pagine pubblicità e iminent

[luina]

buongiorno!
qualche giorno fa ho scaricato freeyoutubetomp3converter e, non so se è un caso, mi sono ritrovata con la toolbar iminent e delle pagine di pubblicità o di siti simili a quelli che visito che si aprono da sole.
tutto ciò mi disturba e non poco.
sapreste aiutarmi per piacere? prima di scrivere ho dato un'occhiata al forum e allego il file *.txt di hijackthis che magari può servire. lo riporto così ma se nn va bene ditemi come allegarlo.
intanto grazie e a presto

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.11.47, on 10/09/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Chiavetta Internet MT835UP\UIMain.exe
C:\Users\Public\Documents\AppData\PoApp\PService.e xe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher. exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Luana\AppData\Local\Akamai\netsession_wi n.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10y_Pl ugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Luana\AppData\Roaming\DVDVideoSoftIEHelpe rs\freeytvdownloader.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{16B51B1C-2646-4C76-BB12-9AD1AD09B3DD}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C06A35D-7345-4004-AEA0-3123E0924C20}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{29945442-6279-4C76-B875-FE7431E55C45}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FAAD992-1092-468D-BF00-3E8F595BD403}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CB1B044-ED56-450C-A84F-796041997E5C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F785223-38D7-4D70-A85D-BF57C667BBC8}: NameServer = 213.230.155.10 217.200.200.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{d8932e52-6a6f-11db-b6ab-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{16B51B1C-2646-4C76-BB12-9AD1AD09B3DD}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{16B51B1C-2646-4C76-BB12-9AD1AD09B3DD}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS10\Services\Tcpip\..\{16B51B1C-2646-4C76-BB12-9AD1AD09B3DD}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apache OSGeo4W Web Server (ApacheOSGeo4WWebServer) - Apache Software Foundation - C:\OSGeo4W\apache\bin\httpd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Luana\AppData\Local\PosService\Pos.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Luana\AppData\Local\ServUpdater\ServiceUp d.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Luana\AppData\Local\SoftwareUpdater\Softw areUpdService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10066 bytes

[menatwork]

riesegui hijackthis e metti la spunta accanto a questa voce poi premi fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

se non hai impostato tu questi DNS fixa anche tutte le voci 017

176.31.229.24,176.31.229.25

scarica adwcleaner e clicca su delete

posta il suo log

[luina]

eccomi qua! grazie per la risposta
ho fatto quello che mi ha detto e posto il log
intanto ciao!

# AdwCleaner v2.001 - Logfile created 09/11/2012 at 21:22:08
# Updated 09/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Luana - XXX
# Boot Mode : Normal
# Running from : C:\Users\Luana\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Luana\AppData\Local\Temp\Iminent
Folder Deleted :

C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Pro files\0g4ort2m.default\extensi

ons\{C9B68337-E93A-44EA-94DC-CB300EC06444}

***** [Registry] *****

Key Deleted : HKCU\Software\Iminent
Key Deleted :

HKCU\Software\Microsoft\SystemCertificates\Trusted Publisher\Certificates\62119EF

862C6B3A0D853419B87EB3E2F6C78640A
Key Deleted :

HKCU\Software\Microsoft\SystemCertificates\Trusted Publisher\Certificates\7EE7433

14C844C7F445B8B1D7617612DF1FDD50F
Key Deleted :

HKCU\Software\Microsoft\SystemCertificates\Trusted Publisher\Certificates\E6A6A4A

475FCE37F8B5AC2F1244DEB2BFCA5615A
Key Deleted :

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{32099AAC-C132-4136-

9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-

FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-

FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-

371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-

12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-

FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-

EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-

F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-

B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-

07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-

78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-

88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-

8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-

3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-

CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-

924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-

36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-

1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-

A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-

592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-

A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-

74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-

984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-

7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-

DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-

B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-

8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-

6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-

9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-

9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-

9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-

FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-

303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-

201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-

03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-

4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-

4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-

E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-

9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-

6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-

D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-

2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-

D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-

68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-

152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-

56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-

B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-

C4081A054FCF}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low

Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SearchTheWebARP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

[{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions

[webbooster@iminent.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes -

DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes -

DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes -

DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes -

DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes -

DefaultScope]

-\\ Mozilla Firefox v14.0.1 (it)

Profile name : default
File :

C:\Users\Luana\AppData\Roaming\Mozilla\Firefox\Pro files\0g4ort2m.default\prefs.j

s

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7030 octets] - [11/09/2012 21:22:08]

########## EOF - C:\AdwCleaner[S1].txt - [7090 octets] ##########

[menatwork]

mi posti un log aggiornato di hijacktis?

[luina]

eccolo
se non riesco a rimanere al pc per la risposta provvedo subito domani
intanto ecco il log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22.09.21, on 11/09/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Public\Documents\AppData\PoApp\PService.e xe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Chiavetta Internet MT835UP\UIMain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher. exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Luana\AppData\Local\Akamai\netsession_wi n.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Luana\AppData\Roaming\DVDVideoSoftIEHelpe rs\freeytvdownloader.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE913BBC-14AC-47DA-9478-167126272E5F}: NameServer = 213.230.155.10 217.200.200.42
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apache OSGeo4W Web Server (ApacheOSGeo4WWebServer) - Apache Software Foundation - C:\OSGeo4W\apache\bin\httpd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Luana\AppData\Local\PosService\Pos.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Luana\AppData\Local\ServUpdater\ServiceUp d.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Luana\AppData\Local\SoftwareUpdater\Softw areUpdService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8706 bytes

[menatwork]

immaginavo che quei DNS non li avevi impostati tu

cancella queste cartelle in grassetto, segui il percorso

C:\Users\Public\Documents\AppData\PoApp\PService.exe

C:\Users\Luana\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe

aggiorna avast da qui hai una versione vecchiotta

C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

fai anche questa scansione

scarica e installa malwarebytes

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .

[luina]

ehm...ciao!!
dunque...di quello che hai scritto non sono siuscita a cancellare solo la cartella "PoApp" perchè mi dice che è appena aperta da un'altro programma. ho provato più volte e nn riesco..cosa sbaglio?
poi...ho seguito il link per aggiornare avast che mi hai postato tu, però non trovo dove si aggiorna così l'ho fatto tramite l'icona sul mio pc. mi dice che è già aggiornato all'utlima versione, in effetti avevo dato l'ok all'aggiornamento automatico mi pare un paio di giorni fà.. come mai a te risulta diverso?
e infine....ho perso il rapporto di malwarebytes..come faccio? ?? aveva individuato 17 file con vicino un icona di un virus e scritto trojan qualcosa..ho seguito le tue istruzioni e riavviato, è comparsa la finestra del rapporto e siccome quando ho fatto salva con nome mi diceva che il file era già esistente nn ho sovrascritto. e adesso?!?

[SkinBonno]

In attesa di Menatwork, per la cartella PoApp puoi scaricare Unlocker , lo installi, poi ti porti sul percorso della cartella da eliminare, click col destro sulla cartella-->unlocker e scegli elimina e dai l'ok.
Per il log di Malwarebytes apri Malwarebytes, nella pagina principale in alto c'è la scheda log, la apri e trovi tutti i log che poi puoi salvare dove vuoi.
Per avast scaricalo da qui , seleziona la versione freeware e ti dovrebbe aggiornare il tuo.

[luina]

oooocchei!
grazie anche a te allora
sono riuscita a cancellare la cartella malefica, però volevo aggiungere che ho notato la cartella Emoticoons...mi devo preoccupare? che ci faccio?
anche avast direi che a questo punto è aggiornato.
poi posto i due rapporti che ho trovato dove mi hai detto te:

il primo:
Malwarebytes Anti-Malware (Prova) 1.65.0.1400
www.malwarebytes.org

Versione database: v2012.09.13.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Luana :: XXX [amministratore]

Protezione: Attivata

13/09/2012 11.31.00
mbam-log-2012-09-13 (11-31-00).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|H:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 374519
Tempo impiegato: 1 ore, 47 minuti, 53 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 17
C:\OSGeo4W\apache\bin\ab.exe (Trojan.Swrort) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files\Navilog1\gnc.exe (Trojan.Dropper) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\mxdkxhke.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\zxb93c9u.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\f83fd32f.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\j8aj087z.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\va1wjhq0.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\1bza95ri.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\20AA.tmp (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\227E.tmp (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\B95.tmp (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\7wron0yd.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\9F4B.tmp (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\9ukjpahj.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\k9smhgi7.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\Local\Temp\r3emfj0o.exe (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Luana\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\31\7c49009f-206f49c3 (Trojan.Agent.WIMPD) -> Spostato in quarantena ed eliminato con successo.

(fine)


il secondo:
2012/09/13 11:28:36 +0200 XXX Luana MESSAGE Starting protection
2012/09/13 11:28:36 +0200 XXX Luana MESSAGE Protection started successfully
2012/09/13 11:28:36 +0200 XXX Luana MESSAGE Starting IP protection
2012/09/13 11:28:44 +0200 XXX Luana MESSAGE IP Protection started successfully
2012/09/13 11:29:12 +0200 XXX Luana MESSAGE Starting database refresh
2012/09/13 11:29:12 +0200 XXX Luana MESSAGE Stopping IP protection
2012/09/13 11:29:13 +0200 XXX Luana MESSAGE IP Protection stopped successfully
2012/09/13 11:29:21 +0200 XXX Luana MESSAGE Database refreshed successfully
2012/09/13 11:29:21 +0200 XXX Luana MESSAGE Starting IP protection
2012/09/13 11:29:26 +0200 XXX Luana MESSAGE IP Protection started successfully
2012/09/13 11:39:51 +0200 XXX Luana MESSAGE Executing scheduled update: Daily
2012/09/13 11:39:57 +0200 XXX Luana MESSAGE Database already up-to-date
2012/09/13 14:06:15 +0200 XXX Luana MESSAGE Starting protection
2012/09/13 14:06:16 +0200 XXX Luana MESSAGE Protection started successfully
2012/09/13 14:06:16 +0200 XXX Luana MESSAGE Starting IP protection
2012/09/13 14:06:20 +0200 XXX Luana MESSAGE IP Protection started successfully
2012/09/13 15:30:07 +0200 XXX Luana IP-BLOCK 62.149.140.24 (Type: outgoing, Port: 51934, Process: avastsvc.exe)
2012/09/13 15:30:07 +0200 XXX Luana IP-BLOCK 62.149.140.24 (Type: outgoing, Port: 51935, Process: avastsvc.exe)
2012/09/13 16:14:42 +0200 XXX Luana MESSAGE Starting protection
2012/09/13 16:14:42 +0200 XXX Luana MESSAGE Protection started successfully
2012/09/13 16:14:42 +0200 XXX Luana MESSAGE Starting IP protection
2012/09/13 16:14:49 +0200 XXX Luana MESSAGE IP Protection started successfully



nella cartella "quarantena" di malwarebytes ci sono tutti quei file con l'icona del microbo...devono restare lì o faccio elimina tutto? o li ripristino? ...scherz..ma dimmi, che faccio?
infine..prima che mi rispondessi stavo navigando quà e là per fare spesucce e si sono aperte vigliaccamente due pagine di siti per acquisti...e adesso?

consapevole che con la mia ignoranza rischio di stracciare i gioielli, comunque vi ringrazio sentitamente e mi raccomando non abbandonatemi

[menatwork]

grazie anche a skinbonno per il supporto

luina a questo punto tenuto conto che sono uscite delle infezioni non da poco ti consiglierei un passaggio con combofix

scaricalo da qui e mettilo sul desktop avvialo col tasto destro e come amministratore

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix