Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.04.00, on 13/05/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Programmi\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG2013\avgidsagent.exe
C:\Programmi\AVG\AVG2013\avgwdsvc.exe
C:\Programmi\AVG\AVG2013\avgnsx.exe
C:\Programmi\AVG\AVG2013\avgemcx.exe
C:\Programmi\Common

Files\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Telecom

Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom

Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cchservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\cc32\webtmr.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Microsoft

Office\Office12\GrooveMonitor.exe
C:\Programmi\AVG\AVG2013\avgui.exe
C:\Programmi\Samsung\Kies\KiesTrayAgent.exe
C:\Programmi\Manutenzione PC\Glary

Utilities\memdefrag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Tray\wintmr.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleT

oolbarNotifier.exe
C:\Programmi\X'nBeep 1.1\XnBeep.exe
C:\Programmi\Samsung\Kies\External\FirmwareUpda

te\KiesPDLR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\REALTEK\11n USB Wireless LAN

Utility\RtWLan.exe
C:\Programmi\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All

Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\ChatZum

Toolbar\tbunsx32D3.tmp\TbHelper2.exe
C:\Programmi\Microsoft

Office\Office12\WINWORD.EXE
C:\Programmi\Microsoft\Office

Live\OfficeLiveSignIn.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://notizie.it.msn.com/sport/
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://search.chatzum.com/?orig=HP&affid=62&cztbi

d=1137811613
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Windows Internet

Explorer fornito da MSN Sport
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) -

{02478D38-C3F9-4efb-9B51-7695ECA05670} - (no

file)
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -

C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine -

{30F9B915-B755-4826-820B-08FBA6BD249D} -

C:\Programmi\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no

file)
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -

{5C255C8A-E604-49b4-9D64-90988571CECB} - (no

file)
O2 - BHO: Search Helper -

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -

C:\Programmi\Microsoft\Search Enhancement

Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper -

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\Programmi\Microsoft

Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live -

{9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Programmi\File comuni\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227

.1100\swg.dll
O2 - BHO: WOT Helper -

{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -

C:\Programmi\WOT\WOT.dll
O2 - BHO: Windows Live Toolbar Helper -

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -

C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) -

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no

file)
O3 - Toolbar: (no name) -

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no

file)
O3 - Toolbar: &Windows Live Toolbar -

{21FA44EF-376D-4D53-9B0F-8A89D3229068} -

C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ChatZum Toolbar -

{1BB22D38-A411-4B13-A746-C2A4F4EC7344} -

C:\Programmi\ChatZum

Toolbar\tbunsx32D3.tmp\tbcore3.dll
O3 - Toolbar: WOT -

{71576546-354D-41c9-AAE8-31F2EC22BF0D} -

C:\Programmi\WOT\WOT.dll
O4 - HKLM\..\Run: [ChicoSys]

C:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [VX3000 - WEB CAM]

C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [Synchronization Manager]

%SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LifeCam - WEB CAM]

"C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ChicoSys - CILD CONTROL]

C:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKLM\..\Run: [ATIPTA - PROCESSO SCHEDA

GRAFICA] C:\Programmi\ATI Technologies\ATI

Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC - SCHEDA GRAFICA]

"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe"

runtime -Delay
O4 - HKLM\..\Run: [Cmaudio] RunDll32

cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck]

C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PosService] C:\Documents and

Settings\All

Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File

comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor]

"C:\Programmi\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_UI]

"C:\Programmi\AVG\AVG2013\avgui.exe"

/TRAYONLY
O4 - HKLM\..\Run: [KiesTrayAgent]

C:\Programmi\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer]

"C:\Programmi\Manutenzione PC\Glary

Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCWinTray]

C:\WINDOWS\Tray\wintmr.exe
O4 - HKCU\..\Run: [swg]

