Condividi:        

Come eliminare Istartsurf

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: Come eliminare Istartsurf

Postdi Luke57 » 04/05/15 12:36

Ciao, disistalla questo programma:
PowerOffer 3.0
Poi carica su wikisend il file FRST
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Sponsor
 

Re: Come eliminare Istartsurf

Postdi nange » 06/05/15 21:02

Buonasera,
il computer non mi consente di disinstallare power offer 3.0 dandomi la seguente dicitura

File
"C:\Users\Public\Documents\Application\CurrentFile\unins000.dat"
does not exist. Cannot uninstall

il link del file FSRT è il seguente

http://wikisend.com/download/941582/FRST.txt

Il computer continua ad aprire strane fineste e acambiare le impostazioni del browser

Help!!!

Grazie per la consulenza
nange
Newbie
 
Post: 8
Iscritto il: 03/05/15 22:32

Re: Come eliminare Istartsurf

Postdi Luke57 » 07/05/15 14:15

Ciao, scarica otl.exe da qui e mettilo nel desktop:
http://oldtimer.geekstogo.com/OTL.exe

Nel box bianco "Custom scans/fixed2" copia e incolla solo le scritte che ti metto in neretto:

:files
C:\Windows\mwqf.exe
C:\Windows\wqf.exe
C:\Users\Public\Documents\Application\CurrentFile\ssadp.exe
C:\Users\Zio Mario\AppData\Local\ServiceManager\ssro.exe
C:\Users\Zio Mario\AppData\Local\ssupd\ssupd.exe
C:\ProgramData\wqf
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
C:\Windows\wqf.dat


:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ssadl"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"gmsd_it_4"=-


:Commands
[emptytemp]



Clicca sul pulsante "Run Fix"
Quando il programma ha terminato riavvia il pc, al riavvio rilascerà un log, postalo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Come eliminare Istartsurf

Postdi nange » 07/05/15 18:36

Eccomi di nuovo
Allego il report

Segnalo che ora appare tra i provider di ricerca oltre a Bing anche oursurfing e Google con altre estensioni..




All processes killed
========== FILES ==========
File\Folder C:\Windows\mwqf.exe not found.
File\Folder C:\Windows\wqf.exe not found.
File\Folder C:\Users\Public\Documents\Application\CurrentFile\ssadp.exe not found.
File\Folder C:\Users\Zio Mario\AppData\Local\ServiceManager\ssro.exe not found.
File\Folder C:\Users\Zio Mario\AppData\Local\ssupd\ssupd.exe not found.
File\Folder C:\ProgramData\wqf not found.
File\Folder C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found.
File\Folder C:\Windows\wqf.dat not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ssadl not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_it_4 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1066484422 bytes
->Java cache emptied: 3245849 bytes
->Flash cache emptied: 60479 bytes

User: Default
->Temp folder emptied: 121064 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57632 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 491922 bytes
->Temporary Internet Files folder emptied: 13011004 bytes
->Flash cache emptied: 456 bytes

User: Public

User: Zio Mario
->Temp folder emptied: 3097727 bytes
->Temporary Internet Files folder emptied: 8027674 bytes
->Java cache emptied: 5580050 bytes
->Flash cache emptied: 57983 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4766683 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68002 bytes
RecycleBin emptied: 160371154 bytes

Total Files Cleaned = 1.207,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05072015_192452

Files\Folders moved on Reboot...
C:\Users\Zio Mario\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Zio Mario\AppData\Local\Temp\~DF2AD5D81A289D842D.TMP not found!
File\Folder C:\Users\Zio Mario\AppData\Local\Temp\~DF4618905FD4327C28.TMP not found!
File\Folder C:\Users\Zio Mario\AppData\Local\Temp\~DF78AED20DC9C216B6.TMP not found!
File\Folder C:\Users\Zio Mario\AppData\Local\Temp\~DF9F266E410EB7BDF4.TMP not found!
File\Folder C:\Users\Zio Mario\AppData\Local\Temp\~DFA060E304CE225721.TMP not found!
File\Folder C:\Users\Zio Mario\AppData\Local\Temp\~DFA946495361D117C8.TMP not found!
File\Folder C:\Users\Zio Mario\AppData\Local\Temp\~DFC798351FF4294F41.TMP not found!
File\Folder C:\Users\Zio Mario\AppData\Local\Temp\~DFCF69B6E2941B14EE.TMP not found!
C:\Users\Zio Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ALG66W0\029628af31[3].js moved successfully.
C:\Users\Zio Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ALG66W0\medium[1].css moved successfully.
C:\Users\Zio Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7ALG66W0\normal[1].css moved successfully.
C:\Users\Zio Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5XDEAPFY\large[1].css moved successfully.
C:\Users\Zio Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5XDEAPFY\viewtopic[1].htm moved successfully.
C:\Users\Zio Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Zio Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Zio Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
nange
Newbie
 
Post: 8
Iscritto il: 03/05/15 22:32

Re: Come eliminare Istartsurf

Postdi Luke57 » 08/05/15 08:23

Ciao, ma hai usato adwcleaner? Allora:
1)disistalla spyhunter dal computer
2) Poi scarica adwcleaner sul desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

Avvia scan, al termine della scansione, clicca elimina
il computer si riavvierà, al termine sarà generato un report, copialo e incollalo in un post

3) avvia otl.exe
sotto output spunta minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
Premi runscan
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt)
Data la lunghezza del report, inserisci i due files in wikisend.
http://wikisend.com/
fornendo il link per poterli vedere, dopo il download
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Come eliminare Istartsurf

Postdi nange » 08/05/15 21:12

Ciao,
il report di Adwcleaner è il seguente:


# AdwCleaner v4.203 - Creato file registro eventi 08/05/2015 in 22:00:31
# Aggiornato 30/04/2015 da Xplode
# Database : 2015-05-08.1 [Server]
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (x64)
# Nome utente : Zio Mario - ZIOMARIO-PC
# In esecuzione da : C:\Users\Zio Mario\Desktop\adwcleaner_4.203.exe
# Opzione : Pulizia

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\Users\Zio Mario\SupTab

***** [ Attività pianificate ] *****


***** [ Collegamenti ] *****


***** [ Registry ] *****

Chiave Eliminato : HKLM\SOFTWARE\SupDp
Chiave Eliminato : [x64] HKLM\SOFTWARE\SpeedBit
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:57853;hxxps=127.0.0.1:57853
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17728

ma dove trovo otl.exe???
non ce l'ho né in Programmi e funzionalità né in Programmi (x86).
nange
Newbie
 
Post: 8
Iscritto il: 03/05/15 22:32

Re: Come eliminare Istartsurf

Postdi Luke57 » 08/05/15 23:22

? è quel programma che ti ho fatto scaricare e utilizzare nel post precedente...lo dovresti aver messo nel desktop
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Come eliminare Istartsurf

Postdi nange » 10/05/15 19:40

Scusa ma sono semi analfabeta con il computer.
Ecco il report nuovo di ADW cleaner

ora al riavvio dopo adw cleaner la pagina iniziale è speed bit!
al riavvio dopo aver eseguito le varie spunte su OTL allegherò i due report


# AdwCleaner v4.203 - Creato file registro eventi 10/05/2015 in 19:21:49
# Aggiornato 30/04/2015 da Xplode
# Database : 2015-05-09.1 [Server]
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (x64)
# Nome utente : Zio Mario - ZIOMARIO-PC
# In esecuzione da : C:\Users\Zio Mario\Desktop\adwcleaner_4.203.exe
# Opzione : Pulizia

