ok lo posto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31: VIRUS ALERT!, on 10/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\Rundll32.exe
D:\WINDOWS\AGRSMMSG.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
D:\Programmi\Winamp\winampa.exe
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\drivers\mqtgsvc.exe
D:\WINDOWS\explorer.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=D:\WINDOWS\System32\drivers\mqtgsvc.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {cc064e91-00ab-c2cb-fd04-835ca802aa7e} - {e7aa208a-c538-40df-bc2c-ba0019e460cc} - D:\WINDOWS\system32\lldvcp.dll
O2 - BHO: QXK Olive - {FAE4014F-F726-4FFC-B9C4-952A1A747E47} - D:\WINDOWS\vmgspntbtlp.dll
O3 - Toolbar: fqbewlna - {EB6ABD3D-F2E7-4807-B9B6-F62AE3021A17} - D:\WINDOWS\fqbewlna.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [WinampAgent] D:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [] xe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] D:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [] xe
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] D:\WINDOWS\mqtgsvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] D:\WINDOWS\System32\drivers\esentutl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] D:\DOCUME~1\Andrea\DATIAP~1\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] D:\DOCUME~1\Andrea\DATIAP~1\spoolsv.exe /waitservice (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = D:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = D:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&sporta in Microsoft Excel -
res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Download &Express - D:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: cfzbji.dll lldvcp.dll
O21 - SSODL: mgxfebsq - {7EBA89A5-2DB4-4E7B-BF94-05FD4BE7A019} - D:\WINDOWS\mgxfebsq.dll
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
--
End of file - 5524 bytes
grazie mille per l'aiuto