ChinaHxC
12-12-2008, 01:15
Sono alcuni giorni che antivir mi trova alcuni virus, questo è il log:
Avira AntiVir Personal
Report file date: lunedì 30 novembre 2009 21:34
Scanning for 1060765 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CAO
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 30/11/2009 20:32:46
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 20:32:47
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 20:32:47
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 20:32:47
ANTIVIR3.VDF : 7.1.0.161 2048 Bytes 30/11/2008 20:32:47
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 30/11/2009 20:32:47
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 30/11/2009 20:32:47
AESCN.DLL : 8.1.1.5 123251 Bytes 30/11/2009 20:32:47
AERDL.DLL : 8.1.1.3 438645 Bytes 30/11/2009 20:32:47
AEPACK.DLL : 8.1.3.4 393591 Bytes 30/11/2009 20:32:47
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 30/11/2009 20:32:47
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 30/11/2009 20:32:47
AEHELP.DLL : 8.1.2.0 119159 Bytes 30/11/2009 20:32:47
AEGEN.DLL : 8.1.1.6 323955 Bytes 30/11/2009 20:32:47
AEEMU.DLL : 8.1.0.9 393588 Bytes 30/11/2009 20:32:47
AECORE.DLL : 8.1.5.2 172405 Bytes 30/11/2009 20:32:47
AEBB.DLL : 8.1.0.3 53618 Bytes 30/11/2009 20:32:47
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 30/11/2009 20:32:47
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lunedì 30 novembre 2009 21:34
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'NotiMan.exe' - '1' Module(s) have been scanned
Scan process 'CTXFISPI.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'InstantAccess.exe' - '1' Module(s) have been scanned
Scan process 'VolPanel.exe' - '1' Module(s) have been scanned
Scan process 'CTXFIHLP.EXE' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'VM_STI.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DLLML.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Smc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '60' files ).
Starting the file scan:
Begin scan in 'C:\' <Sistema e programmi>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Yuè\qggocdxx.exe
[DETECTION] Is the TR/Dialer.dgx Trojan
[NOTE] A backup was created as '4b7b2d0f.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java.jar-21859ece-3752413a.zip
[0] Archive type: ZIP
--> javajava/Java.class
[DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan
[NOTE] A backup was created as '4b8a2d33.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java.jar-49778323-4e742a73.zip
[0] Archive type: ZIP
--> javajava/Java.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.G Java virus
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.G Java virus
[NOTE] A backup was created as '4a19526c.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Impostazioni locali\Temp\Setup+Patch.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] A backup was created as '4b882d62.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Impostazioni locali\Temp\TEMP01.RAR
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] A backup was created as '4b612d42.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Impostazioni locali\Temporary Internet Files\Content.IE5\S927CPEF\wuweb_site[1].cab
[0] Archive type: CAB (Microsoft)
--> wuweb.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{440ABA4C-8298-465C-BF84-59E32177BD6F}\RP718\A0076687.exe
[DETECTION] Is the TR/Dialer.dgx Trojan
[NOTE] A backup was created as '4b44315e.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\dllhosts.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\doskeys.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] A backup was created as '4b873209.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'D:\'
Begin scan in 'E:\' <Documenti>
E:\Emule\Incoming\JOpt.NET_-_Transport_Optimizer_2.0.5_[Key+Serial].zip
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.ael Trojan
[NOTE] A backup was created as '4b84329d.qua' ( QUARANTINE )
[NOTE] The file was deleted!
E:\Emule\Incoming\Nod 32-Ultima Versione,Perfetto Scadenza Infinita-Compatibile Con Vista.rar
[0] Archive type: RAR
--> nod 32-ultima versione,perfetto scadenza infinita-compatibile con vista\NOD32.FiX.v2.2.exe
[DETECTION] Is the TR/Dropp.D Trojan
[NOTE] A backup was created as '4b7832cd.qua' ( QUARANTINE )
[NOTE] The file was deleted!
E:\Emule\Incoming\[PC AUDIO] Cubase SX3 v3.01.514 FUNZIONANTE + CRACK VERO!!!! by Dolphin DJ.rar
[0] Archive type: RAR
--> Steinberg Cubase SX3 v3.01.514\Cubase SX 3.01.514 Update and Crack\SYNSOACC.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file could not be copied to the quarantine directory.
[WARNING] Failed!
[NOTE] The file was deleted!
E:\Programmi utili\Steinberg Cubase SX3 v3.01.514\Cubase SX 3.01.514 Update and Crack\SYNSOACC.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '4b623664.qua' ( QUARANTINE )
[NOTE] The file was deleted!
End of the scan: lunedì 30 novembre 2009 22:16
Used time: 41:46 Minute(s)
The scan has been done completely.
10513 Scanning directories
272936 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
11 files were deleted
0 files were repaired
10 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
272922 Files not concerned
2269 Archives were scanned
4 Warnings
11 Notes
mentre questo è il log di hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.29.58, on 12/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\netdde.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmi\Creative\ShareDLL\CADI\NotiMan.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Programmi\PrevxCSI\prevxcsi.exe
C:\Programmi\PrevxCSI\prevxcsi.exe
C:\Programmi\Mozilla Firefox\firefox.exe
E:\File Ricevuti\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sygate.com/swat/support/spf50_reg.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Programmi\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Programmi\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Yuè\Dati applicazioni\Mozilla\Firefox\Profiles\i1zdyc9e.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Yuè\Dati applicazioni\Mozilla\Firefox\Profiles/i1zdyc9e.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Programmi\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Programmi\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Programmi\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Programmi\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Programmi\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Programmi\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Programmi\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Programmi\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\smc.exe
--
End of file - 10801 bytes
grazie per l'aiuto.
Avira AntiVir Personal
Report file date: lunedì 30 novembre 2009 21:34
Scanning for 1060765 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CAO
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 30/11/2009 20:32:46
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 20:32:47
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 20:32:47
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 20:32:47
ANTIVIR3.VDF : 7.1.0.161 2048 Bytes 30/11/2008 20:32:47
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 30/11/2009 20:32:47
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 30/11/2009 20:32:47
AESCN.DLL : 8.1.1.5 123251 Bytes 30/11/2009 20:32:47
AERDL.DLL : 8.1.1.3 438645 Bytes 30/11/2009 20:32:47
AEPACK.DLL : 8.1.3.4 393591 Bytes 30/11/2009 20:32:47
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 30/11/2009 20:32:47
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 30/11/2009 20:32:47
AEHELP.DLL : 8.1.2.0 119159 Bytes 30/11/2009 20:32:47
AEGEN.DLL : 8.1.1.6 323955 Bytes 30/11/2009 20:32:47
AEEMU.DLL : 8.1.0.9 393588 Bytes 30/11/2009 20:32:47
AECORE.DLL : 8.1.5.2 172405 Bytes 30/11/2009 20:32:47
AEBB.DLL : 8.1.0.3 53618 Bytes 30/11/2009 20:32:47
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 30/11/2009 20:32:47
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lunedì 30 novembre 2009 21:34
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'NotiMan.exe' - '1' Module(s) have been scanned
Scan process 'CTXFISPI.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'InstantAccess.exe' - '1' Module(s) have been scanned
Scan process 'VolPanel.exe' - '1' Module(s) have been scanned
Scan process 'CTXFIHLP.EXE' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'VM_STI.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DLLML.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Smc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '60' files ).
