pc rallentato e finestre pop-up

**friedr** · 19-06-2013, 23:04

eccoci, sperando di non aver tralasciato niente

apri OTL, e copia/incolla nello spazio bianco il seguente script:

:OTL
PRC - C:\Documents and Settings\Utente\Dati applicazioni\WebCake\WebCakeDesktop.exe (WebCake LLC)
PRC - C:\Programmi\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC)
SRV - (WebCake Desktop Updater) -- C:\Programmi\WebCake\WebCakeDesktop.Updater.exe C:\Documents and Settings\Utente\Dati applicazioni\WebCake\WebCakeDesktop.exe File not found
SRV - (PowerOffer Service) -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe File not found
SRV - (SoftwareUpd) -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.ex e (SoftwareUpdService)
SRV - (ServUpdater) -- C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe (ServiceUpd)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&ut...&ts=1371566516
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&ut...&ts=1371566516
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_sour...9CX&ts=6750319
IE - HKLM\..\SearchScopes\{45A6DA45-0A74-49F7-B269-2EDB2806C4DB}: "URL" = http://downloads.phpnuke.org/it/index.php?rvs=hompag
IE - HKLM\..\SearchScopes\{725E5B60-204C-4734-A9FD-5FCBB96819F3}: "URL" = http://downloads.phpnuke.org/it/index.php?rvs=hompag
IE - HKLM\..\SearchScopes\{C15429EA-F113-49D8-A961-44E8B9C33A9D}: "URL" = http://www.eazel.com/it/index.php?rvs=hompag
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-1547161642-789336058-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&ut...&ts=1371566516
FF - prefs.js..browser.search.defaultenginename: "qvo6"
[2013/06/18 16.34.34 | 000,000,000 | ---D | M] (WebCake) -- C:\Documents and Settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\ji5zv0vr.def ault\extensions\plugin@getwebcake.com
[2013/06/18 16.41.57 | 000,000,745 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\qvo6.xml
CHR - Extension: WebCake = C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghc mmfffh\1.0.3_0\
O4 - HKU\S-1-5-21-1547161642-789336058-1417001333-1003..\Run: [PoService] File not found
O4 - HKU\S-1-5-21-1547161642-789336058-1417001333-1003..\Run: [heck style] C:\DOCUME~1\Utente\DATIAP~1\ARMYAM~1\Eggs Tick.exe File not found
O4 - HKU\S-1-5-21-1547161642-789336058-1417001333-1003..\Run: [SCheck] C:\Documents and Settings\Utente\Dati applicazioni\SCheck\SCheck.exe ()
O4 - HKU\S-1-5-21-1547161642-789336058-1417001333-1003..\Run: [WebCake Desktop] C:\Documents and Settings\Utente\Dati applicazioni\WebCake\WebCakeDesktop.exe (WebCake LLC)
O33 - MountPoints2\{012bee65-a474-11de-9199-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{012bee65-a474-11de-9199-001b24c86d6a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL siUon.exE
O33 - MountPoints2\{059bf814-9e24-11de-918f-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{059bf814-9e24-11de-918f-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14cd167e-a487-11de-919b-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{14cd167e-a487-11de-919b-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14cd167f-a487-11de-919b-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{14cd167f-a487-11de-919b-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{32791a3c-4405-11e0-9457-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{32791a3c-4405-11e0-9457-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{32791a3d-4405-11e0-9457-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{32791a3d-4405-11e0-9457-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3411e1a8-52e7-11e0-946c-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{3411e1a8-52e7-11e0-946c-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3411e1a9-52e7-11e0-946c-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{3411e1a9-52e7-11e0-946c-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3b4e5aa6-767e-11e0-94d2-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{3b4e5aa6-767e-11e0-94d2-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3b4e5aa7-767e-11e0-94d2-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{3b4e5aa7-767e-11e0-94d2-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{40873992-a2d5-11de-9195-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{40873992-a2d5-11de-9195-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{40873993-a2d5-11de-9195-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{40873993-a2d5-11de-9195-001b24c86d6a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{40873994-a2d5-11de-9195-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{40873994-a2d5-11de-9195-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4c6be4d6-471f-11e0-945c-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{4c6be4d6-471f-11e0-945c-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4e5baab4-5574-11e0-9470-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{4e5baab4-5574-11e0-9470-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4e5baab5-5574-11e0-9470-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{4e5baab5-5574-11e0-9470-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{583461cd-41c0-11e0-9453-001e101fe948}\Shell - "" = AutoRun
O33 - MountPoints2\{583461cd-41c0-11e0-9453-001e101fe948}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{583461ce-41c0-11e0-9453-001e101fe948}\Shell - "" = AutoRun
O33 - MountPoints2\{583461ce-41c0-11e0-9453-001e101fe948}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{583461cf-41c0-11e0-9453-001e101fe948}\Shell - "" = AutoRun
O33 - MountPoints2\{583461cf-41c0-11e0-9453-001e101fe948}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5a69c355-4250-11e0-9454-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{5a69c355-4250-11e0-9454-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9aadd150-4677-11e0-9459-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{9aadd150-4677-11e0-9459-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9aadd151-4677-11e0-9459-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{9aadd151-4677-11e0-9459-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9aadd153-4677-11e0-9459-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{9aadd153-4677-11e0-9459-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9aadd154-4677-11e0-9459-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{9aadd154-4677-11e0-9459-001b24c86d6a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL jAIJaeQ.Exe
O33 - MountPoints2\{9adf278c-5d01-11e0-9486-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{9adf278c-5d01-11e0-9486-001b24c86d6a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kApef.exe
O33 - MountPoints2\{9fef15dc-727a-11e0-94ca-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{9fef15dc-727a-11e0-94ca-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b3c581e6-7025-11e0-94c2-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{b3c581e6-7025-11e0-94c2-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d2809a12-557d-11e0-9471-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{d2809a12-557d-11e0-9471-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d67933ce-52e2-11e0-946b-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{d67933ce-52e2-11e0-946b-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dd6d2850-41be-11e0-9452-001b24c86d6a}\Shell - "" = AutoRun
O33 - MountPoints2\{dd6d2850-41be-11e0-9452-001b24c86d6a}\Shell\AutoRun\command - "" = F:\AutoRun.exe

:files
[2013/06/18 16.34.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utente\Dati applicazioni\WebCake
[2013/06/18 16.34.30 | 000,000,000 | ---D | C] -- C:\Programmi\WebCake
[2013/06/18 16.33.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Tarma Installer

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\ open\command]
""=""%1" %*"

:commands
[emptytemp]

..premi RUNFIX e allega il log.

Discussione: pc rallentato e finestre pop-up

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio