pagina iniziale internet, log di HJT

[christazio]

a me manda sempre a questo indirizzo: res://sqyuk.dll/index.html#37049

posto il log che mi ha fatto Hijack....qualcuno mi aiuta per favore?

Grazie

************************************************** ************
Logfile of HijackThis v1.97.7
Scan saved at 15.06.05, on 15/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\downlo~1\o9x1yx\r6kf3eo.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\atlwt32.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\sdkuk.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Christazio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sqyuk.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://sqyuk.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://sqyuk.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sqyuk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://sqyuk.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sqyuk.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2A69B4ED-A44E-115C-7B00-D6A6A2337148} - C:\WINDOWS\system32\sdksb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sdkuk.exe] C:\WINDOWS\sdkuk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AD1F5D7-210B-4A83-BD47-0A7736187E7B} (PathFinder Control) - http://62.26.118.201/en/download/bin/webinstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?38134.1259375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FED5430-0372-4236-B640-8CBBF23E3187}: NameServer = ***********
O17 - HKLM\System\CS1\Services\Tcpip\..\{9FED5430-0372-4236-B640-8CBBF23E3187}: NameServer = ***********
O17 - HKLM\System\CS2\Services\Tcpip\..\{9FED5430-0372-4236-B640-8CBBF23E3187}: NameServer = ***********
************************************************** **************

[amvinfe]

all'url trovi tutte le informazioni che ti servono, a fine rimozione riavvia, fai un nuovo log con HJT e posta qui il risultato

http://www.alground.com/virus/scheda...p?cod_virus=87

[christazio]

Ho fatto il tutto com edetto nel post ma il problema persiste...

ecco il nuovo log:

************************************************** **********
Logfile of HijackThis v1.97.7
Scan saved at 11.14.08, on 18/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\downlo~1\o9x1yx\r6kf3eo.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ipvr32.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\WINDOWS\sdkuk.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Christazio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sqyuk.dll/sp.html#926298163
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://sqyuk.dll/index.html#926298163
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://sqyuk.dll/index.html#926298163
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sqyuk.dll/sp.html#926298163
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://sqyuk.dll/index.html#926298163
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sqyuk.dll/sp.html#926298163
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2A69B4ED-A44E-115C-7B00-D6A6A2337148} - C:\WINDOWS\system32\sdksb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sdkuk.exe] C:\WINDOWS\sdkuk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKLM\..\RunOnce: [ipvr32.exe] C:\WINDOWS\system32\ipvr32.exe
O4 - HKLM\..\RunOnce: [winxa32.exe] C:\WINDOWS\system32\winxa32.exe
O4 - HKLM\..\RunOnce: [msxi32.exe] C:\WINDOWS\system32\msxi32.exe
O4 - HKLM\..\RunOnce: [apifo.exe] C:\WINDOWS\system32\apifo.exe
O4 - HKLM\..\RunOnce: [appsu.exe] C:\WINDOWS\system32\appsu.exe
O4 - HKLM\..\RunOnce: [syseu.exe] C:\WINDOWS\system32\syseu.exe
O4 - HKLM\..\RunOnce: [addcg32.exe] C:\WINDOWS\system32\addcg32.exe
O4 - HKLM\..\RunOnce: [apicp32.exe] C:\WINDOWS\apicp32.exe
O4 - HKLM\..\RunOnce: [sdkws32.exe] C:\WINDOWS\sdkws32.exe
O4 - HKLM\..\RunOnce: [sdkrb.exe] C:\WINDOWS\sdkrb.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AD1F5D7-210B-4A83-BD47-0A7736187E7B} (PathFinder Control) - http://62.26.118.201/en/download/bin/webinstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?38134.1259375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FED5430-0372-4236-B640-8CBBF23E3187}: NameServer = 213.199.18.120
O17 - HKLM\System\CS1\Services\Tcpip\..\{9FED5430-0372-4236-B640-8CBBF23E3187}: NameServer = 213.199.18.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{9FED5430-0372-4236-B640-8CBBF23E3187}: NameServer = 213.199.18.120
************************************************** ********

[einj]

[B]

C:\WINDOWS\sdkuk.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sqyuk.dll/sp.html#926298163
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://sqyuk.dll/index.html#926298163
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://sqyuk.dll/index.html#926298163
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sqyuk.dll/sp.html#926298163
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://sqyuk.dll/index.html#926298163
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sqyuk.dll/sp.html#926298163
O4 - HKLM\..\Run: [sdkuk.exe] C:\WINDOWS\sdkuk.exe
************************************************** ********

Queste dovrebbero essere le righe incriminate...sdkuk.exe non mi pare un servizio standard di windows prova a cancellare

[christazio]

mi spiace dirlo...ma dopo aver fixato quei file ed aver riavviato sono ancora lì...quando faccio lo scan

[amvinfe]

Le rimozioni vanno fatte con tutte le applicazioni chiuse, così anche il log con HJT, avevi aperti OE e IE.