Starting the file scan:
Begin scan in 'C:\' <Sistema e programmi>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Yuè\qggocdxx.exe
[DETECTION] Is the TR/Dialer.dgx Trojan
[NOTE] A backup was created as '4b7b2d0f.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java.jar-21859ece-3752413a.zip
[0] Archive type: ZIP
--> javajava/Java.class
[DETECTION] Is the TR/Dldr.Java.OpenConnection.AQ Trojan
[NOTE] A backup was created as '4b8a2d33.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\jar\Java.jar-49778323-4e742a73.zip
[0] Archive type: ZIP
--> javajava/Java.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.G Java virus
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.G Java virus
[NOTE] A backup was created as '4a19526c.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Impostazioni locali\Temp\Setup+Patch.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] A backup was created as '4b882d62.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Impostazioni locali\Temp\TEMP01.RAR
[0] Archive type: CAB (Microsoft)
--> Setup+Patch.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] A backup was created as '4b612d42.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\Yuè\Impostazioni locali\Temporary Internet Files\Content.IE5\S927CPEF\wuweb_site[1].cab
[0] Archive type: CAB (Microsoft)
--> wuweb.inf
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{440ABA4C-8298-465C-BF84-59E32177BD6F}\RP718\A0076687.exe
[DETECTION] Is the TR/Dialer.dgx Trojan
[NOTE] A backup was created as '4b44315e.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\dllhosts.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\doskeys.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] A backup was created as '4b873209.qua' ( QUARANTINE )
[NOTE] The file was deleted!
Begin scan in 'D:\'
Begin scan in 'E:\' <Documenti>
E:\Emule\Incoming\JOpt.NET_-_Transport_Optimizer_2.0.5_[Key+Serial].zip
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Is the TR/Dldr.Bagle.ael Trojan
[NOTE] A backup was created as '4b84329d.qua' ( QUARANTINE )
[NOTE] The file was deleted!
E:\Emule\Incoming\Nod 32-Ultima Versione,Perfetto Scadenza Infinita-Compatibile Con Vista.rar
[0] Archive type: RAR
--> nod 32-ultima versione,perfetto scadenza infinita-compatibile con vista\NOD32.FiX.v2.2.exe
[DETECTION] Is the TR/Dropp.D Trojan
[NOTE] A backup was created as '4b7832cd.qua' ( QUARANTINE )
[NOTE] The file was deleted!
E:\Emule\Incoming\[PC AUDIO] Cubase SX3 v3.01.514 FUNZIONANTE + CRACK VERO!!!! by Dolphin DJ.rar
[0] Archive type: RAR
--> Steinberg Cubase SX3 v3.01.514\Cubase SX 3.01.514 Update and Crack\SYNSOACC.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file could not be copied to the quarantine directory.
[WARNING] Failed!
[NOTE] The file was deleted!
E:\Programmi utili\Steinberg Cubase SX3 v3.01.514\Cubase SX 3.01.514 Update and Crack\SYNSOACC.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '4b623664.qua' ( QUARANTINE )
[NOTE] The file was deleted!
End of the scan: lunedì 30 novembre 2009 22:16
Used time: 41:46 Minute(s)
The scan has been done completely.
10513 Scanning directories
272936 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
11 files were deleted
0 files were repaired
10 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
272922 Files not concerned
2269 Archives were scanned
4 Warnings
11 Notes
mentre questo è il log di hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.29.58, on 12/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\netdde.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programmi\Creative\ShareDLL\CADI\NotiMan.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\AdunanzA\eMule_AdnzA.exe
C:\Programmi\PrevxCSI\prevxcsi.exe
C:\Programmi\PrevxCSI\prevxcsi.exe
C:\Programmi\Mozilla Firefox\firefox.exe
E:\File Ricevuti\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sygate.com/swat/support/spf50_reg.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Programmi\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Programmi\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RCSystem] "C:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Programmi\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Yuè\Dati applicazioni\Mozilla\Firefox\Profiles\i1zdyc9e.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Yuè\Dati applicazioni\Mozilla\Firefox\Profiles/i1zdyc9e.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Programmi\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Programmi\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Programmi\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Programmi\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Programmi\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Programmi\Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Programmi\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: Æô¶¯Ñ¸À×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Programmi\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\PrevxCSI\prevxcsi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\smc.exe
--
End of file - 10801 bytes
grazie per l'aiuto.