ascapito
22-02-2006, 21:06
Salve gente spero che qualcuno ne sappia una più del diavolo perchè ho un problem da due giorni circa con un processo assurdo che nn se ne va dalle balls! :D
La cosa più mortificante è ho installatio il windows domenica e va una bomba, ma neanche due giorni e sta accadendo qualcosa di strano.
Seguendo i vostri preziosi consigli riguardo a virus antivirus e toll vari per la sicurezza del sistema, credevo di aver creato un muro impenetrabile contro spyware virus trojan etc...
Ho infatti all'avvio del windows a difendere le mura del castello Kaspersky Antivirus,Kaspersky antihacker in modalità stealth e security level high e inoltre ProcessGuard e Winpatrol.
Ho inoltre installato ad aware, hijackthis xoftspy e ad watch per stare ancora + tranquillo, ma mi sa che stavo meglio quando stavo peggio :D
Già da domenica sera sono iniziate le cose strane e cioè l'antihacker kaspersky mi ha bloccato tutti questi attacchi che ora vi riporto:
19/02/2006 22.13.41 Your computer has been attacked from 222.179.146.6. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 0.02.19 Your computer has been attacked from 222.81.34.131. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 0.46.03 Your computer has been attacked. Attack - DDoS (denied servicing). The attack has been successfully repulsed.
20/02/2006 12.32.56 Your computer has been attacked from 221.194.192.51. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 16.26.14 Your computer has been attacked from 61.136.195.234. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 23.12.37 Your computer has been attacked from 221.235.112.94. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 23.43.45 Your computer has been attacked from 60.191.43.7. Attack - Helkern. The attack has been successfully repulsed.
21/02/2006 0.53.45 Your computer has been attacked from c-67-164-148-63.hsd1.tx.comcast.net. Attack - Helkern. The attack has been successfully repulsed.
21/02/2006 15.04.30 Your computer has been attacked from 221.235.112.94. Attack - Helkern. The attack has been successfully repulsed.
21/02/2006 15.06.08 Your computer has been attacked from 222.179.146.6. Attack - Helkern. The attack has been successfully repulsed.
21/02/2006 15.44.27 Your computer has been attacked. Attack - DDoS (denied servicing). The attack has been successfully repulsed.
21/02/2006 21.36.31 Your computer has been attacked from 61.136.195.234. Attack - Helkern. The attack has been successfully repulsed.
22/02/2006 1.43.38 Your computer has been attacked from 201.22.65.151.dialup.gvt.net.br. Attack - Helkern. The attack has been successfully repulsed.
22/02/2006 2.22.11 Your computer has been attacked from MMCDXXXVI.tun.saunalahti.fi. Attack - Helkern. The attack has been successfully repulsed.
22/02/2006 2.22.23 Your computer has been attacked from 219.146.96.77. Attack - Helkern. The attack has been successfully repulsed.
22/02/2006 3.05.33 Your computer has been attacked from 61.136.195.234. Attack - Helkern. The attack has been
Martedì sera ho fatto uno scan con tutti i programmi sopra citati e tranne che per xoftspy andava tutto bene, solo qualche cookie tracking con ad aware ma nulla di grave. Xoftspy mi ha invece rilevato un trojan ,che nn so com è entrato e da dove, il cui nome era Haxdoor. Neanche mezz'ora dopo e Winpatrol mi avvisa che un auto startup program è stato rilevato.
Il "processo" è il seguente
rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\21144182
e anche
Winsidebysidesetupcleanup 21144182
Idem mi rileva Spybot S&D resident.
Vi spiego ora cosa ho fatto.
In modalità provvisoria ho fatto uno scan con xoftspy e il trojan è stato rimosso.
Poi ho cercato con win patrol e con hijackthis di uccidere il processo incriminato ma nulla di fatto.Si riapriva continuamente nonostante avessi settato tutti i programmi per bloccarne automaticamente l'avvio dello stesso.
Allora ho cercato di capirne di più e nel registro di sistema ho trovato una chiave corrispondente cercando Winsidebysidesetupcleanup in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Winsidebysidesetupcleanup 21144182
dati
rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\21144182
Purtroppo nn c'è modo di mettere termine a questi processi.
Nonostante stia cancellando le chiavi di registro corrispondenti con hijack e altri tool questi tornano sempre e sinceramente me so rotto!!
DI seguito vi allego il log di hijackthis per magari aiutarvi ad aiutarmi :D
ogfile of HijackThis v1.99.1
Scan saved at 21.29.58, on 22/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ProcessGuard\dcsuserprot.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Wireless LAN Utility\tiwlnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ProcessGuard\pgaccount.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Wireless LAN Utility\TIWLANCu.exe
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ProcessGuard\procguard.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\ascapito\Desktop\ÞRØTèzîØñè Ðèl $î$†èmå - Áñ†î$ÞîwÁRè - Áñ†îvîRµ$ - FîRèwåll - ÞRØÇ觧 GµåRdîåñ\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Programmi\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Programmi\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\RunOnce: [WinSideBySideSetupCleanup 21144182] rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\21144182
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Programmi\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Programmi\WashAndGo\checker.exe /check
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C0D68-ABF4-4FEF-971B-23631BD14D9F}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E9C0D68-ABF4-4FEF-971B-23631BD14D9F}: NameServer = 85.37.17.58 85.38.28.94
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DiamondCS ProcessGuard Service v3.200 (DCSPGSRV) - DiamondCS - C:\Programmi\ProcessGuard\dcsuserprot.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Programmi\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe
La cosa più mortificante è ho installatio il windows domenica e va una bomba, ma neanche due giorni e sta accadendo qualcosa di strano.
