HKLM\SOFTWARE\Classes\Interface\{7529153F-4EA9-4C50-830A-7504B9274C67},che fare?

[negozionline]

Ciao a tutti,
ho fatto una ricerca su internet e non ho trovato nessuna informazione a riguardo,:-( ma che ce l'ho solo io questo virus??!!eheh
Cmq , ho fatto una scansione con AVG 8 free e mi è uscito questo avviso :
HKLM\SOFTWARE\Classes\Interface\{7529153F-4EA9-4C50-830A-7504B9274C67} ;
nome rilevamento: rilevato Adware.CoolWeebSearch
tipo di oggetto : chiave di registro
tipo SDK : Core
risultato : oggetto potenzialmente pericoloso

AVG non può eliminarlo e io non voglio forzare il sistema col rischio di bloccare tutto!
come posso fare ad eliminarlo? se non lo elimino che succede?
non sono molto pratica di queste cose e non capisco molto bene la terminologia tecnica;
cmq oltre ad AVG ho COMODO come firewall e A-Squared anti dialer.
il mio è un portatile Compaq presario ,comprato a maggio, con windows Vista :-(
non so che altre informazioni potrebbero servirvi!
Spero qualcuno mi possa aiutare!!??!!
grazie

[ryan atwood]

Fai una scansione con Kaspersky
Infine posta il risultato.

[negozionline]

Ciao Ryan,scusa tra 2000 impegni non ho potuto rispondere prima.
ho provato 2 volte a fare la scansione con Kaspersky,ma la prima volta dopo due ore di scansione stava ancora allo 0%; la seconnda volta invece si è bloccato tutto il pc ed ho dovuto riavviare tutto! Oltretutto con Alt+controll+canc non mi si apre nemmeno il task manager. che faccio? ora riprovo a fare la scansione come hai detto tu,se non posto i risultati vuol dire che mi si è bloccato tutto di nuovo.
grazie per il tuo tempo e per i tuoi consigli.

[Deifobe]

scarica ed esegui una scansione con CWShredder.

Poi, scarica e installa malwarebytes.
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, posta il rapporto.
al momento non rimuovere nulla, controllo prima il rapporto

[negozionline]

Può essere questo il rapporto?

**** Run Keys ****

RUN: [IgfxTray] C:\Windows\system32\igfxtray.exe
RUN: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
RUN: [Persistence] C:\Windows\system32\igfxpers.exe
RUN: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
RUN: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
RUN: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
RUN: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
RUN: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
RUN: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RUN: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
RUN: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
RUN: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
RUN: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
RUN: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RUN: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
RUN: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
RUN: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
RUN: [a-squared] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
RUN: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe" /d=60
RUN: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
RUN: [ehTray.exe] C:\Windows\ehome\ehTray.exe
RUN: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
RUN: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
RUN: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
RUN: [MSGTAG] "C:\Program Files\MSGTAG\MSGTAG.exe" /startup
RUN: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
RUN: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"


**** Browser Helper Objects ****

BHO: [Supporto di collegamento per Adobe PDF Reader] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: [Skype add-on (mastermind)] C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: [AVG Safe Search] C:\Program Files\AVG\AVG8\avgssie.dll
BHO: [AVG Safe Search] C:\Program Files\AVG\AVG8\avgssie.dll
BHO: [AVG Safe Search] C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
BHO: [AVG Security Toolbar] C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar1.dll
BHO: [EpsonToolBandKicker Class] C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll


**** IE Toolbars ****

TOOLBAR: []
TOOLBAR: [&Google] c:\program files\google\googletoolbar1.dll
TOOLBAR: [AVG Security Toolbar] C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
TOOLBAR: [EPSON Web-To-Page] C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
TOOLBAR: [&RoboForm] C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll


**** IE Extensions ****

IEExt: []
IEExt: [Compila]
IEExt: [Salva]
IEExt: [RoboForm]
IEExt: [Skype]


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: ::1 localhost
HOSTS: ::1 localhost


**** IE Settings ****

Default Page: http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
Default Search: http://go.microsoft.com/fwlink/?LinkId=54896
Local Page: C:\Windows\system32\blank.htm
Search Page: http://go.microsoft.com/fwlink/?LinkId=54896


**** IE Context Menu (Right click) ****

IEContext: [Compila Modulo] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IEContext: [E&sporta in Microsoft Excel] res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
IEContext: [Personalizza] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IEContext: [RF Barra strumenti] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IEContext: [Salva Moduli] file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: MSAFD Tcpip [TCP/IPv6]
LSP: MSAFD Tcpip [UDP/IPv6]
LSP: Provider di servizi TCPv6 RSVP
LSP: Provider di servizi TCP RSVP
LSP: Provider di servizi UDPv6 RSVP
LSP: Provider di servizi UDP RSVP
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1BD1F545-9A80-4C2F-8541-D5E26C11578F}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1BD1F545-9A80-4C2F-8541-D5E26C11578F}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{811E9253-9A32-4602-854C-91FA5204D1CD}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{811E9253-9A32-4602-854C-91FA5204D1CD}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D4D10C47-CD46-4AB4-AD02-D042DCFD2CC3}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D4D10C47-CD46-4AB4-AD02-D042DCFD2CC3}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DAC284C7-0EA3-4765-9313-1EC1F572F6F5}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{DAC284C7-0EA3-4765-9313-1EC1F572F6F5}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E25D754A-9B86-4CA2-936C-D6A0D80442B5}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{E25D754A-9B86-4CA2-936C-D6A0D80442B5}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1BD1F545-9A80-4C2F-8541-D5E26C11578F}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{1BD1F545-9A80-4C2F-8541-D5E26C11578F}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{811E9253-9A32-4602-854C-91FA5204D1CD}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{811E9253-9A32-4602-854C-91FA5204D1CD}] DATAGRAM 3


**** Blocked Control Panel Items ****



**** Downloaded Program Files ****

{0CCA191D-13A6-4E29-B746-314DEE697D83} [http://upload.facebook.com/controls/...oUploader5.cab] C:\Windows\System32\unicows.dll C:\Windows\Downloaded Program Files\ImageUploader5.ocx C:\Windows\Downloaded Program Files\PhotoUploader5.ocx
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jin...ndows-i586.cab]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jin...ndows-i586.cab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jin...ndows-i586.cab]



.......segue

[negozionline]

