hijackthis log

the_wiz · 04-08-2005, 11:56

Ciao
mi serve un aiuto dagli esperti sicurezza
Ho un portatile acer con WinXP

Di seguito vi riporto il log di hijackthis
Vedo cose che non mi piacciono, sapreste dirmi quali togliere.
Ad esempio mi pare che lsass sia il virus sasser ma non voglio cancellare senza esserne certo

Logfile of HijackThis v1.99.1
Scan saved at 12.54.27, on 04/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Launch Manager\QtZgAcer.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\slserves.exe
C:\windows\system32\zdablpu.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\windows\system32\packager.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Sygate\SPF\Smc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {1157E4D6-1AA2-4CBB-B43A-BF9DF1EEC49D} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\3inav.dat
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\Run: [Starting up] wvsvc.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [RealPlayer] RealPlayer.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paint.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [8fQmWM] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzng32.exe
O4 - HKLM\..\Run: [8ÏÔ@ÔÁÐ]*ú"ü‰üžigÝYC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [Microsoft Windows] explorar.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [8ÏÔÁÐ]*ú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]*ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]*ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [8fQmú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\Run: [zdablpu] c:\windows\system32\zdablpu.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [start uploading] smsss.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [RealPlayer] RealPlayer.exe
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] explorar.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [start uploading] smsss.exe
O4 - HKLM\..\RunServices: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Starting up] wvsvc.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [RealPlayer] RealPlayer.exe
O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\Run: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [NvCplScan] msc32.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKCU\..\Run: [start uploading] smsss.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\RunServices: [start uploading] smsss.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Programmi\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://securegameloader.com/sc.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamdr-it/itd/games3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{400FABBE-6BBF-4BC2-9288-ADE4CB6E2B62}: NameServer = 85.37.17.9 151.99.125.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{400FABBE-6BBF-4BC2-9288-ADE4CB6E2B62}: NameServer = 85.37.17.9 151.99.125.1
O18 - Filter: text/html - {E55D0852-81A9-4C2A-9E42-D212E75044A4} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\Smc.exe

andorra24 · 04-08-2005, 12:40

Fixa:
C:\WINDOWS\System32\slserves.exe
C:\windows\system32\zdablpu.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {1157E4D6-1AA2-4CBB-B43A-BF9DF1EEC49D} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\3inav.dat
O4 - HKLM\..\Run: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\Run: [Starting up] wvsvc.exe
O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\Run: [RealPlayer] RealPlayer.exe
O4 - HKLM\..\Run: [dlite] dllmanager.exe
O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paint.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [8fQmWM] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [NvCplScan] msc32.exe
O4 - HKLM\..\Run: [Windows Media Player] msa.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzng32.exe
O4 - HKLM\..\Run: [8ÏÔ@ÔÁÐ]*ú"ü‰üžigÝYC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [Microsoft Windows] explorar.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [8ÏÔÁÐ]*ú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]*ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]*ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [8fQmú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe
O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\Run: [zdablpu] c:\windows\system32\zdablpu.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [start uploading] smsss.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKLM\..\RunServices: [Microsoft fierwall] fierwall.exe
O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe
O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe
O4 - HKLM\..\RunServices: [RealPlayer] RealPlayer.exe
O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKLM\..\RunServices: [dlite] dllmanager.exe
O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] explorar.exe
O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe
O4 - HKLM\..\RunServices: [start uploading] smsss.exe
O4 - HKLM\..\RunServices: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\Run: [Starting up] wvsvc.exe
O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe
O4 - HKCU\..\Run: [RealPlayer] RealPlayer.exe
O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe
O4 - HKCU\..\Run: [dlite] dllmanager.exe
O4 - HKCU\..\Run: [NvCplScan] msc32.exe
O4 - HKCU\..\Run: [Windows Media Player] msa.exe
O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe
O4 - HKCU\..\Run: [start uploading] smsss.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [MS Windows Process Class] MSPRCSS32.exe
O4 - HKCU\..\RunServices: [start uploading] smsss.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://securegameloader.com/sc.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamdr-it/itd/games3.cab
O18 - Filter: text/html - {E55D0852-81A9-4C2A-9E42-D212E75044A4} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat

PS:ti consiglio una scansione antivirus qui:http://www.bitdefender.com/scan8/ie.html
e una scansione con ewido: http://download.ewido.net/ewido-setup.exe

SkunkWorks 68 · 04-08-2005, 12:47

..Che disastro di log...

...Segui i consigli di Andorra...dovresti poi mettere il SP2...Qui Eraser e MrOZ..faranno festa..

matteo1 · 04-08-2005, 15:48

io aggiungo:
1)naviga un pò + tranquillo
2)usa spywareblaster che trovi qui:
http://www.javacoolsoftware.com/sbdownload.html
3)usa winpatrol in background quando navighi:
http://www.winpatrol.com/setupit.exe
Ciao.

BravoGT83 · 04-08-2005, 17:35

Quote:

Originariamente inviato da SkunkWorks 68

..Che disastro di log...

...Segui i consigli di Andorra...dovresti poi mettere il SP2...Qui Eraser e MrOZ..faranno festa..

davvero

come cacchio hai fatto??

juninho85 · 04-08-2005, 23:14

figo

feo84 · 04-08-2005, 23:17

Sti cavoli che log!!

the_wiz · 08-08-2005, 20:34

grazie, seguirò i consigli e vi faccio sapere
E' il portatile dei miei...

04-08-2005, 11:56	#1
the_wiz Member Iscritto dal: Mar 2003 Città: milano/caserta Messaggi: 96	hijackthis log Ciao mi serve un aiuto dagli esperti sicurezza Ho un portatile acer con WinXP Di seguito vi riporto il log di hijackthis Vedo cose che non mi piacciono, sapreste dirmi quali togliere. Ad esempio mi pare che lsass sia il virus sasser ma non voglio cancellare senza esserne certo Logfile of HijackThis v1.99.1 Scan saved at 12.54.27, on 04/08/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Launch Manager\QtZgAcer.EXE C:\Programmi\IPM\Adsl\DataWay\dslstat.exe C:\WINDOWS\System32\dslagent.exe C:\WINDOWS\System32\slserves.exe C:\windows\system32\zdablpu.exe C:\Programmi\AVPersonal\AVGNT.EXE C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\AVPersonal\AVGUARD.EXE C:\Programmi\AVPersonal\AVWUPSRV.EXE C:\windows\system32\packager.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Sygate\SPF\Smc.exe C:\Programmi\iPod\bin\iPodService.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\HijackThis.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {1157E4D6-1AA2-4CBB-B43A-BF9DF1EEC49D} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\3inav.dat O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [Microsoft fierwall] fierwall.exe O4 - HKLM\..\Run: [Starting up] wvsvc.exe O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe O4 - HKLM\..\Run: [RealPlayer] RealPlayer.exe O4 - HKLM\..\Run: [dlite] dllmanager.exe O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paint.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [8fQmWM] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [NvCplScan] msc32.exe O4 - HKLM\..\Run: [Windows Media Player] msa.exe O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzng32.exe O4 - HKLM\..\Run: [8ÏÔ@ÔÁÐ]ú"ü‰üžigÝYC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [Microsoft Windows] explorar.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui O4 - HKLM\..\Run: [8ÏÔÁÐ]ú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [¢‰¸u0–4C }ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [¢‰¸u0–4C }ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [8fQmú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe O4 - HKLM\..\Run: [zdablpu] c:\windows\system32\zdablpu.exe O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe O4 - HKLM\..\Run: [start uploading] smsss.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe O4 - HKLM\..\Run: [MS Windows Process Class] MSPRCSS32.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [Microsoft fierwall] fierwall.exe O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe O4 - HKLM\..\RunServices: [RealPlayer] RealPlayer.exe O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe O4 - HKLM\..\RunServices: [dlite] dllmanager.exe O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe O4 - HKLM\..\RunServices: [Microsoft Windows] explorar.exe O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe O4 - HKLM\..\RunServices: [start uploading] smsss.exe O4 - HKLM\..\RunServices: [MS Windows Process Class] MSPRCSS32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Starting up] wvsvc.exe O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe O4 - HKCU\..\Run: [RealPlayer] RealPlayer.exe O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe O4 - HKCU\..\Run: [dlite] dllmanager.exe O4 - HKCU\..\Run: [NvCplScan] msc32.exe O4 - HKCU\..\Run: [Windows Media Player] msa.exe O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe O4 - HKCU\..\Run: [start uploading] smsss.exe O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O4 - HKCU\..\Run: [MS Windows Process Class] MSPRCSS32.exe O4 - HKCU\..\RunServices: [start uploading] smsss.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Web Rebates - file://C:\Programmi\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll (file missing) O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .popuppers.com O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://securegameloader.com/sc.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamdr-it/itd/games3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{400FABBE-6BBF-4BC2-9288-ADE4CB6E2B62}: NameServer = 85.37.17.9 151.99.125.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{400FABBE-6BBF-4BC2-9288-ADE4CB6E2B62}: NameServer = 85.37.17.9 151.99.125.1 O18 - Filter: text/html - {E55D0852-81A9-4C2A-9E42-D212E75044A4} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\Smc.exe

04-08-2005, 12:40	#2
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa: C:\WINDOWS\System32\slserves.exe C:\windows\system32\zdablpu.exe R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {1157E4D6-1AA2-4CBB-B43A-BF9DF1EEC49D} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\3inav.dat O4 - HKLM\..\Run: [Microsoft fierwall] fierwall.exe O4 - HKLM\..\Run: [Starting up] wvsvc.exe O4 - HKLM\..\Run: [Yahoo Update] Yahoo.exe O4 - HKLM\..\Run: [RealPlayer] RealPlayer.exe O4 - HKLM\..\Run: [dlite] dllmanager.exe O4 - HKLM\..\Run: [winlogin.exe] C:\WINDOWS\paint.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\Run: [8fQmWM] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [NvCplScan] msc32.exe O4 - HKLM\..\Run: [Windows Media Player] msa.exe O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvzng32.exe O4 - HKLM\..\Run: [8ÏÔ@ÔÁÐ]ú"ü‰üžigÝYC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [Microsoft Windows] explorar.exe O4 - HKLM\..\Run: [salm] c:\temp\salm.exe O4 - HKLM\..\Run: [8ÏÔÁÐ]ú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [¢‰¸u0–4C }ïÁzî[8C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]ú"ü‰üžiC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁÐ]ú"ü‰¸u0C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [¢‰¸u0–4C }ïÁzîžigÝC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [8fQmú"ü‰üžigÝY] C:\WINDOWS\joqygkg.exe O4 - HKLM\..\Run: [NAV Auto Updates] slserves.exe O4 - HKLM\..\Run: [zdablpu] c:\windows\system32\zdablpu.exe O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe O4 - HKLM\..\Run: [start uploading] smsss.exe O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe O4 - HKLM\..\Run: [MS Windows Process Class] MSPRCSS32.exe O4 - HKLM\..\RunServices: [Microsoft fierwall] fierwall.exe O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe O4 - HKLM\..\RunServices: [Yahoo Update] Yahoo.exe O4 - HKLM\..\RunServices: [RealPlayer] RealPlayer.exe O4 - HKLM\..\RunServices: [Microsoft Fileroller Manager] fileroller.exe O4 - HKLM\..\RunServices: [dlite] dllmanager.exe O4 - HKLM\..\RunServices: [NvCplScan] msc32.exe O4 - HKLM\..\RunServices: [Windows Media Player] msa.exe O4 - HKLM\..\RunServices: [Microsoft Windows] explorar.exe O4 - HKLM\..\RunServices: [NAV Auto Updates] slserves.exe O4 - HKLM\..\RunServices: [start uploading] smsss.exe O4 - HKLM\..\RunServices: [MS Windows Process Class] MSPRCSS32.exe O4 - HKCU\..\Run: [Starting up] wvsvc.exe O4 - HKCU\..\Run: [Yahoo Update] Yahoo.exe O4 - HKCU\..\Run: [RealPlayer] RealPlayer.exe O4 - HKCU\..\Run: [Microsoft Fileroller Manager] fileroller.exe O4 - HKCU\..\Run: [dlite] dllmanager.exe O4 - HKCU\..\Run: [NvCplScan] msc32.exe O4 - HKCU\..\Run: [Windows Media Player] msa.exe O4 - HKCU\..\Run: [NAV Auto Updates] slserves.exe O4 - HKCU\..\Run: [start uploading] smsss.exe O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O4 - HKCU\..\Run: [MS Windows Process Class] MSPRCSS32.exe O4 - HKCU\..\RunServices: [start uploading] smsss.exe O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .popuppers.com O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://securegameloader.com/sc.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamdr-it/itd/games3.cab O18 - Filter: text/html - {E55D0852-81A9-4C2A-9E42-D212E75044A4} - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.32.dat PS:ti consiglio una scansione antivirus qui:http://www.bitdefender.com/scan8/ie.html e una scansione con ewido: http://download.ewido.net/ewido-setup.exe

04-08-2005, 12:47	#3
SkunkWorks 68 Senior Member Iscritto dal: Sep 2004 Città: Prov. Novara/Palmdale Messaggi: 5228	..Che disastro di log... ...Segui i consigli di Andorra...dovresti poi mettere il SP2...Qui Eraser e MrOZ..faranno festa..

04-08-2005, 15:48	#4
matteo1 Senior Member Iscritto dal: Jun 2005 Città: in lombardia Messaggi: 8414	io aggiungo: 1)naviga un pò + tranquillo 2)usa spywareblaster che trovi qui: http://www.javacoolsoftware.com/sbdownload.html 3)usa winpatrol in background quando navighi: http://www.winpatrol.com/setupit.exe Ciao.

04-08-2005, 23:14	#6
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 28978	figo

04-08-2005, 23:17	#7
feo84 Senior Member Iscritto dal: Nov 2003 Città: Prov. di Torino Messaggi: 3747	Sti cavoli che log!!

08-08-2005, 20:34	#8
the_wiz Member Iscritto dal: Mar 2003 Città: milano/caserta Messaggi: 96	grazie, seguirò i consigli e vi faccio sapere E' il portatile dei miei...

Strumenti
Mostra una versione stampabile Invia questa pagina per email