Popup indesiedrati e sistema lento.

**Striker92** · 12-10-2012, 19:47

Eccoli:

http://wikisend.com/download/110224/OTL.Txt

http://wikisend.com/download/382262/Extras.Txt

Il safesearch c'è ancora

Di pop-up neanche l'ombra.

Grazie per la pazienza!

**menatwork** · 12-10-2012, 23:31

apri otl e copia sotto "Custom Scans\Fixes" questo testo

:OTL
IE -
HKU\S-1-5-21-2789227683-1115755691-657216117-1000\SOFTWARE\Microsoft\Internet
Explorer\Main,Start Page =
http://safesearchr.lavasoft.com/?sou...barid=adawaret
b&v=2_2&u=116B951012C0D0E80225AA5076A1CDE5
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - prefs.js..browser.startup.homepage: ' http://search.findeer.com'
FF - user.js - File not found
FF - prefs.js..browser.startup.homepage:
"http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adaware
tb&v=2_2&u=116B951012C0D0E80225AA5076A1CDE5"
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: File not found
O3:64bit: - HKU\S-1-5-21-2789227683-1115755691-657216117-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKU\S-1-5-21-2789227683-1115755691-657216117-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:64bit: - Extra context menu item: DOWNLOADWITH - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8 - Extra context menu item: DOWNLOADWITH - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{561BA2F8-B587-4C37-ACB1-476EB2F785A1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{6D290C43-06CB-47B7-8973-FAF75466E20B}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{D956D8A4-62CC-4DC9-A5E9-4F7CA4674465}: NameServer = 176.31.229.24,176.31.229.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/10/12 00:54:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/12 00:54:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/12 00:54:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/12 00:54:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/12 00:54:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/12 00:53:46 | 004,771,502 | R--- | C] (Swearware) -- C:\Users\4ser\Desktop\ComboFix.exe
[2012/10/12 17:51:36 | 004,771,502 | R--- | M] (Swearware) -- C:\Users\4ser\Desktop\ComboFix.exe
[2012/10/12 00:54:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/12 00:54:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/12 00:54:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/12 00:54:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/12 00:54:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp

1B5B4F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E5A9D792
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:BF3D62E7

:Files
ipconfig /flushdns /c

:commands
[purity]
[Reboot]

Clicca su RUN FIX attendi .......

posta il log che rilascia

**Striker92** · 13-10-2012, 10:46

Ciao! Dunque non funziona... appena faccio run fix il programma crasha. Ho provato anche a togliere la faccetta che erà venuta sul forum sul tuo post che aveva tolto due lettere ma niente. Grazie

**menatwork** · 13-10-2012, 10:55

non e' che hai copiato anche Citazione:?? prova da provvisoria

**Striker92** · 13-10-2012, 11:15

Niente anche in provvisoria... il programma non risponde

**menatwork** · 13-10-2012, 11:20

apri otl e clicca su clean up il programma si disinstallera'

scaricalo nuovamente e incolla lo script che ti ho dato togliendo

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp1B5B4F1

se vedi bene questa riga forma un >>>

probabilmente interferisce sul programma

lo script non deve contenere spazi

**Striker92** · 13-10-2012, 11:38

Niente

**menatwork** · 13-10-2012, 11:58

riavvia il pc e riprova

**Striker92** · 13-10-2012, 12:06

Già fatto, provato in tutti i modi possibili. Se non è fattibile non fa niente, me lo tengo. Ma c'è un altro modo?

**menatwork** · 13-10-2012, 12:12

riesegui adwcleaner scegli solo l'opzione delete, poi posta un log aggiornato di hijackthis

Discussione: Popup indesiedrati e sistema lento.

Strumenti discussione

Ricerca discussione

Visualizza

Permessi di invio