"C:\Programmi\Google\GoogleToolbarNotifier\Google

ToolbarNotifier.exe"
O4 - HKCU\..\Run: [X'nBeep] C:\Programmi\X'nBeep

1.1\XnBeep.exe
O4 - HKCU\..\Run: []

C:\Programmi\Samsung\Kies\External\FirmwareUpda

te\KiesPDLR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User

'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User

'SERVIZIO DI RETE')
O4 - Startup: PandaUSBVaccine.lnk =

C:\Programmi\Panda USB Vaccine\USBVaccine.exe
O4 - Global Startup: REALTEK 11n USB Wireless

LAN Utility.lnk = C:\Programmi\REALTEK\11n USB

Wireless LAN Utility\RtWLan.exe
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search

- res://C:\Programmi\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live

Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft

Excel -

res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EX

E/3000
O8 - Extra context menu item: Scarica con Free

Download Manager - file://C:\Programmi\Free

Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con

Free Download Manager - file://C:\Programmi\Free

Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con

Free Download Manager - file://C:\Programmi\Free

Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free

Download Manager - file://C:\Programmi\Free

Download Manager\dlall.htm
O9 - Extra button: Inserisci blog -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Programmi\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in

Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Programmi\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote -

{2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche -

{9455301C-CF6B-11D3-A266-00C04F689C50} -

C:\Programmi\File comuni\Microsoft Shared\Encarta

Researcher\EROPROJ.DLL
O9 - Extra button: (no name) -

{B205A35E-1FC4-4CE3-818B-899DBBB3388C} -

C:\Programmi\File comuni\Microsoft Shared\Encarta

Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &

Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF:

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedContent/v

c/bin/AvSniff.cab
O16 - DPF:

{644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/c

ommon/bin/cabsa.cab
O16 - DPF:

{784797A8-342D-4072-9486-03C8D0F2F0A1}

(Battlefield Heroes Updater) -

http://www.battlefieldheroes.com/static/updater/BFH

Updater_5.0.196.0.cab
O16 - DPF:

{9122D757-5A4F-4768-82C5-B4171D8556A7}

(PhotoPickConvert Class) -

http://appdirectory.messenger.msn.com/AppDirectory

/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF:

{D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -
O16 - DPF:

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp

.cab
O18 - Protocol: grooveLocalGWS -

{88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\Programmi\Microsoft

Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wot -

{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -

C:\Programmi\WOT\WOT.dll
O22 - SharedTaskScheduler: Precaricatore Browseui

- {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle

categorie di componenti -

{8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies

CZ, s.r.o. -

C:\Programmi\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG

Technologies CZ, s.r.o. -

C:\Programmi\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Servizio di Google Update (gupdate)

(gupdate) - Google Inc. -

C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem)

(gupdatem) - Google Inc. -

C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpSC - SoftwareUpdService -

C:\Documents and Settings\FABI\Impostazioni

locali\Dati

applicazioni\SoftwareUpdater\SoftwareUpdService.ex

e
O23 - Service: McciCMService - Alcatel-Lucent -

C:\Programmi\Common

Files\Motive\McciCMService.exe
O23 - Service: Network WanMiniport First Position -

Unknown owner - C:\Programmi\Telecom

Italia\WanMiniport1st\srvany.exe
O23 - Service: PnkBstrA - Unknown owner -

C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner -

C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. -

C:\Programmi\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: Windows-CCHook-Service - Salfeld

Computer - C:\WINDOWS\system32\cchservice.exe

--
End of file - 12967 bytes

Hai messo un log illeggibile, sei infetto da ChatZum e altri dirottatori, devi aggiornare il service Pack e installare il SP 3 altrimenti il sistema non è protetto.
Poi fai questa scansione:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Elimina", non cliccare su Cerca.
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Dopo rifai una scansione con HJT e posta il log aggiornato, il log devi copiarlo come ti viene proposto in mobo da riempire la pagina altrimenti non si legge bene.
Poi devi dire che problemi ha il pc.
Ci risentiamo questa sera. Ciao