[pareri]Che sono?

[Ilverogatsu]

Siccome mi son trovato un paio di schifezze nel pc (ancora mi chiedo come ci siano arrivate, visto che ho Kaspe+Sygate+ad+sb.. mah), ho trovato anche un paio di voci che nn so minimamente che siano.
Mi servirebbe quindi un vostro consiglio-parere-opinione:

Il controllo l'ho fatto sia con Startuplist che con Hijack,

Quote:

StartupList report, 06/09/2004, 12.00.26
StartupList version: 1.52
Started from : E:\Software\Virus&co\StartupList.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\mozilla.org\Mozilla\mozilla.exe
C:\WINNT\system32\NOTEPAD.EXE
E:\Software\Virus&co\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
UpdReg = C:\WINNT\Updreg.exe
Jet Detection = C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
HPDJ Taskbar Utility = C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
SpeedTouch USB Diagnostics = "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
OfficeGuard RegChecker = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
AVPCC = "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
NeroFilterCheck = C:\WINNT\system32\NeroCheck.exe
ATIPTA = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

internat.exe = internat.exe

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

--------------------------------------------------

Enumerating Download Program Files:

[{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}]
CODEBASE = http://akamai.downloadv3.com/binarie...TH_1023_EN.cab

[{469C7080-8EC8-43A6-AD97-45848113743C}]
InProcServer32 = C:\WINNT\system32\nethv32.dll
CODEBASE = http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab

[Update Class]
InProcServer32 = C:\WINNT\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.co...184.7025231481

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\system32\webcheck.dll
SysTray: stobject.dll

Quote:

Logfile of HijackThis v1.98.0
Scan saved at 12.00.03, on 06/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\mozilla.org\Mozilla\mozilla.exe
E:\Software\Virus&co\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alcatel.com/consumer/dsl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scaricare usando &BitSpirit
- C:\Programmi\BitSpirit\bsurl.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binarie...TH_1023_EN.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C405CA2-61C9-44B5-A379-6590F29E23A7}: NameServer = 80.20.178.21 151.99.125.1

Le cose in grassetto sono ciò su cui ho dubbi.

grazie

[trappola]

leggi qui
http://forum.hwupgrade.it/showthread...hreadid=734483

[Ilverogatsu]

Oh! Carino!!
Grazie!

xò rimangono dubbi sull'ultima voce...
Quella con il dominio '80.20.178.21 151.99.125.1 '

[The Lenny]

http://hijackthis.de/index.php?langselect=english

(ora non ho il tempo x spulciare il log ad okkio)

[Ilverogatsu]

ahem... Lenny... me l'hanno postato prima quel link, e difatti l'ho subito usato.
Grazie lo stesso

Ma rimane lo stesso un dubbio segnalato nel mio secondo post.

[The Lenny]

ooopsss..lo dicevo che ero stonato!

151.99.125.1. --> Dns Resolver di Interbusiness
suona familiare?

[Ilverogatsu]

no, nn mi suona familiare dato che nn ho niente interbuisnes, mi sa che verrà eliminato...
tnx