***** [ Servizi ] *****


***** [ File / Cartelle ] *****


***** [ Attività pianificate ] *****


***** [ Collegamenti ] *****


***** [ Registry ] *****

Chiave Eliminato : [x64] HKLM\SOFTWARE\SpeedBit
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:57853;hxxps=127.0.0.1:57853
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Dati Eliminato : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [32507 byte] - [03/02/2014 18:27:41]
AdwCleaner[R1].txt - [16309 byte] - [03/05/2015 21:07:28]
AdwCleaner[R2].txt - [1674 byte] - [03/05/2015 21:20:03]
AdwCleaner[R3].txt - [1794 byte] - [03/05/2015 22:36:40]
AdwCleaner[R4].txt - [2695 byte] - [04/05/2015 22:24:41]
AdwCleaner[R5].txt - [2753 byte] - [04/05/2015 22:27:30]
AdwCleaner[R6].txt - [2811 byte] - [04/05/2015 22:28:44]
AdwCleaner[R7].txt - [2220 byte] - [08/05/2015 21:59:24]
AdwCleaner[R8].txt - [2252 byte] - [10/05/2015 19:09:26]
AdwCleaner[S0].txt - [32336 byte] - [03/02/2014 18:28:18]
AdwCleaner[S1].txt - [14638 byte] - [03/05/2015 21:08:59]
AdwCleaner[S2].txt - [1509 byte] - [03/05/2015 21:35:58]
AdwCleaner[S3].txt - [1629 byte] - [03/05/2015 22:37:38]
AdwCleaner[S4].txt - [2538 byte] - [04/05/2015 22:29:27]
AdwCleaner[S5].txt - [2059 byte] - [08/05/2015 22:00:31]
AdwCleaner[S6].txt - [1946 byte] - [10/05/2015 19:21:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [2004 byte] ##########
nange
Newbie
 
Post: 8
Iscritto il: 03/05/15 22:32

Re: Come eliminare Istartsurf

Postdi nange » 10/05/15 21:09

nange
Newbie
 
Post: 8
Iscritto il: 03/05/15 22:32

Re: Come eliminare Istartsurf

Postdi Luke57 » 11/05/15 18:58

Ciao, apri otl.exe sul desktop, all'interno del box bianco copia e incolla il seguente script:

:OTL
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe (ssadl)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0734A0D1-3B83-49E3-AF20-D7A064E80CE8}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
[2014/02/06 13:22:59 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\????????????????????????????????) -- C:\Windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2014/02/06 13:22:59 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\????????????????????????????????) -- C:\Windows\SysWow64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤


:Commands
[EMPTYTEMP]
[purity]
[Reboot]


premi run fix. Al riavvio del computer osta il report prodotto
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: Come eliminare Istartsurf

Postdi flowiaaa » 01/06/15 13:41

Salve a tutti.
Anche io da ieri ho questo problema con candy box 3.0.
Ho seguito tutte le procedure ed ottenuto i report addition.txt e FRST.txt che ho caricato su wikisend.
il link del FRST.txt è questo :http://wikisend.com/download/347028/FRST.txt
vi prego aiutatemi sono disperata!!
flowiaaa
Newbie
 
Post: 1
Iscritto il: 01/06/15 13:27

Re: Come eliminare Istartsurf

Postdi Luke57 » 01/06/15 20:04

Ciao, non mi permette di allegare un file di testo. Per cui apri un file di testo
start>esegui>notepad.exe>invio

copia e incolla al suo interno il seguente script:

