Plauncher e pagine pubblicitarie che si aprono da sole

[Dj Nico]

Ho notato in questi giorni che navigando in internet mi si aprono pagine pubblicitarie da sole. Facendo il log di Hijackthis ho notato la voce strana Plauncher:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.29.12, on 20/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NlsSrv32.exe
C:\Programmi\File comuni\PACE\Services\LicenseServices\LDSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nicola\Documenti\Downloads\HPPSdr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC1 2.exe
C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nicola\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP - United States | Laptop Computers, Desktops , Printers, Servers and more
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E71EDC9-CE7A-4C05-8B29-29E0EECD08AE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D4774D6-7007-4838-907F-F5B91C42CCB9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{98AE3395-D741-4B26-9944-61ABBD185A39}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7C90995-1FBF-491F-8E3A-C5B16635FB40}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E71EDC9-CE7A-4C05-8B29-29E0EECD08AE}: NameServer = 176.31.229.24,176.31.229.25
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NlsSrv32.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Programmi\File comuni\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

Dopo averla fixata insieme a tutte le voci 017 ho eliminato PowerOffer che mi si era installato nel computer. Ho fatto tutte le procedure sengalate qui:

http://www.megalab.it/8144/come-rimu...ostri-computer

[Dj Nico]

E il mio nuovo log di Hijackthis è questo:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.30.21, on 21/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NlsSrv32.exe
C:\Programmi\File comuni\PACE\Services\LicenseServices\LDSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Documents and Settings\Nicola\Desktop\HijackThis.exe
C:\WINDOWS\system32\dllhost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP - United States | Laptop Computers, Desktops , Printers, Servers and more
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NlsSrv32.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Programmi\File comuni\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

--
End of file - 7816 bytes

Volevo sapere se ora è tutto apposto o devo fare altro, usare altri programmi per eliminare il tutto completamente e fare pulizia al 100%. Grazie

Ah dimenticavo, ho anche eliminato tutto il contenuto della cartella temp dopo aver disabilitato il ripristino automatico del computer

[menatwork]

ciao Dj Nico sembra che le operazioni che hai effettuato sono andate a termine, prova a fare una scansione con adwcleaner usa solo l'opzione delete e allega il log che lascia poi fai anche una scansione con hitman scegli quello adatto per il tuo S.O.

allega i due log

[Dj Nico]

# AdwCleaner v2.005 - Logfile creato il 21/10/2012 alle 13:11:39
# Aggiornamento 14/10/2012 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Nicola - PC382528461259
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Nicola\Documenti\Downloads\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

File Eliminato : C:\user.js

***** [Registro] *****

Chiave Eliminata : HKCU\Software\IGearSettings
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

*************************

AdwCleaner[R1].txt - [3089 octets] - [21/10/2012 13:11:04]
AdwCleaner[S1].txt - [2436 octets] - [21/10/2012 13:11:39]

########## EOF - C:\AdwCleaner[S1].txt - [2496 octets] ##########

[menatwork]

esegui anche hitman per favore

[Dj Nico]

codice:

HitmanPro 3.6.2.171
www.hitmanpro.com

   Computer name . . . . : PC382528461259
   Windows . . . . . . . : 5.1.3.2600.X86/1
   User name . . . . . . : PC382528461259\Nicola
   License . . . . . . . : Free

   Scan date . . . . . . : 2012-10-21 13:27:40
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 12s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 32

   Objects scanned . . . : 756.418
   Files scanned . . . . : 9.881
   Remnants scanned  . . : 98.496 files / 648.041 keys

Cookies _____________________________________________________________________

   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:adserver.hwupgrade.it
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:c2.zedo.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:clicksor.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:eas8.emediate.eu
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:myroitracking.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:oasc-eu1.247realmedia.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:oase00821.247realmedia.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:vodafoneit.solution.weborama.fr
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:weboramaitdata.solution.weborama.fr
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:ww392.smartadserver.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Documents and Settings\Nicola\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Cookies:zedo.com

[menatwork]

li hai eliminati? prova a fare anche questa scansione vediamo se e' rimasta qualche traccia

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend

[Dj Nico]

Si li ho eliminati tutti.... Ho trovato ancora nella cartella temp le due cartelle corrispondeti ServUpdate e Posservice che corrispondono a Plauncher e PowerOffer e le ho eliminate normalmente, spero definitivamente. Ora faccio la scansione con il programma che mi hai indicato

[Dj Nico]

Eccoli qua:

http://wikisend.com/download/777586/OTL.Txt
http://wikisend.com/download/130346/Extras.Txt

[Dj Nico]

Devo fare la scansione anche Combofix e postare il log qui???
Alla fine di tutto la cartella Qoobox posso eliminarla???
Devo fare anche la pulizia con Ccleaner???