PDA

Visualizza versione completa : avvisi di protezione


katodb
27-04-2005, 22.16.02
Mentre sono su internet compare un triangolino giallo accanto l'orologio seguito da questa finestra:

http://img.freeforumzone.it/upload/206524_Immagine.jpg

Ho eseguito bit defender con questo risultato:
Inoltre ho eseguito anche vari pulitori (ad aware, spybot, microsoft antispyware, malware scanner che ha trovato diversi files infetti ma non li ha rimossi perch ho la versione prova)senza eliminare i messaggi improvvisi.
domanda: cosa devo fare visto che mi si aprono finestre "on line dating" , "casino on line" e varie?

Statistics

Scan path : C:\
Folders : 3321
Files : 422974
Archives : 7018
Packed files : 37633
Identified viruses : 7
Infected files : 49
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 1
Copied files : 0
Moved files : 34
Renamed files : 0
I/O errors : 21
Scan time : 02:26:39
Scan speed (files/sec) : 48

Virus definitions : 36879333
Scan plugins : 13
Archive plugins : 38
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\italy[1].htm Infected Exploit.Html.Codebase.Exec.Gen
C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\italy[1].htm Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\italy[1].htm Moved
C:\Documents and Settings\Dario\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\UXGRMDA1\ied_s7[1].chm=>/ied_s7.htm Infected Exploit.ADODB.Stream.Gen
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\italy2[1].htm Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\italy2[1].htm Moved
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\input[1].php=>(gzip) Infected JS.DragDrop.A
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\q[1].chm=>/file.exe Infected BehavesLike:Win32.ExplorerHijack
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\YXV8PCFE\q[1].chm=>/file.exe Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\G5AJ81U3\italy[1].htm Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\GTEZC1QV\gamesnp[1].htm Disinfection failed
C:\Documents and Settings\Dario\Impostazioni locali\Temporary Internet Files\Content.IE5\GTEZC1QV\gamesnp[1].htm Moved
C:\Documents and Settings\Dario\Impostazioni locali\Dati applicazioni\Identities\{477F6084-61AC-4BFC-90A2-897D880E08E3}\Microsoft\Outlook Express\Davide.dbx=>(message 6)=>[Subject: XBOX emulator][Date: Thu, 02 Jan 2003 17:33:25 +0000]=>(MIME part)=>xbox-emu.ace=>xbox_emulator.0.34.exe Infected Trojan.XEmu.A
C:\Programmi\ESET\infected\VO0AI3AA.NQF=>(Quarantine-PE) Infected Trojan.Downloader.Agent.IG
C:\Programmi\ESET\infected\VO0AI3AA.NQF=>(Quarantine-PE) Disinfection failed
C:\Programmi\ESET\infected\VO0AI3AA.NQF Moved

Gianluchetto
27-04-2005, 22.38.06
Mah, vedo che molti file infetti sono nei file temporanei internet e nella posta... prima di tutto cancellali, poi rifai la scansione col tuo antivirus aggiornato. Se hai Xp dai anche un'occhiata qui (http://www.wintricks.it/forum/showthread.php?s=&threadid=52227) per sicurezza ;)

katodb
28-04-2005, 20.07.59
altro avviso. Intanto il computer comincia a diventare lento nell'apertura delle finestre. C' per caso qualche servizio di xp abilitato che posso togliere? ...la messaggistica disabilitata


http://img.freeforumzone.it/upload/206524_avviso.jpg

katodb
28-04-2005, 23.25.39
Ciao, il log di hijackthis. I primi files che prima non c'erano ritornano sempre anche dopo averli cancellati:

Logfile of HijackThis v1.94.0
Scan saved at 23.23.39, on 28/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.ansa.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.qfind.net/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Cerca con &Google - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100619703520
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



Grazie per qualsiasi aiuto

Bico Bico
29-04-2005, 00.48.07
devi avere un bel p di spyware. intanto prova a ripulire il sistema con i seguenti programmi antispyware:

Ad-aware (http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button)
SpyBot S&D (http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but)
Microsoft Windows Antispyware (beta) (http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en)

poi penseremo al log di Hijack This ;)

crazy.cat
29-04-2005, 08.02.02
Devi usare anche il Lspfix.exe
http://www.cexx.org/lspfix.htm

per rimuovere tutte queste righe
O10 - Unknown file in Winsock LSP: c:\programmi\phshswpr\aphish.dll
e le dll collegate, praticamente devi tenere solo le dll che vedi nella finestra a sinistra, le altre le passi a destra e le elimini.

http://www.megalab.it/immagini/articoli/rimuove_spyware_new./new6.gif

Nel log ti mancano tutte le righe 04 che indicano i programmi attivi nel tuo pc, e la cosa è molto sospetta.

Usa anche una versione di hijackthis più nuova, e dopo qualche pulizia riproponi qui il log
http://www.merijn.org/files/hijackthis.zip

katodb
29-04-2005, 18.41.56
in attesa di usare lspfix, ho pi volte ripulito con gli antispyware suggrito da bico bico ma questo non risolve il problema perch c' qualcosa che poi rigenera tutto......pi tardi posto i risultati dopo le nuove pulizie

grazie

Giorgius
30-04-2005, 08.48.12
Elimina Emule, il "magazzino" dei Trojan Virus "integrati" nei files. ;)

katodb
30-04-2005, 14.11.02
Originariamente inviato da Giorgius
Elimina Emule, il "magazzino" dei Trojan Virus "integrati" nei files. ;)

uso e-mule da molto tempo e tutto quello che prelevo lo passo al controllo di svariati programmi. Non ho mai avuto i problemi di questi giorni e il mulo lo uso da molto tempo. Ma pensate che si possano attivare connessioni diverse da quella di alice adsl che su per adesso a costi pi alti e a me sconosciuti.

Intanto ecco il log di HijackThis dopo i vostri consigli

Logfile of HijackThis v1.99.1
Scan saved at 14.06.03, on 30/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\System32\msole32.exe
C:\Utilities\Aldo Mod\emule.exe
C:\Documents and Settings\Dario\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Cerca con &Google - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100619703520
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41248073-5650-477F-898B-55A71A5D8F4A}: NameServer = 80.21.193.22 151.99.125.1
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

grazie

Bico Bico
30-04-2005, 15.04.11
allora, devi eliminare:

C:\WINDOWS\System32\msole32.exe - probabilmente un worm: http://www.virus-buster.com/en/viruslab/descriptions/sambud.n

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

poi volendo ci sarebbero tutti i vari ricordini lasciati in giro dalle scansioni online:

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

infine c' anche questo servizio relativo all'iPod. non possedendone uno non so dirti con certezza se si pu eliminare o meno:

O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)

katodb
01-05-2005, 02.54.11
ok fatto, ti dir come va

katodb
02-05-2005, 18.29.15
adesso sembra tutto a posto, ho eliminato il file msole32.exe e rilanciato i vari pulitori.... rimasta solo una generale lentezza di internet explorer. Forse ho da chiudere qualche applicazione di troppo
(quel file relativo all'iPod non riesco a rimuoverlo con HijackThis, perch rispunta sempre)


Logfile of HijackThis v1.99.1
Scan saved at 18.30.01, on 02/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Softwin\BitDefender8\vsserv.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dario\Desktop\pulitori periodici\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ansa.it/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_ 5_7_1.dll (file missing)
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Cerca con &Google - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{41248073-5650-477F-898B-55A71A5D8F4A}: NameServer = 80.21.193.22 151.99.125.1
O20 - Winlogon Notify: WB - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe