cbbusto,grazie per la collaborazione,dopo avere eseguito quanto suggerito,i filmati internet continuano a non aprirsi,flash player e installato,ti allego i log,spero in bene:
# AdwCleaner v4.104 - Rapporto creato 05/12/2014 in 00:35:46
# Aggiornato 05/12/2014 di Xplode
# Database : 2014-12-03.1 [Live]
# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Nome utente : Admin - PORTATILE
# In esecuzione da : C:\Documents and Settings\Admin\desktop\adwcleaner_4.104.exe
# Opzione : Pulisci
***** [ Servizi ] *****
[#] Servizio Eliminato : iSafeKrnlR3
[#] Servizio Eliminato : iSafeNetFilter
***** [ File / Cartelle ] *****
Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\ParetoLogic
Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Driver Mender
Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Allmyapps
Cartella Eliminato : C:\Programmi\globalUpdate
Cartella Eliminato : C:\Programmi\Systweak Support Dock
Cartella Eliminato : C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\globalUpdate
Cartella Eliminato : C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\CrashRpt
Cartella Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\Advanced System Protector
Cartella Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\DriverCure
Cartella Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\eCyber
Cartella Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\iSafe
Cartella Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\ParetoLogic
Cartella Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\Store
Cartella Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\Systweak
Cartella Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\VOPackage
Cartella Eliminato : C:\Documents and Settings\Admin\Documenti\PC Speed Maximizer
Cartella Eliminato : C:\Documents and Settings\Angelo\Dati applicazioni\Mozilla\Firefox\Profiles\o0r3ktjc.default\Extensions\searchads@instair.net
[!] Cartella Eliminato : C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
[!] Cartella Eliminato : C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Eliminato : C:\WINDOWS\Reimage.ini
File Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\WindApp.boostrap.log
File Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\Bubble Dock.installation.log
File Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\WindApp.installation.log
File Eliminato : C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\njrgnare.default-1391901049250\searchplugins\bingp.xml
***** [ Compiti ] *****
***** [ Collegamenti ] *****
Collegamento Disinfetatti : C:\Documents and Settings\Admin\Menu Avvio\Programmi\Internet Explorer.lnk
Collegamento Disinfetatti : C:\Documents and Settings\Admin\Menu Avvio\Programmi\Accessori\Utilità di sistema\Internet Explorer (nessun componente aggiuntivo).lnk
Collegamento Disinfetatti : C:\Documents and Settings\Admin\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Avvia il browser Internet Explorer.lnk
Collegamento Disinfetatti : C:\Documents and Settings\Admin\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
***** [ Registro ] *****
Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chiave Eliminati : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bubble Dock
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555955568}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566956668}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Chiave Eliminati : HKCU\Software\GlobalUpdate
Chiave Eliminati : HKCU\Software\ParetoLogic
Chiave Eliminati : HKCU\Software\Store
Chiave Eliminati : HKCU\Software\systweak
Chiave Eliminati : HKCU\Software\Reimage
Chiave Eliminati : HKLM\SOFTWARE\GlobalUpdate
Chiave Eliminati : HKLM\SOFTWARE\ParetoLogic
Chiave Eliminati : HKLM\SOFTWARE\systweak
Chiave Eliminati : HKLM\SOFTWARE\Reimage
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\windapp
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v34.0.5 (x86 it)
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("extensions.a6bd508b58edf466189eb5b5186fa62d1gmailcom63441.63441.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("extensions.a6bd508b58edf466189eb5b5186fa62d1gmailcom63441.63441.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("extensions.af80af4ec42b9429d99b04078ec7cf86444882d2088654b13b79eae8470d9a955com59568.59568.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("extensions.crossrider.bic", "146ee930cdb28f4c5722f5626ef830ff");
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("extensions.quick_start.enable_search1", false);
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("iminent.registerToolbarEvent109", "1404164400546");
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("iminent.registerToolbarEvent111", "1404164399786");
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("iminent.registerToolbarEvent112", "1404164427525");
[njrgnare.default-1391901049250\prefs.js] - Riga eliminata : user_pref("iminent.registerToolbarEvent122", "1404164400802");
-\\ Google Chrome v39.0.2171.71
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://start.facemoods.com/?f=4&a=stonicit&q={searchTerms}
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M194A26CF-D9F8-493C-9904-D95ABD37892C&SearchSource=58&CUI=&UM=5&UP=SP0DBBCE91-4E0D-4BE4-BE7F-E07E98BF709A&q={searchTerms}&SSPV=2132CH35A_sp_ch
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M194A26CF-D9F8-493C-9904-D95ABD37892C&SearchSource=58&CUI=&UM=5&UP=SP0DBBCE91-4E0D-4BE4-BE7F-E07E98BF709A&q={searchTerms}&SSPV=2132CH35A_sp_ch
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2269050
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2269050
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411651004&from=obw&uid=HitachiXHTS542512K9SA00_080209BB2200WBCZ9PWCX&q={searchTerms}
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1411651004&from=obw&uid=HitachiXHTS542512K9SA00_080209BB2200WBCZ9PWCX&q={searchTerms}
