Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.44.15, on 16/02/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\Twain_32\Samsung\SCX4623\Scan2pc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\PDF Architect\HelperService.exe
C:\Programmi\PDF Architect\ConversionService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Java\Java Update\jucheck.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Documenti\Download\SoftonicDownloader_per_hijackthis.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programmi\PDF Architect\PDFIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programmi\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [4623 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\SCX4623\Scan2pc.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] D:\Pulizia\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_146_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Programmi\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Programmi\PDF Architect\ConversionService.exe
O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe

--
End of file - 5890 bytes

Ciao.
Se non dici i problemi che riscontri devo anch'io tirare a indovinare.....
Segui alla lettera questa guida:
http://forum.aiutamici.com/yaf_postst90814_Guida-per-eliminare-le-pagine-pubblicitarie-SOLO-LETTURA.aspx
Posta i log come indicato a fine pagina.

Ok, segui la guida.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versione database: v2014.02.16.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PIERO-591791275 [amministratore]

17/02/2014 8.32.22
mbam-log-2014-02-17 (08-32-22).txt

Tipo di scansione: Scansione completa (C:\|K:\|L:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 238408
Tempo impiegato: 1 ore, 9 minuti, 3 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 3
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\SOFTWARE\Vittalia\AxtanInstaller (PUP.Optional.BundleInstaller.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Spostato in quarantena ed eliminato con successo.

Valori di registro rilevati: 2
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Dati: {FEFD7A0B-685A-11E2-BF29-84763FCB86D4} -> Spostato in quarantena ed eliminato con successo.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Dati: {FEFD7A0B-685A-11E2-BF29-84763FCB86D4} -> Spostato in quarantena ed eliminato con successo.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 9
C:\Documents and Settings\Administrator\Documenti\Download\SoftonicDownloader_per_hijackthis.exe (PUP.Optional.Softonic.A) -> Spostato in quarantena ed eliminato con successo.
C:\Documents and Settings\Administrator\Documenti\Download\SoftonicDownloader_per_pdfcreator.exe (PUP.Optional.Softonic.A) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\Programmi\DealPly\DealPlyIE.dll.vir (PUP.DealPly) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\Programmi\DealPly\DealPlyUpdate.exe.vir (PUP.Optional.Dealply) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\Programmi\DealPly\DealPlyUpdateRun.exe.vir (PUP.Optional.Dealply) -> Spostato in quarantena ed eliminato con successo.
C:\Qoobox\Quarantine\C\Programmi\DealPly\uninst.exe.vir (PUP.Optional.Dealply) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\Installer\3a2bb0.msi (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\Installer\3a2bb8.msi (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.
C:\WINDOWS\Installer\3a2bc0.msi (PUP.Optional.SweetIM) -> Spostato in quarantena ed eliminato con successo.

(fine)



# AdwCleaner v3.018 - Report created 17/02/2014 at 10:24:07
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - PIERO-591791275
# Running from : D:\Pulizia\Programmi_PULITURA_AIUTAMICI\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Administrator\Dati applicazioni\pdfforge
File Deleted : C:\WINDOWS\Tasks\GinyasBrowserCompanion Chrome Watcher.job
File Deleted : C:\WINDOWS\Tasks\GinyasBrowserCompanion FireFox Watcher.job
File Deleted : C:\WINDOWS\Tasks\GinyasBrowserCompanion Stats Report.job
File Deleted : C:\WINDOWS\Tasks\GinyasBrowserCompanion Update Checker.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Programmi\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sweetpacks Bundle Uninstaller
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v17.0 (it)

[ File : C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\h27rd050.default-1354343879015\prefs.js ]

Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "cbcd2002-8b52-4980-a874-a1cfbcc52de5");

[ File : C:\Documents and Settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\q78431w1.default\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup
Deleted : search_url

*************************

AdwCleaner[R0].txt - [2820 octets] - [17/02/2014 10:21:43]
AdwCleaner[S0].txt - [2783 octets] - [17/02/2014 10:24:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2843 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 17/02/2014 at 11.13.28,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1715567821-1078145449-1801674531-500\Software\sweetim



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/02/2014 at 11.33.35,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 17/02/2014 at 11.13.28,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1715567821-1078145449-1801674531-500\Software\sweetim



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/02/2014 at 11.33.35,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ciao.
Mi servirebbe anche il log di OTL.
Ti pregherei di postarli come indicato a fine link.
Infine vorrei sapere se riscontri ancora problemi.

Se tutto andasse a posto, dopo i tuoi suggerimenti, cioè se dopo va tutto bene, posso io fare una copa con acronis. Grazie

Si è molto migliorato, grazie: posso adesso fare una copia con Acronis?
Di nuovo grazie. Piero