Lancia nuovamente sphjfix sincerati che IE e tutte le altre applicazioni siano chiuse riavvia apri CWShredder clicca su Fix, riavvia e posta un nuovo log di HJT.


Dimenticavo, non devi essere connesso.

[christazio]

per applicazion iintendi Explore e la posta?

io ho anche norton e l'anti spam e QTime etc etc

[amvinfe]

Originariamente inviato da christazio
per applicazion iintendi Explore e la posta?

io ho anche norton e l'anti spam e QTime etc etc

Sì, la scansione, ma soprattutto la rimozione non va fatta se ci sono finestre di altri programmi aperte, l'antivirus, l'antispam ecc non creano problemi purchè non ci siano finestre dei programmi aperte.

Quando hai fatto l'ultimo log avevi sia Internet Explorer che Outlook aperti



C:\Programmi\Outlook Express\msimn.exe

C:\Programmi\Internet Explorer\IEXPLORE.EXE

[christazio]

Non ne vuole propio sapere di andarsene....adesso spacco il PC maledetti virus!!!!!!!

è il primo che mi da così tanti problemi!!!

SpHjfix: mi dice che non è infetto
CWShredder: mi dice che è tutto ok
HijackThis: mi da il log con ancora i file
*****************************
Logfile of HijackThis v1.97.7
Scan saved at 12.03.41, on 18/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\downlo~1\o9x1yx\r6kf3eo.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ipvr32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\sdkuk.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Christazio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sqyuk.dll/sp.html#926298163
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://sqyuk.dll/index.html#926298163
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://sqyuk.dll/index.html#926298163
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\sqyuk.dll/sp.html#926298163
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://sqyuk.dll/index.html#926298163
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\sqyuk.dll/sp.html#926298163
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2A69B4ED-A44E-115C-7B00-D6A6A2337148} - C:\WINDOWS\system32\sdksb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sdkuk.exe] C:\WINDOWS\sdkuk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKLM\..\RunOnce: [ipvr32.exe] C:\WINDOWS\system32\ipvr32.exe
O4 - HKLM\..\RunOnce: [winxa32.exe] C:\WINDOWS\system32\winxa32.exe
O4 - HKLM\..\RunOnce: [msxi32.exe] C:\WINDOWS\system32\msxi32.exe
O4 - HKLM\..\RunOnce: [apifo.exe] C:\WINDOWS\system32\apifo.exe
O4 - HKLM\..\RunOnce: [appsu.exe] C:\WINDOWS\system32\appsu.exe
O4 - HKLM\..\RunOnce: [syseu.exe] C:\WINDOWS\system32\syseu.exe
O4 - HKLM\..\RunOnce: [addcg32.exe] C:\WINDOWS\system32\addcg32.exe
O4 - HKLM\..\RunOnce: [apicp32.exe] C:\WINDOWS\apicp32.exe
O4 - HKLM\..\RunOnce: [sdkws32.exe] C:\WINDOWS\sdkws32.exe
O4 - HKLM\..\RunOnce: [sdkrb.exe] C:\WINDOWS\sdkrb.exe
O4 - HKLM\..\RunOnce: [sysdq.exe] C:\WINDOWS\system32\sysdq.exe
O4 - HKLM\..\RunOnce: [apiet32.exe] C:\WINDOWS\apiet32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AD1F5D7-210B-4A83-BD47-0A7736187E7B} (PathFinder Control) - http://62.26.118.201/en/download/bin/webinstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...?38134.1259375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FED5430-0372-4236-B640-8CBBF23E3187}: NameServer = 213.199.18.120
O17 - HKLM\System\CS1\Services\Tcpip\..\{9FED5430-0372-4236-B640-8CBBF23E3187}: NameServer = 213.199.18.120
O17 - HKLM\System\CS2\Services\Tcpip\..\{9FED5430-0372-4236-B640-8CBBF23E3187}: NameServer = 213.199.18.120
************************************************** *****

[amvinfe]

toglimi una curiosità, ma quando finisci una scansione sei sicuro di riavviare??? No perchè fra la mia risposta e quella tua eri sempre collegato??!!!!??


a questo punto scaricati AdAware aggiornalo fai una scansione elimina ciò che ti trova, RIAVVIA e posta un nuovo log di HJT