Da qualche giorno sulle pagine web ad un certo punto si apre una finestra che mi chiede anzi mi consiglia di istallare il programma DRIVECLEANER..............io ovviamente rifiuto e questo mi fà uscire da Internet !!!!!!!!!!!! ho fatto più volte la scansione antivirus con Kaspersky 6 ma con esito...nessun virus................posto Hijack this.....c'è qualcuno gentile che mi consiglia cosa posso fare ? grazie mille
Logfile of HijackThis v1.99.1
Scan saved at 17.53.15, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.barlatino.com/forum
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CD5B2BA-6502-425F-8B5B-48A89EC0DAA1}: NameServer = 212.216.112.112,151.99.125.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB5A95C7-C9AB-46BE-AA30-99A2FF1D50B6}: NameServer = 85.37.17.48 85.38.28.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CD5B2BA-6502-425F-8B5B-48A89EC0DAA1}: NameServer = 212.216.112.112,151.99.125.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CD5B2BA-6502-425F-8B5B-48A89EC0DAA1}: NameServer = 212.216.112.112,151.99.125.2
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
Rispondi quotando