**** Windows Services ****

[a2AntiDialer] "C:\Program Files\a-squared Anti-Dialer\a2service.exe"
[AeLookupSvc] %systemroot%\system32\svchost.exe -k netsvcs
[ALG] %SystemRoot%\System32\alg.exe
[Appinfo] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioEndpointBuilder] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[Audiosrv] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[avg8emc] C:\PROGRA~1\AVG\AVG8\avgemc.exe
[avg8wd] C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
[BFE] %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[CertPropSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[clr_optimization_v2.0.50727_32] %systemroot%\Microsoft.NET\Framework\v2.0.50727\ms corsvw.exe
[cmdAgent] "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
[Com4Qlb] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe"
[COMSysApp] %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k NetworkService
[DcomLaunch] %SystemRoot%\system32\svchost.exe -k DcomLaunch
[DFSR] %SystemRoot%\system32\DFSR.exe
[Dhcp] %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[dot3svc] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[DPS] %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
[EapHost] %SystemRoot%\System32\svchost.exe -k netsvcs
[ehRecvr] %systemroot%\ehome\ehRecvr.exe
[ehSched] %systemroot%\ehome\ehsched.exe
[ehstart] %windir%\system32\svchost.exe -k LocalServiceNoNetwork
[EMDMgmt] %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[Eventlog] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[EventSystem] %SystemRoot%\system32\svchost.exe -k LocalService
[fdPHost] %SystemRoot%\system32\svchost.exe -k LocalService
[FDResPub] %SystemRoot%\system32\svchost.exe -k LocalService
[FontCache3.0.0.0] %systemroot%\Microsoft.Net\Framework\v3.0\WPF\Pres entationFontCache.exe
[GameConsoleService] "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe"
[gpsvc] %systemroot%\system32\svchost.exe -k netsvcs
[gusvc] "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
[hidserv] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[hkmsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HP Health Check Service] "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
[hpqwmiex] C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
[IAANTMON] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[idsvc] "%systemroot%\Microsoft.NET\Framework\v3.0\Win dows Communication Foundation\infocard.exe"
[IKEEXT] %systemroot%\system32\svchost.exe -k netsvcs
[IPBusEnum] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[iphlpsvc] %SystemRoot%\System32\svchost.exe -k NetSvcs
[KeyIso] %SystemRoot%\system32\lsass.exe
[KtmRm] %SystemRoot%\System32\svchost.exe -k NetworkService
[LanmanServer] %SystemRoot%\system32\svchost.exe -k netsvcs
[LanmanWorkstation] %SystemRoot%\System32\svchost.exe -k LocalService
[lltdsvc] %SystemRoot%\System32\svchost.exe -k LocalService
[lmhosts] %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
[Mcx2Svc] %SystemRoot%\system32\svchost.exe -k LocalService
[MMCSS] %SystemRoot%\system32\svchost.exe -k netsvcs
[MpsSvc] %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
[MSDTC] %SystemRoot%\System32\msdtc.exe
[MSiSCSI] %systemroot%\system32\svchost.exe -k netsvcs
[msiserver] %systemroot%\system32\msiexec /V
[napagent] %SystemRoot%\System32\svchost.exe -k NetworkService
[Netlogon] %systemroot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[netprofm] %SystemRoot%\System32\svchost.exe -k LocalService
[NetTcpPortSharing] "%systemroot%\Microsoft.NET\Framework\v3.0\Win dows Communication Foundation\SMSvcHost.exe"
[NlaSvc] %SystemRoot%\System32\svchost.exe -k NetworkService
[nsi] %systemroot%\system32\svchost.exe -k LocalService
[p2pimsvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[p2psvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[PcaSvc] %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[pla] %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
[PlugPlay] %SystemRoot%\system32\svchost.exe -k DcomLaunch
[PNRPAutoReg] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[PNRPsvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[PolicyAgent] %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
[ProfSvc] %systemroot%\system32\svchost.exe -k netsvcs
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[QWAVE] %windir%\system32\svchost.exe -k LocalService
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k regsvc
[RichVideo] "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost.exe -k rpcss
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\system32\svchost.exe -k LocalService
[Schedule] %systemroot%\system32\svchost.exe -k netsvcs
[SCPolicySvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[SDRSVC] %SystemRoot%\system32\svchost.exe -k SDRSVC
[seclogon] %windir%\system32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[ServiceLayer] "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
[SessionEnv] %SystemRoot%\System32\svchost.exe -k netsvcs
[SfCtlCom] "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[slsvc] %SystemRoot%\system32\SLsvc.exe
[SLUINotify] %SystemRoot%\system32\svchost.exe -k LocalService
[SNMPTRAP] %SystemRoot%\System32\snmptrap.exe
[Spooler] %SystemRoot%\System32\spoolsv.exe
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[SstpSvc] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[swprv] %SystemRoot%\System32\svchost.exe -k swprv
[SysMain] %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[TabletInputService] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[TapiSrv] %SystemRoot%\System32\svchost.exe -k NetworkService
[TBS] %SystemRoot%\System32\svchost.exe -k LocalService
[TermService] %SystemRoot%\System32\svchost.exe -k NetworkService
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[THREADORDER] %SystemRoot%\system32\svchost.exe -k LocalService
[TrkWks] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[TrustedInstaller] %SystemRoot%\servicing\TrustedInstaller.exe
[UI0Detect] %SystemRoot%\system32\UI0Detect.exe
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[usnjsvc] "C:\Program Files\MSN Messenger\usnsvc.exe"
[UxSms] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[vds] %SystemRoot%\System32\vds.exe
[VSS] %systemroot%\system32\vssvc.exe
[W32Time] %SystemRoot%\system32\svchost.exe -k LocalService
[wcncsvc] %SystemRoot%\System32\svchost.exe -k LocalService
[WcsPlugInService] %SystemRoot%\system32\svchost.exe -k wcssvc
[WdiServiceHost] %SystemRoot%\System32\svchost.exe -k wdisvc
[WdiSystemHost] %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[Wecsvc] %SystemRoot%\system32\svchost.exe -k NetworkService
[wercplsupport] %SystemRoot%\System32\svchost.exe -k netsvcs
[WerSvc] %SystemRoot%\System32\svchost.exe -k WerSvcGroup
[WinDefend] %SystemRoot%\System32\svchost.exe -k secsvcs
[WinHttpAutoProxySvc] %SystemRoot%\system32\svchost.exe -k LocalService
[Winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WinRM] %SystemRoot%\System32\svchost.exe -k NetworkService
[Wlansvc] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[wmiApSrv] %systemroot%\system32\wbem\WmiApSrv.exe
[WMPNetworkSvc] "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
[WPCSvc] %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
[WPDBusEnum] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[wscsvc] %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
[WSearch] %systemroot%\system32\SearchIndexer.exe /Embedding
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[wudfsvc] %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
[XAudioService] %SystemRoot%\system32\DRIVERS\xaudio.exe