Seguendo i vostri preziosi consigli riguardo a virus antivirus e toll vari per la sicurezza del sistema, credevo di aver creato un muro impenetrabile contro spyware virus trojan etc...
Ho infatti all'avvio del windows a difendere le mura del castello Kaspersky Antivirus,Kaspersky antihacker in modalità stealth e security level high e inoltre ProcessGuard e Winpatrol.
Ho inoltre installato ad aware, hijackthis xoftspy e ad watch per stare ancora + tranquillo, ma mi sa che stavo meglio quando stavo peggio :D
Già da domenica sera sono iniziate le cose strane e cioè l'antihacker kaspersky mi ha bloccato tutti questi attacchi che ora vi riporto:
19/02/2006 22.13.41 Your computer has been attacked from 222.179.146.6. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 0.02.19 Your computer has been attacked from 222.81.34.131. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 0.46.03 Your computer has been attacked. Attack - DDoS (denied servicing). The attack has been successfully repulsed.
20/02/2006 12.32.56 Your computer has been attacked from 221.194.192.51. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 16.26.14 Your computer has been attacked from 61.136.195.234. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 23.12.37 Your computer has been attacked from 221.235.112.94. Attack - Helkern. The attack has been successfully repulsed.
20/02/2006 23.43.45 Your computer has been attacked from 60.191.43.7. Attack - Helkern. The attack has been successfully repulsed.
21/02/2006 0.53.45 Your computer has been attacked from c-67-164-148-63.hsd1.tx.comcast.net. Attack - Helkern. The attack has been successfully repulsed.
21/02/2006 15.04.30 Your computer has been attacked from 221.235.112.94. Attack - Helkern. The attack has been successfully repulsed.
21/02/2006 15.06.08 Your computer has been attacked from 222.179.146.6. Attack - Helkern. The attack has been successfully repulsed.
21/02/2006 15.44.27 Your computer has been attacked. Attack - DDoS (denied servicing). The attack has been successfully repulsed.
21/02/2006 21.36.31 Your computer has been attacked from 61.136.195.234. Attack - Helkern. The attack has been successfully repulsed.
22/02/2006 1.43.38 Your computer has been attacked from 201.22.65.151.dialup.gvt.net.br. Attack - Helkern. The attack has been successfully repulsed.
22/02/2006 2.22.11 Your computer has been attacked from MMCDXXXVI.tun.saunalahti.fi. Attack - Helkern. The attack has been successfully repulsed.
22/02/2006 2.22.23 Your computer has been attacked from 219.146.96.77. Attack - Helkern. The attack has been successfully repulsed.
22/02/2006 3.05.33 Your computer has been attacked from 61.136.195.234. Attack - Helkern. The attack has been
Martedì sera ho fatto uno scan con tutti i programmi sopra citati e tranne che per xoftspy andava tutto bene, solo qualche cookie tracking con ad aware ma nulla di grave. Xoftspy mi ha invece rilevato un trojan ,che nn so com è entrato e da dove, il cui nome era Haxdoor. Neanche mezz'ora dopo e Winpatrol mi avvisa che un auto startup program è stato rilevato.
Il "processo" è il seguente
rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\21144182
e anche
Winsidebysidesetupcleanup 21144182
Idem mi rileva Spybot S&D resident.
Vi spiego ora cosa ho fatto.
In modalità provvisoria ho fatto uno scan con xoftspy e il trojan è stato rimosso.
Poi ho cercato con win patrol e con hijackthis di uccidere il processo incriminato ma nulla di fatto.Si riapriva continuamente nonostante avessi settato tutti i programmi per bloccarne automaticamente l'avvio dello stesso.
Allora ho cercato di capirne di più e nel registro di sistema ho trovato una chiave corrispondente cercando Winsidebysidesetupcleanup in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Winsidebysidesetupcleanup 21144182
dati
rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\21144182
Purtroppo nn c'è modo di mettere termine a questi processi.
Nonostante stia cancellando le chiavi di registro corrispondenti con hijack e altri tool questi tornano sempre e sinceramente me so rotto!!
DI seguito vi allego il log di hijackthis per magari aiutarvi ad aiutarmi :D
ogfile of HijackThis v1.99.1
Scan saved at 21.29.58, on 22/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ProcessGuard\dcsuserprot.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Wireless LAN Utility\tiwlnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ProcessGuard\pgaccount.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Wireless LAN Utility\TIWLANCu.exe
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ProcessGuard\procguard.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\ascapito\Desktop\ÞRØTèzîØñè Ðèl $î$†èmå - Áñ†î$ÞîwÁRè - Áñ†îvîRµ$ - FîRèwåll - ÞRØÇ觧 GµåRdîåñ\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Programmi\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Programmi\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\RunOnce: [WinSideBySideSetupCleanup 21144182] rundll32 sxs.dll,SxspRunDllDeleteDirectory C:\WINDOWS\WinSxS\InstallTemp\21144182
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Programmi\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Programmi\WashAndGo\checker.exe /check
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmi\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9C0D68-ABF4-4FEF-971B-23631BD14D9F}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E9C0D68-ABF4-4FEF-971B-23631BD14D9F}: NameServer = 85.37.17.58 85.38.28.94
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DiamondCS ProcessGuard Service v3.200 (DCSPGSRV) - DiamondCS - C:\Programmi\ProcessGuard\dcsuserprot.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Programmi\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe