Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Vi prego aiutatemi che sono in crisi Opzioni
markos84
Inviato: Saturday, July 04, 2009 11:29:28 AM
Rank: Member

Iscritto dal : 12/27/2005
Posts: 9
Volevo chiedervi un aiuto urgente visto che da ieri il mio pc è pieno di virus..ho provato già ad eliminare alcune voci con hijackthis ma neanche dalla modalità provvisoria me le fa eliminare e sono:
O4 - Startup: zqosys32.exe
O4 - Startup: fmnupd32.exe
ma anche altre
Spero in un vostro aiuto..grazie 1000





Logfile of HijackThis v1.99.1
Scan saved at 11.22.30, on 04/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\fonts\services.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\DOCUME~1\MARCOR~1\IMPOST~1\Temp\otz2cjdn.exe
C:\DOCUME~1\MARCOR~1\IMPOST~1\Temp\otz2cjdn.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Marco Restuccia\reader_s.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
c:\ofufgldx.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msdzkd.exe
C:\Documents and Settings\Marco Restuccia\Desktop\HijackThis.exe
C:\WINDOWS\fonts\services.exe
c:\lsass.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\WINDOWS\system32\mstqcxo.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msubm.exe
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [5950] c:\ofufgldx.exe
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\MARCOR~1\IMPOST~1\Temp\otz2cjdn.exe
O4 - Startup: zqosys32.exe
O4 - Startup: fmnupd32.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [searching] Ricerca dalla barra degli indirizzi
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: ,C:\DOCUME~1\MARCOR~1\IMPOST~1\Temp\4899843443mxx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Servizio trasferimento intelligente in background (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lich - Unknown owner - C:\WINDOWS\system32\lich.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: sopidkc Service (sopidkc) - NewYork Lt - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)

Sponsor
Inviato: Saturday, July 04, 2009 11:29:28 AM

 
shapiro
Inviato: Saturday, July 04, 2009 1:40:18 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

hai una vecchia edizione di hijackthis..scarica la piu' recente da qui

http://www.aiutamici.com/software?ID=11175

fai una scansione del sistema con Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum

Quando hai finito posta i due log, quello di malwarebytes e quello di hjt, la versione aggiornata


markos84
Inviato: Saturday, July 04, 2009 2:04:30 PM
Rank: Member

Iscritto dal : 12/27/2005
Posts: 9
Io ho già effettuato la scansione con antimalware però ho già cancellato tutte le infezioni che ha trovato..comunque sotto vi ho postato il log.
C'è un file che continua ad apparire in continuazione e non riesco ad eliminare ed è : "ofufgldx.exe ma non è l'unico..come posso fare ad eliminarlo? Intanto grazie per la disponibilità


questo è il log di hijack this (versione aggiornata)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.59.01, on 04/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\fonts\services.exe
C:\Programmi\Safari\Safari.exe
C:\ofufgldx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\WINDOWS\system32\mssobw.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\mszhtbzq.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [17150] C:\ofufgldx.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mstkhwpa.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\jfg6dsodz1.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\WINDOWS\TEMP\jfg6dsodz1.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Marco Restuccia\reader_s.exe (User 'Default user')
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [searching] Ricerca dalla barra degli indirizzi
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\257859427mxx.dll
O22 - SharedTaskScheduler: Delayed Applications Handler - {5FFD4A60-C328-128D-44EB-21D258091D15} - C:\WINDOWS\System32\delaybuf.dll (file missing)
O22 - SharedTaskScheduler: DDE Module - {303F44D5-5FEA-4509-ABDE-5E00C3F2125A} - C:\WINDOWS\System32\hun32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Servizio trasferimento intelligente in background (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5305 bytes



questo è quello di antimalware
Malwarebytes' Anti-Malware 1.38
Versione del database: 2297
Windows 5.1.2600 Service Pack 2

04/07/2009 13.45.48
mbam-log-2009-07-04 (13-45-48).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 279604
Tempo trascorso: 35 minute(s), 0 second(s)

Processi delle memoria infetti: 3
Moduli della memoria infetti: 1
Chiavi di registro infette: 33
Valori di registro infetti: 28
Elementi dato del registro infetti: 7
Cartelle infette: 1
File infetti: 122

Processi delle memoria infetti:
C:\Documents and Settings\Marco Restuccia\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
c:\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\FONTS\services.exe (Worm.Archive) -> Unloaded process successfully.

Moduli della memoria infetti:
C:\WINDOWS\SYSTEM32\gsf83iujid.dll (Trojan.Ertfor) -> Delete on reboot.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\foxie.foxiecore (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxiecore.1 (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxiesecuritymodule (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxiesecuritymodule.1 (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxietoolbar (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.foxietoolbar.1 (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.httpfilter (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\foxie.httpfilter.1 (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4879d63c-c3cc-42cc-9d1c-e861b42d0a5c} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5fba0f92-abe8-421c-992e-2a85db9910c1} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6db1d8a4-3493-4414-9fd2-3924617491b5} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72fc8424-86d6-4100-8846-ff211f275897} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{96eb9c1c-140f-44d8-8674-840b318b7e0b} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09c02180-3b46-4cd8-83ff-34daf442bdef} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b18fd94-2904-4aa0-ad63-7231d59e63a2} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{53b8b576-27ef-4cf5-ad81-0487f96bf21f} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{618d0948-6cd1-4129-9fdb-221a7f973f37} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sopidkc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\glaide32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\URLSearchHook.SoftomateURLSearchHook (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FoxIE (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FoxIE (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cleanup (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{306bbb66-d9e4-4481-833e-c1d5fca06774} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{546e08aa-809f-4f1a-be1a-6b122ebfcd5a} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{61039b22-563d-4922-b844-b076c318a66a} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{e4143585-2688-4ebc-b264-27c774f600d5} (Rogue.Foxie) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services (Backdoor.ProRat) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page_bak (Hijack.Search) -> Bad: (http://www.idgsearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page_bak (Hijack.Search) -> Bad: (http://www.idgsearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully.

Cartelle infette:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Quarantined and deleted successfully.

File infetti:
C:\WINDOWS\SYSTEM32\gsf83iujid.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\fdvjfx.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\stfqqym.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\furvsh.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\blu.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\msncache.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\DRIVERS\protect.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\menu avvio\programmi\esecuzione automatica\fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\iytr5252xxbfjmbe33w3756uss44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\~TMB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\~TM54EA3A.TMP (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\039.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\917.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\402.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\928.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\jdethtt22jysty234rjwg34g4346.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\386.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\404.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM2E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\e5ujjkrdjsryjsr6i64ikrjhde46.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\500.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\Temp\~TM19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\temporary internet files\Content.IE5\V7483Z22\aasuper1[1].htm (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\temporary internet files\Content.IE5\V7483Z22\aasuper3[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\impostazioni locali\temporary internet files\Content.IE5\P4FKXJ0X\aasuper2[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-035248-947-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-095508-293-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-111259-862-zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-111259-188-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-111437-101-zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-111437-967-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-120045-394-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-120045-938-zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\marco restuccia\Desktop\backups\backup-20090704-121044-242-fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\065.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\~TMF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\~TM16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\fhkutyd42jnh4rikdtyjnghjn44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\temporary internet files\Content.IE5\85SATJ6Z\aasuper1[1].htm (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\temporary internet files\Content.IE5\6LK4ON3G\aasuper2[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\temporary internet files\Content.IE5\JKIV8FS8\aasuper3[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\impostazioni locali\Temp\temporary internet files\Content.IE5\STM70PE3\bb090621[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu avvio\programmi\esecuzione automatica\fmnupd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\menu avvio\programmi\esecuzione automatica\zqosys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP0\A0000016.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP2\A0000378.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP2\A0000379.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP5\A0002243.EXE (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP5\A0002244.EXE (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP5\A0002248.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002257.EXE (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002262.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002279.EXE (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002301.EXE (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002307.EXE (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002324.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002329.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002345.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002353.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002359.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002360.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002368.exe (Trojan.Banker) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002381.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002387.exe (Backdoor.SdBot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002388.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{71c57dde-996d-475e-a093-7a9a5bf7b9fc}\RP7\A0002389.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Recycled\Dc2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Recycled\Dc3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Recycled\Dc4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-9525935056-3312405630-896001788-1305\wnzip32.exe (Backdoor.SdBot) -> Delete on reboot.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\services.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\reader_s.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\glaide32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Marco Restuccia\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Administrator\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\wpv651245692744.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\wpv151245604880.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\wpv821245692744.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Rundll32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tpsaxyd.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\TEMP\rsyncini.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\FONTS\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\FONTS\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TASKS\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\FONTS\services.exe (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\rtv_winupd.exe (Virus.Sality) -> Quarantined and deleted successfully.
C:\WINDOWS\TASKS\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Marco Restuccia\Dati applicazioni\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Administrator\Dati applicazioni\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Marco Restuccia\Dati applicazioni\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Administrator\Dati applicazioni\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.

simo95
Inviato: Saturday, July 04, 2009 2:17:44 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Ecco..magari, mentre aspetti gli esperti, riavvia il pc, fai una nuova scansione con hikackthis e posta il suo log
markos84
Inviato: Saturday, July 04, 2009 2:21:53 PM
Rank: Member

Iscritto dal : 12/27/2005
Posts: 9
no il computer lo avevo già riavviato dopo aver cancellato i files di antimalware..quindi il log di hijack che ho postato poco fa è quello in seguito al riavvio
shapiro
Inviato: Saturday, July 04, 2009 2:30:19 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai un bel po' di infezioni...
Scarica Avenger

http://swandog46.geekstogo.com/avenger.zip

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe
Ora incolla queste righe nella box bianca che si è aperta:


files to delete:
C:\WINDOWS\fonts\services.exe
C:\WINDOWS\services.exe
C:\ofufgldx.exe
C:\WINDOWS\system32\mssobw.exe
C:\WINDOWS\system32\mszhtbzq.exe
C:\ofufgldx.exe
C:\WINDOWS\system32\mstkhwpa.exe
C:\WINDOWS\TEMP\jfg6dsodz1.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\257859427mxx.dll



Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.



Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:


F3 - REG:win.ini: load=C:\WINDOWS\system32\mssobw.exe

F3 - REG:win.ini: run=C:\WINDOWS\system32\mszhtbzq.exe

O4 - HKLM\..\Run: [17150] C:\ofufgldx.exe

O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\mstkhwpa.exe

O4 - HKUS\.DEFAULT\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\WINDOWS\TEMP\jfg6dsodz1.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\jfg6dsodz1.exe (User 'Default user')

O20 - AppInit_DLLs: C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\257859427mxx.dll

O22 - SharedTaskScheduler: Delayed Applications Handler - {5FFD4A60-C328-128D-44EB-21D258091D15} - C:\WINDOWS\System32\delaybuf.dll (file missing)

O22 - SharedTaskScheduler: DDE Module - {303F44D5-5FEA-4509-ABDE-5E00C3F2125A} - C:\WINDOWS\System32\hun32.dll (file missing)


Fai pulizia con ccleaner

http://www.ccleaner.com
Importante:
In fase d’installazione levare la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)



Allega un nuovo log di hjt, vediamo se e' stato eliminato tutto quello che era infetto
markos84
Inviato: Saturday, July 04, 2009 3:06:08 PM
Rank: Member

Iscritto dal : 12/27/2005
Posts: 9
L o g f i l e o f T h e A v e n g e r V e r s i o n 2 . 0 , ( c ) b y S w a n d o g 4 6

h t t p : / / s w a n d o g 4 6 . g e e k s t o g o . c o m



P l a t f o r m : W i n d o w s X P



* * * * * * * * * * * * * * * * * * *



S c r i p t f i l e o p e n e d s u c c e s s f u l l y .

S c r i p t f i l e r e a d s u c c e s s f u l l y .



B a c k u p s d i r e c t o r y o p e n e d s u c c e s s f u l l y a t C : \ A v e n g e r



* * * * * * * * * * * * * * * * * * *



B e g i n n i n g t o p r o c e s s s c r i p t f i l e :



F i l e " C : \ W I N D O W S \ f o n t s \ s e r v i c e s . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ W I N D O W S \ s e r v i c e s . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ o f u f g l d x . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ W I N D O W S \ s y s t e m 3 2 \ m s s o b w . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ W I N D O W S \ s y s t e m 3 2 \ m s z h t b z q . e x e " d e l e t e d s u c c e s s f u l l y .



E r r o r : f i l e " C : \ o f u f g l d x . e x e " n o t f o u n d !

D e l e t i o n o f f i l e " C : \ o f u f g l d x . e x e " f a i l e d !

S t a t u s : 0 x c 0 0 0 0 0 3 4 ( S T A T U S _ O B J E C T _ N A M E _ N O T _ F O U N D )

- - > t h e o b j e c t d o e s n o t e x i s t



F i l e " C : \ W I N D O W S \ s y s t e m 3 2 \ m s t k h w p a . e x e " d e l e t e d s u c c e s s f u l l y .

F i l e " C : \ W I N D O W S \ T E M P \ j f g 6 d s o d z 1 . e x e " d e l e t e d s u c c e s s f u l l y .



E r r o r : f i l e " C : \ D O C U M E ~ 1 \ A D M I N I ~ 1 \ I M P O S T ~ 1 \ T e m p \ 2 5 7 8 5 9 4 2 7 m x x . d l l " n o t f o u n d !

D e l e t i o n o f f i l e " C : \ D O C U M E ~ 1 \ A D M I N I ~ 1 \ I M P O S T ~ 1 \ T e m p \ 2 5 7 8 5 9 4 2 7 m x x . d l l " f a i l e d !

S t a t u s : 0 x c 0 0 0 0 0 3 4 ( S T A T U S _ O B J E C T _ N A M E _ N O T _ F O U N D )

- - > t h e o b j e c t d o e s n o t e x i s t





C o m p l e t e d s c r i p t p r o c e s s i n g .



* * * * * * * * * * * * * * * * * * *



F i n i s h e d ! T e r m i n a t e .



markos84
Inviato: Saturday, July 04, 2009 3:22:14 PM
Rank: Member

Iscritto dal : 12/27/2005
Posts: 9
questo è il log dopo aver usato ccleaner..come noterai le righe di hijack che mi avevi dato da eliminare ci sono ancora quasi tutte..come posso fare?




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.19.02, on 04/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\fonts\services.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\WINDOWS\system32\msaacqvk.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msgpodap.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Marco Restuccia\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msmhmv.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Marco Restuccia\reader_s.exe (User 'Default user')
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [searching] Ricerca dalla barra degli indirizzi
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Servizio trasferimento intelligente in background (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 4959 bytes

shapiro
Inviato: Saturday, July 04, 2009 4:13:29 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
vai in provvisoria, fixa le righe che ti ho indicato - torna in modalita' normale - riesegui hjt e postami un nuovo log
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.