**** Custom IE Search Items ****



**** Complete IE Options ****

IEOPT: [Disable Script Debugger] yes
IEOPT: [Start Page] http://it.yahoo.com/
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\Windows\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [XMLHTTP]
IEOPT: [NoUpdateCheck]
IEOPT: [UseClearType] no
IEOPT: [Enable Browser Extensions] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Play_Animations] yes
IEOPT: [CompatibilityFlags]
IEOPT: [StartPageCache]
IEOPT: [FullScreen] no
IEOPT: [SearchMigrated]
IEOPT: [Window_Placement] ,
IEOPT: [RunOnceHasShown]
IEOPT: [RunOnceComplete]
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use FormSuggest] yes
IEOPT: [Friendly http errors] yes
IEOPT: [FormSuggest Passwords] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Start Page] http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
IEOPT: [AutoHide] yes
IEOPT: [Default_Secondary_Page_URL]
IEOPT: [Default_Search_URL] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Search Page] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Extensions Off Page] about:NoAdd-ons
IEOPT: [Security Risk Page] about:SecurityRisk
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Default_Page_URL] http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop


spero di aver fatto quello che mi hai chiesto!

[Deifobe]

ok. continua

Poi, scarica e installa malwarebytes.
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, posta il rapporto.
al momento non rimuovere nulla, controllo prima il rapporto

edit:
1) disattiva l'UAC di Vista (qui viene spiegato come disattivarlo microsoft.com)

Start => Pannello di controllo => Account Utente e protezione per la famiglia (User Accounts and Family Safety) => Account Utente

Se viene richiesto una password di amministratore, digitare il nome di utente di amministratore e la password e quindi scegliere OK. Se si richiede la conferma, scegliere Continua.

Deselezionare la casella di controllo Use User Account Control (UAC) .... quindi scegliere OK.

Riavvia il computer.

2) eseguilo come amministratore

[negozionline]

ecco il secondo rapporto


Malwarebytes' Anti-Malware 1.30
Versione del database: 1399
Windows 6.0.6001 Service Pack 1

15/11/2008 13.15.16
mbam-log-2008-11-15 (13-14-31).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 49151
Tempo trascorso: 21 minute(s), 8 second(s)

Processi delle memoria infetti: 1
Moduli della memoria infetti: 4
Chiavi di registro infette: 28
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 5
File infetti: 6

Processi delle memoria infetti:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.

Moduli della memoria infetti:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\m ywebsearchservice (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.

File infetti:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.

[Deifobe]

da installazione applicazioni disintalla mywebsearch.
fatto questo, controlla che non ci sia più la cartella C:\Program Files\MyWebSearch altrimenti eliminala tu.

poi, riesegui malwareb. ed elimina i residui che trova e posta il rapporto.

[negozionline]

Allora da installazioni applicazioni non ho trovato questa cartella ( forse è nascosta da qualche altra parte?!)
Sono andata in programmi invece e la cartella c'era,ho provato ad eliminarla ma mi dice che serve l'autorizzazione e non me la fa cancellare! e mo? :-( Vista già è una tragedia di suo!