Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22.25.53, on 10/11/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)


Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Programmi\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\1Password\Agile1pService.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
C:\Programmi\AVG\AVG2015\avgidsagent.exe
C:\Programmi\AVG\AVG2015\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\PDF Architect\HelperService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\PDF Architect\ConversionService.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Programmi\AVG\AVG2015\avgnsx.exe
C:\Programmi\AVG\AVG2015\avgemcx.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\AVG\AVG2015\avgui.exe
C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\Microsoft Office\Office\POWERPNT.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Programmi\Epocware\Handy Safe Desktop\Safe.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\Documents and Settings\Marcello\Desktop\HijackThisPortable\HijackThisPortable.exe
C:\Documents and Settings\Marcello\Desktop\HijackThisPortable\App\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - (no file)
O2 - BHO: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Programmi\1Password\Agile1pIE.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Programmi\File comuni\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programmi\File comuni\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Programmi\1Password\Agile1pIE.dll
O9 - Extra 'Tools' menuitem: 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Programmi\1Password\Agile1pIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {97A76F1C-61F7-4D96-B0C3-2E118DC71793} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: 1Password (Agile1Password) - AgileBits - C:\Programmi\1Password\Agile1pService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: YAC Service (iSafeService) - Unknown owner - C:\Programmi\Elex-tech\YAC\iSafeSvc.exe (file missing)
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Programmi\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Programmi\PDF Architect\ConversionService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Programmi\Sony\Sony PC Companion\PCCService.exe
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe (file missing)

--
End of file - 9063 bytes

Conosci questi programmi ?
C:\Programmi\1Password\Agile1pService.exe
C:\Programmi\PDF Architect\HelperService.exe
Se non li hai messi tu, eliminali.
Aggiorna java all'ultima vs dal sito.
Poi fai queste scansioni:

1)Scarica ed installa MalwareBytes: scarica la versione Gratis non la Premium
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema. (NON veloce)
Elimina gli eventuali file infetti trovati. (li devi selezionare, e poi cliccare su "Rimuovi selezionati")
Posta il log.

2)Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

3)Scarica Junkware Removal Tool sul desktop.
http://www.majorgeeks.com/mg/get/junkware_removal_tool,1.html
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.

Fai una pulizia con Ccleaner compreso il Registro, per il registro spunta tutte le voci, acconsenti al backup quando richiesto.
Prima della pulizia vai nel menu Opzioni- Avanzate e togli la spunta alla voce: Elimina file in windows temp solo se più vecchi di 24 ore.
Fai sapere come va. Ciao

hai provato con il ripristino del browser?

Mi hai anticipato, lo stavo scrivendo.

OK tutto a posto. Se il pc va bene abbiamo finito. Ciao