxy! ;)
grazie mille! precisissssssimo! :)
ennedip
Newbie
 
Post: 8
Iscritto il: 01/07/13 10:19

Re: Lollipop.exe

Postdi ennedip » 04/07/13 14:37

Forse non avevo riavviato perchè ora il fastidiosissimo virus è stato debellato!!! :D
Grazie mille!
ciao
ennedip
Newbie
 
Post: 8
Iscritto il: 01/07/13 10:19

Re: Lollipop.exe

Postdi keith94 » 24/07/13 11:33

Ciao shel ,
anche io ho lo stesso problema con lollipop e ho seguito le istruzioni.
OTL.Txt
Extras.Txt

Ed ecco la scansione con AdwCleaner
Codice: Seleziona tutto
# AdwCleaner v2.306 - Logfile creato il 24/07/2013 alle 11:52:51
# Aggiornamento 19/07/2013 by Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Utente : Lu - ASPIRE
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Lu\Downloads\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\Bandoo
Cartella Eliminato : C:\Program Files\BrowserCompanion
Cartella Eliminato : C:\Program Files\fbphotozoom
Cartella Eliminato : C:\Program Files\iMesh Applications
Cartella Eliminato : C:\Program Files\Windows iLivid Toolbar
Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\ProgramData\Babylon
Cartella Eliminato : C:\ProgramData\boost_interprocess
Cartella Eliminato : C:\ProgramData\eSafe
Cartella Eliminato : C:\ProgramData\Tarma Installer
Cartella Eliminato : C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Cartella Eliminato : C:\Users\Lu\AppData\Local\lollipop
Cartella Eliminato : C:\Users\Lu\AppData\Local\SoftwareUpdater
Cartella Eliminato : C:\Users\Lu\AppData\LocalLow\bbrs_002.tb
Cartella Eliminato : C:\Users\Lu\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\Lu\AppData\Roaming\eIntaller
Cartella Eliminato : C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Cartella Eliminato : C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\lfkcazn0.default\jetpack
Cartella Eliminato : C:\Users\Utente\AppData\Local\APN
Cartella Eliminato : C:\Users\Utente\AppData\Local\Babylon
Cartella Eliminato : C:\Users\Utente\AppData\Local\Conduit
Cartella Eliminato : C:\Users\Utente\AppData\Local\Ilivid Player
Cartella Eliminato : C:\Users\Utente\AppData\Local\iMesh
Cartella Eliminato : C:\Users\Utente\AppData\Local\lollipop
Cartella Eliminato : C:\Users\Utente\AppData\Local\OpenCandy
Cartella Eliminato : C:\Users\Utente\AppData\Local\PackageAware
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\AVG Secure Search
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\BabylonToolbar
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\bbrs_002.tb
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\imeshbandmltbpi
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\PriceGong
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\searchquband
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\cacaoweb
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\DealPly
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\DSite
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\9imwd9a5.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\9imwd9a5.default\extensions\cacaoweb@cacaoweb.org
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\9imwd9a5.default\jetpack
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\OfferBox
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\OpenCandy
File Désinfected : C:\Users\Lu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
File Désinfected : C:\Users\Lu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
File Désinfected : C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
File Désinfected : C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4\GeoGebra Forum.lnk
File Désinfected : C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4\GeoGebra Wiki.lnk
File Désinfected : C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4\GeoGebraTube.lnk
File Désinfected : C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4\www.geogebra.org.lnk
File Désinfected : C:\Users\Lu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
File Eliminato : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Eliminato : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Eliminato : C:\user.js
File Eliminato : C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\lfkcazn0.default\searchplugins\Babylon.xml
File Eliminato : C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\lfkcazn0.default\searchplugins\babylon1.xml
File Eliminato : C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\lfkcazn0.default\searchplugins\delta.xml
File Eliminato : C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
File Eliminato : C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\9imwd9a5.default\bprotector_prefs.js
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\9imwd9a5.default\searchplugins\Askcom.xml
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\9imwd9a5.default\searchplugins\BrowserProtect.xml
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\9imwd9a5.default\searchplugins\Search_Results.xml
File Eliminato : C:\Windows\system32\bandoolmx.dll
File Eliminato : C:\Windows\system32\conduitEngine.tmp

***** [Registro] *****

Chiave Eliminata : HKCU\Software\1ClickDownload
Chiave Eliminata : HKCU\Software\5d6dddeb134eb42
Chiave Eliminata : HKCU\Software\APN PIP
Chiave Eliminata : HKCU\Software\BabylonToolbar
Chiave Eliminata : HKCU\Software\Blabbers
Chiave Eliminata : HKCU\Software\BrowserCompanion
Chiave Eliminata : HKCU\Software\DataMngr
Chiave Eliminata : HKCU\Software\DataMngr_Toolbar
Chiave Eliminata : HKCU\Software\Google\Chrome\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Chiave Eliminata : HKCU\Software\lollipop
Chiave Eliminata : HKCU\Software\Microsoft\Babylon
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\5d6dddeb134eb42
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\Software\Bandoo
Chiave Eliminata : HKLM\Software\BrowserCompanion
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Chiave Eliminata : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Chiave Eliminata : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Chiave Eliminata : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Chiave Eliminata : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2137658
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chiave Eliminata : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Chiave Eliminata : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Chiave Eliminata : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\DataMngr
Chiave Eliminata : HKLM\Software\Desksvc
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Chiave Eliminata : HKLM\Software\Offerbox
Chiave Eliminata : HKLM\Software\PIP
Chiave Eliminata : HKLM\Software\portaldositesSoftware
Chiave Eliminata : HKLM\SOFTWARE\Software
Chiave Eliminata : HKLM\Software\Tarma Installer
Chiave Eliminata : HKLM\Software\V9
Dato Eliminata : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=SAMSUNGXHM500JI_S1WFJDRZ622906&ts=1368549787
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper]

***** [Browser Internet] *****

-\\ Internet Explorer v10.0.9200.16635

Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=SAMSUNGXHM500JI_S1WFJDRZ622906&ts=1368549787 --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=SAMSUNGXHM500JI_S1WFJDRZ622906&ts=1368549787 --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=slbnew&from=slbnew&uid=SAMSUNGXHM500JI_S1WFJDRZ622906&ts=1368549787 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (it)

File : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\9imwd9a5.default\prefs.js

C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\9imwd9a5.default\user.js ... Eliminato !

Eliminata : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");
Eliminata : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Eliminata : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114747&tt=0113_1&babsrc=NT_ss&mntr[...]
Eliminata : user_pref("browser.search.defaultengine", "Ask.com");
Eliminata : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Eliminata : user_pref("browser.search.order.1", "Search the web (Babylon)");
Eliminata : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Eliminata : user_pref("extensions.BabylonToolbar_i.babExt", "");
Eliminata : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482");
Eliminata : user_pref("extensions.BabylonToolbar_i.hardId", "60375873000000000000001e4c736bdc");
Eliminata : user_pref("extensions.BabylonToolbar_i.id", "60375873000000000000001e4c736bdc");
Eliminata : user_pref("extensions.BabylonToolbar_i.instlDay", "15342");
Eliminata : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Eliminata : user_pref("extensions.BabylonToolbar_i.newTab", true);
Eliminata : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100482&babsrc=NT_s[...]
Eliminata : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Eliminata : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Eliminata : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Eliminata : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Eliminata : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Eliminata : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Eliminata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.178:58:09");
Eliminata : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Eliminata : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=358&systemid=406&sr=0&q=");

File : C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\lfkcazn0.default\prefs.js

C:\Users\Lu\AppData\Roaming\Mozilla\Firefox\Profiles\lfkcazn0.default\user.js ... Eliminato !

Eliminata : user_pref("extensions.BabylonToolbar.admin", false);
Eliminata : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Eliminata : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Eliminata : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Eliminata : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Eliminata : user_pref("extensions.BabylonToolbar.excTlbr", false);
Eliminata : user_pref("extensions.BabylonToolbar.id", "60375873000000000000001e4c736bdc");
Eliminata : user_pref("extensions.BabylonToolbar.instlDay", "15709");
Eliminata : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Eliminata : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Eliminata : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Eliminata : user_pref("extensions.BabylonToolbar.rvrt", "false");
Eliminata : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Eliminata : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Eliminata : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Eliminata : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Eliminata : user_pref("extensions.BabylonToolbar_i.babExt", "");
Eliminata : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=114747&tt=0113_1");
Eliminata : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Eliminata : user_pref("extensions.BabylonToolbar_i.newTab", false);
Eliminata : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Eliminata : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Eliminata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.222:01:51");

-\\ Google Chrome v22.0.1229.95

File : C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

File : C:\Users\Lu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [24681 octets] - [24/07/2013 11:46:36]
AdwCleaner[S1].txt - [336 octets] - [24/07/2013 11:50:31]
AdwCleaner[S2].txt - [22417 octets] - [24/07/2013 11:52:51]

########## EOF - C:\AdwCleaner[S2].txt - [22478 octets] ##########


Ora cosa devo fare? Grazie in anticipo
keith94
Newbie
 
Post: 3
Iscritto il: 24/07/13 11:10

Re: Lollipop.exe

Postdi keith94 » 24/07/13 12:09

Ho fatto la scansione con Malwarebytes e questo è il log
Codice: Seleziona tutto
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versione database: v2013.07.24.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Lu :: ASPIRE [amministratore]

24/07/2013 12.51.51
MBAM-log-2013-07-24 (13-06-52).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 268015
Tempo impiegato: 14 minuti, 41 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 5
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Nessuna azione intrapresa.

File rilevati: 16
C:\Users\Mamma\AppData\Local\Temp\coupish.exe (PUP.Blabbers.H) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\Local\Temp\dealply.exe (PUP.DealPly) -> Nessuna azione intrapresa.
C:\Users\Utente\Downloads\(DivX_iTALiAN)_The_Twilight_Saga_Breaking_Dawn_2_Parte_(2012)_MD.CAM.XviD-BmA_(RTPerle).exe (PUP.Adware.Agent) -> Nessuna azione intrapresa.
C:\Users\Utente\Downloads\CRACKBYDRAGONSKY98.rar (PUP.RiskwareTool.CK) -> Nessuna azione intrapresa.
C:\Users\Utente\Downloads\FLVPlayerSetup.exe (Adware.Installcore) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Nessuna azione intrapresa.
C:\Users\Mamma\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Nessuna azione intrapresa.

(fine)


Penso ci sia qualche problemino..
keith94
Newbie
 
Post: 3
Iscritto il: 24/07/13 11:10

PrecedenteProssimo

Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 109 ospiti