Ciao
mi serve un aiuto dagli esperti sicurezza
Ho un portatile acer con WinXP

Di seguito vi riporto il log di hijackthis
Vedo cose che non mi piacciono, sapreste dirmi quali togliere.
Ad esempio mi pare che lsass sia il virus sasser ma non voglio cancellare senza esserne certo

Logfile of HijackThis v1.99.1
Scan saved at 12.54.27, on 04/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\slserves.exe
C:\windows\system32\zdablpu.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\windows\system32\packager.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Sygate\SPF\Smc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {1157E4D6-1AA2-4CBB-B43A-BF9DF1EEC49D} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\3inav.dat
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\Run: [Starting up] wvsvc.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [RealPlayer] RealPlayer.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paint.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [8fQmWM] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzng32.exe
O4 - HKLM\..\Run: [8ÏÔ@ÔÁÐ]*ú"ü‰üžigÝYC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [Microsoft Windows] explorar.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [8ÏÔÁÐ]*ú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]*ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]*ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [8fQmú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\Run: [zdablpu] c:\windows\system32\zdablpu.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [start uploading] smsss.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [RealPlayer] RealPlayer.exe
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] explorar.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [start uploading] smsss.exe
O4 - HKLM\..\RunServices: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Starting up] wvsvc.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [RealPlayer] RealPlayer.exe
O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\Run: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [NvCplScan] msc32.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKCU\..\Run: [start uploading] smsss.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\RunServices: [start uploading] smsss.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Programmi\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://securegameloader.com/sc.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamdr-it/itd/games3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{400FABBE-6BBF-4BC2-9288-ADE4CB6E2B62}: NameServer = 85.37.17.9 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{400FABBE-6BBF-4BC2-9288-ADE4CB6E2B62}: NameServer = 85.37.17.9 151.99.125.1
O18 - Filter: text/html - {E55D0852-81A9-4C2A-9E42-D212E75044A4} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\Smc.exe

Fixa:
C:\WINDOWS\System32\slserves.exe
C:\windows\system32\zdablpu.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {1157E4D6-1AA2-4CBB-B43A-BF9DF1EEC49D} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\3inav.dat
O4 - HKLM\..\Run: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\Run: [Starting up] wvsvc.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [RealPlayer] RealPlayer.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paint.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [8fQmWM] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzng32.exe
O4 - HKLM\..\Run: [8ÏÔ@ÔÁÐ]*ú"ü‰üžigÝYC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [Microsoft Windows] explorar.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [8ÏÔÁÐ]*ú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]*ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]*ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [8fQmú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\Run: [zdablpu] c:\windows\system32\zdablpu.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [start uploading] smsss.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKLM\..\RunServices: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [RealPlayer] RealPlayer.exe
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] explorar.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [start uploading] smsss.exe
O4 - HKLM\..\RunServices: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\Run: [Starting up] wvsvc.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [RealPlayer] RealPlayer.exe
O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\Run: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [NvCplScan] msc32.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKCU\..\Run: [start uploading] smsss.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\RunServices: [start uploading] smsss.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://securegameloader.com/sc.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamdr-it/itd/games3.cab
O18 - Filter: text/html - {E55D0852-81A9-4C2A-9E42-D212E75044A4} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat

PS:ti consiglio una scansione antivirus qui:http://www.bitdefender.com/scan8/ie.html
e una scansione con ewido: http://download.ewido.net/ewido-setup.exe

..Che disastro di log... :( ...Segui i consigli di Andorra...dovresti poi mettere il SP2...Qui Eraser e MrOZ..faranno festa.. :(

io aggiungo:
1)naviga un pò + tranquillo
2)usa spywareblaster che trovi qui:
http://www.javacoolsoftware.com/sbdownload.html
3)usa winpatrol in background quando navighi:
http://www.winpatrol.com/setupit.exe
Ciao.

..Che disastro di log... :( ...Segui i consigli di Andorra...dovresti poi mettere il SP2...Qui Eraser e MrOZ..faranno festa.. :(
davvero :doh:

come cacchio hai fatto?? :eek:

figo :eek:

Sti cavoli che log!!
:D

grazie, seguirò i consigli e vi faccio sapere
E' il portatile dei miei...