(MS) C:\Program Files (x86)\CandyBox\aus.exe
() C:\Users\Flow\AppData\Roaming\4C4C4544-1433154502-5610-804C-C3C04F383332\nsr9C66.tmpfs
() C:\Users\Flow\AppData\Roaming\4C4C4544-1433154502-5610-804C-C3C04F383332\hnsxDC3C.tmp
(Link Up Advertising) C:\Program Files (x86)\CandyBox\cab.exe
() C:\ProgramData\Fuepnajlouoi\1.0.1.0\uvnuosvu.exe
() C:\Users\Flow\AppData\Roaming\4C4C4544-1433154502-5610-804C-C3C04F383332\jnsxC782.tmp
(Link Up Advertising) C:\Program Files (x86)\CandyBox\cab.exe
HKLM-x32\...\Run: [gmsd_it_443] => [X]
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Flow\AppData\Local\SmartWeb\SmartWebHelper.exe
HKLM-x32\...\Run: [gmsd_it_445] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [OfferBoulevard] => C:\Program Files (x86)\OfferBoulevard\OfferBoulevardW.exe
HKU\S-1-5-21-2282181895-3796397359-406061327-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.95\OptProLauncher.exe
HKU\S-1-5-21-2282181895-3796397359-406061327-1000\...\Run: [Selection Tools] => "C:\Users\Flow\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-2282181895-3796397359-406061327-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
AppInit_DLLs-x32: c:\programdata\flashbeat\flashbeat32.dll => "c:\programdata\flashbeat\flashbeat32.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 AUS; C:\Program Files (x86)\CandyBox\aus.exe [286208 2014-07-14] (MS) [File not signed]
R2 fivyzipo; C:\Users\Flow\AppData\Roaming\4C4C4544-1433154502-5610-804C-C3C04F383332\hnsxDC3C.tmp [311296 2015-06-01] () [File not signed]
R2 tyvozyno; C:\Users\Flow\AppData\Roaming\4C4C4544-1433154502-5610-804C-C3C04F383332\jnsxC782.tmp [129536 2015-06-01] () [File not signed]
R2 dybojore; C:\Users\Flow\AppData\Roaming\4C4C4544-1433154502-5610-804C-C3C04F383332\nsr9C66.tmpfs [X]
S2 eli; c:\windows\eli.exe [X]
S2 meli; c:\windows\meli.exe [X]
2015-06-01 13:14 - 2015-06-01 13:14 - 00003900 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2015-06-01 13:14 - 2015-06-01 13:14 - 00003578 _____ () C:\Windows\System32\Tasks\YTDownloader
2015-06-01 13:13 - 2015-06-01 13:23 - 00000972 _____ () C:\Windows\SysWOW64\${LOGFILE}
2015-06-01 12:45 - 2015-06-01 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-06-01 12:40 - 2015-06-01 14:00 - 00000998 _____ () C:\Windows\Tasks\NvyPX8DolvlgEoN.job
2015-06-01 12:40 - 2015-06-01 12:40 - 00004020 _____ () C:\Windows\System32\Tasks\NvyPX8DolvlgEoN
2015-06-01 12:39 - 2015-06-01 14:00 - 00001054 _____ () C:\Windows\Tasks\Crossbrowse.job
2015-06-01 12:39 - 2015-06-01 12:39 - 00004076 _____ () C:\Windows\System32\Tasks\Crossbrowse
2015-06-01 12:38 - 2015-06-01 14:00 - 00000328 _____ () C:\Windows\Tasks\OGMDSFLC1.job
2015-06-01 12:38 - 2015-06-01 12:38 - 00004028 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-06-01 12:38 - 2015-06-01 12:38 - 00003552 _____ () C:\Windows\System32\Tasks\QAXAZMZF
2015-06-01 12:38 - 2015-06-01 12:38 - 00002850 _____ () C:\Windows\System32\Tasks\OGMDSFLC1
2015-06-01 12:38 - 2015-06-01 12:38 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-01 12:31 - 2015-06-01 12:42 - 00000000 ____D () C:\Users\Flow\AppData\Local\4C4C4544-1433161884-5610-804C-C3C04F383332
2015-06-01 12:29 - 2015-06-01 14:00 - 00001008 _____ () C:\Windows\Tasks\M7ApH5BE4uclBXnizeUx.job
2015-06-01 12:29 - 2015-06-01 12:29 - 00004030 _____ () C:\Windows\System32\Tasks\M7ApH5BE4uclBXnizeUx
2015-06-01 12:28 - 2015-06-01 12:41 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-30 23:38 - 2015-05-30 23:38 - 00000000 ____D () C:\Program Files (x86)\CandyBox
2015-05-21 00:21 - 2015-06-01 13:25 - 00003450 _____ () C:\Windows\System32\Tasks\Fuepnajlouoi
2015-05-21 00:21 - 2015-05-21 00:21 - 00000000 ____D () C:\ProgramData\Fuepnajlouoi
EmptyTemp:


salva il file chiamandolo fixlist.txt sul desktop.
Trascina sul desktop anche Farbar Recovery Scan Tool.
Riapri FRST.exe e clicca sul pulsante FIX una sola volta.
Allega il log fixlog che troverai sul desktop dopo il fix.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "Come eliminare Istartsurf":


Chi c’è in linea

Visitano il forum: Nessuno e 51 ospiti