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1401804048&from=cor&uid=HitachiXHTS542512K9SA00_080209BB2200WBCZ9PWCX&q={searchTerms}
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1399582034&from=tugs&uid=HitachiXHTS542512K9SA00_080209BB2200WBCZ9PWCX&q={searchTerms}
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1399582034&from=tugs&uid=HitachiXHTS542512K9SA00_080209BB2200WBCZ9PWCX&q={searchTerms}
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://start.iminent.com/?appId=C9ECF230-D8AC-46A4-A959-A7FAC7819103&ref=toolbox&q={searchTerms}
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=342&systemid=406&sr=0&q={searchTerms}
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=406806310000000000000017c41bba0b
[C:\Documents and Settings\Admin\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Web Data] - Eliminati [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=406806310000000000000017c41bba0b
*************************
AdwCleaner[R0].txt - [23416 octets] - [30/05/2014 14:04:05]
AdwCleaner[R1].txt - [13683 octets] - [05/12/2014 00:01:46]
AdwCleaner[R2].txt - [14002 octets] - [05/12/2014 00:11:03]
AdwCleaner[S0].txt - [22829 octets] - [30/05/2014 14:06:05]
AdwCleaner[S1].txt - [14183 octets] - [05/12/2014 00:35:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14244 octets] ##########
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.50.02, on 04/12/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\Programmi\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\EscSvc.exe
C:\Programmi\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\CCleaner\CCleaner.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
https://it.yahoo.com?fr=hp-avast&type=avastbcl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://it.msn.com/?pc=UP97&ocid=UP97DHPR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
https://it.yahoo.com?fr=hp-avast&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://it.yahoo.com?fr=hp-avast&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
www.google.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
www.google.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Programmi\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - (no file)
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Programmi\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Programmi\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Programmi\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Google Update] "C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341859798656O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Programmi\AVAST Software\Avast\afwServ.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Seiko Epson Corporation - C:\WINDOWS\system32\EscSvc.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Programmi\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe
--
End of file - 7909 bytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Microsoft Windows XP x86
Ran by Admin on 05/12/2014 at 13.52.27,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util fortunitas
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544954468}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544954468}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511951168}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611341141}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Documents and Settings\Admin\Dati applicazioni\mozilla\firefox\profiles\njrgnare.default-1391901049250\minidumps [3 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/12/2014 at 13.57.31,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.orgData scansione: 04/12/2014
Ora scansione: 23.58.16
File di log: Malwarebytes.txt
Amministratore: Si
Versione: 2.00.4.1028
Database malware: v2014.12.04.11
Database rootkit: v2014.12.03.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Autoprotezione: Disattivata
SO: Windows XP Service Pack 3
CPU: x86
File system: NTFS
Utente: Admin
Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 406974
Tempo impiegato: 36 min, 45 sec
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Euristica: Attivata
PUP: Attivata
PUM: Attivata
Processi: 0
(Nessun elemento malevolo rilevato)
Moduli: 0
(Nessun elemento malevolo rilevato)
Chiavi di registro: 3
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, Spostato in quarantena, [d6054a1468149f9740f228201be89769],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Spostato in quarantena, [cd0e81dd027aae88b4f0f358b64ddf21],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Spostato in quarantena, [c912ec72275575c1cdd80a417192fc04],
Valori di registro: 0
(Nessun elemento malevolo rilevato)
Dati di registro: 0
(Nessun elemento malevolo rilevato)
Cartelle: 1
PUP.Optional.Nosibay.A, C:\Documents and Settings\Admin\Dati applicazioni\Nosibay, Spostato in quarantena, [0bd084da3b41ef474da8043f4cb7a15f],
File: 5
PUP.Optional.BubbleDock.A, C:\Documents and Settings\Admin\Impostazioni locali\temp\Bubble-Dock_ES.dat, Spostato in quarantena, [ce0d5d019ce076c098aed86d51b2f010],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\Admin\Impostazioni locali\temp\Bubble-Dock_FR.dat, Spostato in quarantena, [7863cb93017bff3782c40d388a7932ce],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\Admin\Impostazioni locali\temp\Bubble-Dock_GB.dat, Spostato in quarantena, [33a81d416f0d96a0390dde6741c26f91],
PUP.Optional.BubbleDock.A, C:\Documents and Settings\Admin\Impostazioni locali\temp\Bubble-Dock_IT.dat, Spostato in quarantena, [30ab76e8f28a3bfbe75f4401857e3cc4],
PUP.Optional.CrossRider.A, C:\Documents and Settings\Admin\Dati applicazioni\Mozilla\Firefox\Profiles\njrgnare.default-1391901049250\prefs.js, Buono: (), Cattivo (user_pref("extensions.crossrider.bic", "146ee930cdb28f4c5722f5626ef830ff");), Sostituito,[af2c07571e5eaa8cff389cfd3ec7e020]
Settori fisici: 0
(Nessun elemento malevolo rilevato)
(end)