Io ho già effettuato la scansione con antimalware però ho già cancellato tutte le infezioni che ha trovato..comunque sotto vi ho postato il log.
C'è un file che continua ad apparire in continuazione e non riesco ad eliminare ed è : "ofufgldx.exe ma non è l'unico..come posso fare ad eliminarlo? Intanto grazie per la disponibilità


questo è il log di hijack this (versione aggiornata)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.59.01, on 04/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\fonts\services.exe
C:\Programmi\Safari\Safari.exe
C:\ofufgldx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\WINDOWS\system32\mssobw.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\mszhtbzq.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [17150] C:\ofufgldx.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mstkhwpa.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\jfg6dsodz1.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\WINDOWS\TEMP\jfg6dsodz1.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Marco Restuccia\reader_s.exe (User 'Default user')
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [searching] Ricerca dalla barra degli indirizzi
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\257859427mxx.dll
O22 - SharedTaskScheduler: Delayed Applications Handler - {5FFD4A60-C328-128D-44EB-21D258091D15} - C:\WINDOWS\System32\delaybuf.dll (file missing)
O22 - SharedTaskScheduler: DDE Module - {303F44D5-5FEA-4509-ABDE-5E00C3F2125A} - C:\WINDOWS\System32\hun32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Servizio trasferimento intelligente in background (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5305 bytes



questo è quello di antimalware
Malwarebytes' Anti-Malware 1.38
Versione del database: 2297
Windows 5.1.2600 Service Pack 2

04/07/2009 13.45.48
mbam-log-2009-07-04 (13-45-48).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 279604
Tempo trascorso: 35 minute(s), 0 second(s)

Processi delle memoria infetti: 3
Moduli della memoria infetti: 1
Chiavi di registro infette: 33
Valori di registro infetti: 28
Elementi dato del registro infetti: 7
Cartelle infette: 1
File infetti: 122

Processi delle memoria infetti:
C:\Documents and Settings\Marco Restuccia\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
c:\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\FONTS\services.exe (Worm.Archive) -> Unloaded process successfully.

Moduli della memoria infetti:
C:\WINDOWS\SYSTEM32\gsf83iujid.dll (Trojan.Ertfor) -> Delete on reboot.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\foxie.foxiecore (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxiecore.1 (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxiesecuritymodule (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxiesecuritymodule.1 (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxietoolbar (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxietoolbar.1 (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.httpfilter (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.httpfilter.1 (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4879d63c-c3cc-42cc-9d1c-e861b42d0a5c} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5fba0f92-abe8-421c-992e-2a85db9910c1} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6db1d8a4-3493-4414-9fd2-3924617491b5} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72fc8424-86d6-4100-8846-ff211f275897} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{96eb9c1c-140f-44d8-8674-840b318b7e0b} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09c02180-3b46-4cd8-83ff-34daf442bdef} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b18fd94-2904-4aa0-ad63-7231d59e63a2} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{53b8b576-27ef-4cf5-ad81-0487f96bf21f} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{618d0948-6cd1-4129-9fdb-221a7f973f37} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\URLSearchHook.SoftomateURLSearchHook (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FoxIE (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FoxIE (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cleanup (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{306bbb66-d9e4-4481-833e-c1d5fca06774} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{546e08aa-809f-4f1a-be1a-6b122ebfcd5a} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{61039b22-563d-4922-b844-b076c318a66a} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{e4143585-2688-4ebc-b264-27c774f600d5} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Backdoor.ProRat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page_bak (Hijack.Search) -> Bad: (http://www.idgsearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page_bak (Hijack.Search) -> Bad: (http://www.idgsearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully.

Cartelle infette:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

File infetti:
C:\WINDOWS\SYSTEM32\gsf83iujid.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\fdvjfx.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\stfqqym.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\furvsh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\blu.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\msncache.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\DRIVERS\protect.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\menu avvio\programmi\esecuzione automatica\fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\iytr5252xxbfjmbe33w3756uss44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\~TMB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\~TM54EA3A.TMP (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\039.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\917.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\402.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\928.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\jdethtt22jysty234rjwg34g4346.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\386.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\404.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM2E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\e5ujjkrdjsryjsr6i64ikrjhde46.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\500.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\temporary internet files\Content.IE5\V7483Z22\aasuper1[1].htm (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\temporary internet files\Content.IE5\V7483Z22\aasuper3[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\temporary internet files\Content.IE5\P4FKXJ0X\aasuper2[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-035248-947-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-095508-293-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-111259-862-zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-111259-188-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-111437-101-zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-111437-967-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-120045-394-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-120045-938-zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-121044-242-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\065.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\~TMF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\~TM16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\fhkutyd42jnh4rikdtyjnghjn44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\temporary internet files\Content.IE5\85SATJ6Z\aasuper1[1].htm (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\temporary internet files\Content.IE5\6LK4ON3G\aasuper2[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\temporary internet files\Content.IE5\JKIV8FS8\aasuper3[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\temporary internet files\Content.IE5\STM70PE3\bb090621[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu avvio\programmi\esecuzione automatica\fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu avvio\programmi\esecuzione automatica\zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP0\A0000016.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP2\A0000378.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP2\A0000379.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP5\A0002243.EXE (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP5\A0002244.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP5\A0002248.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002257.EXE (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002262.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002279.EXE (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002301.EXE (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002307.EXE (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002324.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002329.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002345.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002353.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002359.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002360.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002368.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002381.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002387.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002388.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002389.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Recycled\Dc2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Recycled\Dc3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Recycled\Dc4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-9525935056-3312405630-896001788-1305\wnzip32.exe (Backdoor.SdBot) -> Delete on reboot.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\services.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\reader_s.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\glaide32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Marco Restuccia\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Administrator\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\wpv651245692744.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\wpv151245604880.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\wpv821245692744.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tpsaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\TEMP\rsyncini.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\FONTS\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\FONTS\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TASKS\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\FONTS\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\rtv_winupd.exe (Virus.Sality) -> Quarantined and deleted successfully.
C:\WINDOWS\TASKS\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Marco Restuccia\Dati applicazioni\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Administrator\Dati applicazioni\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Marco Restuccia\Dati applicazioni\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Administrator\Dati applicazioni\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

no il computer lo avevo già riavviato dopo aver cancellato i files di antimalware..quindi il log di hijack che ho postato poco fa è quello in seguito al riavvio

L o g f i l e o f T h e A v e n g e r V e r s i o n 2 . 0 , ( c ) b y S w a n d o g 4 6

h t t p : / / s w a n d o g 4 6 . g e e k s t o g o . c o m



P l a t f o r m : W i n d o w s X P



* * * * * * * * * * * * * * * * * * *



S c r i p t f i l e o p e n e d s u c c e s s f u l l y .

S c r i p t f i l e r e a d s u c c e s s f u l l y .



B a c k u p s d i r e c t o r y o p e n e d s u c c e s s f u l l y a t C : \ A v e n g e r



* * * * * * * * * * * * * * * * * * *



B e g i n n i n g t o p r o c e s s s c r i p t f i l e :



F i l e " C : \ W I N D O W S \ f o n t s \ s e r v i c e s . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ W I N D O W S \ s e r v i c e s . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ o f u f g l d x . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ W I N D O W S \ s y s t e m 3 2 \ m s s o b w . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ W I N D O W S \ s y s t e m 3 2 \ m s z h t b z q . e x e " d e l e t e d s u c c e s s f u l l y .



E r r o r : f i l e " C : \ o f u f g l d x . e x e " n o t f o u n d !

D e l e t i o n o f f i l e " C : \ o f u f g l d x . e x e " f a i l e d !

S t a t u s : 0 x c 0 0 0 0 0 3 4 ( S T A T U S _ O B J E C T _ N A M E _ N O T _ F O U N D )

- - > t h e o b j e c t d o e s n o t e x i s t



F i l e " C : \ W I N D O W S \ s y s t e m 3 2 \ m s t k h w p a . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ W I N D O W S \ T E M P \ j f g 6 d s o d z 1 . e x e " d e l e t e d s u c c e s s f u l l y .



E r r o r : f i l e " C : \ D O C U M E ~ 1 \ A D M I N I ~ 1 \ I M P O S T ~ 1 \ T e m p \ 2 5 7 8 5 9 4 2 7 m x x . d l l " n o t f o u n d !

D e l e t i o n o f f i l e " C : \ D O C U M E ~ 1 \ A D M I N I ~ 1 \ I M P O S T ~ 1 \ T e m p \ 2 5 7 8 5 9 4 2 7 m x x . d l l " f a i l e d !

S t a t u s : 0 x c 0 0 0 0 0 3 4 ( S T A T U S _ O B J E C T _ N A M E _ N O T _ F O U N D )

- - > t h e o b j e c t d o e s n o t e x i s t





C o m p l e t e d s c r i p t p r o c e s s i n g .



* * * * * * * * * * * * * * * * * * *



F i n i s h e d ! T e r m i n a t e .

vai in provvisoria, fixa le righe che ti ho indicato - torna in modalita' normale - riesegui hjt e postami un nuovo log