Salve! mi chiamo Luigi.. vi presento subito il mio problema...
Uso windows xp, e come antivirus ho avast.
All'accensione del pc, avast mi rileva subito un virus malware-gen : il file C:\a.bat .
Prontamente provvedo all'eliminazione del file.
Il problema nasce quando una volta spento il pc, lo riaccendo: riecco il simpatico amico a.bat .
Ho provato a vedere in rete come risolvere il problema, ma niente.. ogni volta che accendo il pc avast mi segnala la presenza di questo a.bat , che poi elimino subito, però vorrei trovare il modo di eleminarlo definitivamente !!!
Qualcuno può aiutarmi ?
Grazie !!

Hai fatto la scansione in modalità provvisoria?

---

tma quando avast lo trova tu lo metti nel cestino?

quando il pc parte in modalita' provvisoria, il ripristino di configurazione viene disattivato? lo chiedo perche' anche se con un altro tipo di virus avevo lo stesso problema, eliminavo ma ritornava, fatta la scansione con il ripristino disattivato e' stato finalmente debellato.

Start\Tutti i programmi\Accessori\Utilità di sistema\Ripristino configurazione di sistema.Nella finestra che si aprirà sulla Sx c'è un la scritta sottolineata Impostazioni ripristino di sistema,cliccaci,nella successiva finestra che si aprirà metti la spunta nella casella Disattiva ripristino di sistema e poi su applica,chiudi tutto e riavvia il pc in modalità provvisoria e fai la scansione con l'antivirus.Elimina quello che Avast trova,riavvia normalmente Windows e se tutto è regolare riattiva il ripristino di sitema e crea un nuovo punto.Il punto di ripristino è un'accessorio molto utile perchè in caso di piccoli guai ti consente di ritornare indietro e ristabilire il sistema operativo ma purtroppo se ne servono anche virus e company per rigenerarsi dopo una loro eliminazione ecco perchè quando si vuole eliminare del malware è bene disattivarlo.

cosa intendi per il ripristino di configurazione ? cosa devrebbe succedere se disattivato?

Niente da dire amico,sei bello "pieno".
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\dqseeybj.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\fixbiogg.exe
O4 - HKLM\..\Run: [SPAM WARN PART RDR] C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\openfourspamwarn\burnbyte.exe
O4 - HKLM\..\Run: [ms-update] scvhost.exe
O4 - HKLM\..\Run: [DRam prosessor] msconf.exe
O4 - HKLM\..\RunServices: [DRam prosessor] msconf.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\xngzelc.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmi\Save\Save.exe"

Trova e cancella i file in rosso:
C:\WINDOWS\System32\dqseeybj.exe
C:\WINDOWS\System32\fixbiogg.exe
C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\openfourspamwarn\burnbyte.exe
C:\WINDOWS\System32\xngzelc.exe
C:\Programmi\Save\Save.exe( Elimina la cartella)
C:\WINDOWS\system32\msconf.exe
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).

Scarica Spy-Bot da qui http://www.aiutaamici.com/software?ID=10831 e fai una scansione sempre in Modalità Provvisoria.

Scarica CCleaner Dai una pulita (registro compreso) http://www.aiutaamici.com/software?ID=11223

Riavvia il computer.
Fai una scansione on-line con questo; http://housecall.trendmicro.com/it/
Riposta qui un nuovo log.

Ciao.
Il log è pulito.
Se vuoi, (non è obligatorio) puoi eliminare anche queste voci:(il pc ne sarà contento)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Disistalla Virit ,non serve più.
Poi fai una bella pulizia con CCleaner,(registro compreso).

Ciao.

Cari amici anche io ho lo stesso problema.

Mi rivolgo a r16 per un generoso aiuto. Questo è il logfile generato da TM Hijack.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.31.31, on 10/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Programmi\WinFax\WFXMOD32.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programmi\QuickTime\QTTask.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmi\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\msupdate.exe
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\WinFax\WFXCTL32.EXE
C:\Programmi\WinFax\WFXMOD32.EXE
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: assistentidivolo Toolbar - {d8ff73f5-ab9c-49aa-8c0f-1f760acb3706} - C:\Programmi\assistentidivolo\tbass1.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Programmi\Live_TV\tbLiv1.dll
O2 - BHO: assistentidivolo Toolbar - {d8ff73f5-ab9c-49aa-8c0f-1f760acb3706} - C:\Programmi\assistentidivolo\tbass1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: assistentidivolo Toolbar - {d8ff73f5-ab9c-49aa-8c0f-1f760acb3706} - C:\Programmi\assistentidivolo\tbass1.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PVR Agent] C:\Programmi\Empire\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DRam prosessor] msupdate.exe
O4 - HKLM\..\RunServices: [DRam prosessor] msupdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-842925246-1958367476-682003330-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Francesco')
O4 - HKUS\S-1-5-21-842925246-1958367476-682003330-1007\..\Run: [Internet Security Services] C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe (User 'Francesco')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Controller.LNK = C:\Programmi\WinFax\WFXCTL32.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCFD7122-CD52-435D-B4FD-532E94D86CCD}: NameServer = 194.183.2.129,217.72.96.66
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Programmi\Nero\Nero8\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10955 bytes

Grazie

log malwarebytes:

Malwarebytes' Anti-Malware 1.32
Versione del database: 1638
Windows 5.1.2600 Service Pack 3

10/01/2009 17.15.52
mbam-log-2009-01-10 (17-15-36).txt

Tipo di scansione: Scansione completa (C:\|E:\|H:\|)
Elementi scansionati: 324035
Tempo trascorso: 1 hour(s), 33 minute(s), 26 second(s)

Processi delle memoria infetti: 1
Moduli della memoria infetti: 1
Chiavi di registro infette: 5
Valori di registro infetti: 3
Elementi dato del registro infetti: 0
Cartelle infette: 3
File infetti: 21

Processi delle memoria infetti:
C:\WINDOWS\system32\msupdate.exe (Backdoor.Bot) -> No action taken.

Moduli della memoria infetti:
C:\Programmi\Live_TV\tbLiv1.dll (Adware.Agent) -> No action taken.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Live_TV (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Live_TV (Adware.Agent) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DRam prosessor (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\DRam prosessor (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\DRam prosessor (Backdoor.Bot) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Programmi\Live_TV (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\RadioPlayer (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\rss (Adware.Agent) -> No action taken.

File infetti:
C:\Programmi\Live_TV\tbLiv1.dll (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\INSTALL.LOG (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\LanguagePack.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\LocalSettings.txt (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\tbLive.dll (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\ThirdPartyComponents.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\toolbar.cfg (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\UNWISE.EXE (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\update.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\RadioPlayer\Predefined_Media_List.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\RadioPlayer\User_Media_List.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\rss\http___feeds_feedburner_com_metacafe_TYps.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\rss\http___feeds_feedburner_com_metacafe_TYps_structured.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss_structured.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\rss\http___youtube_com_rss_global_top_viewed_today_rss.xml (Adware.Agent) -> No action taken.
C:\Programmi\Live_TV\rss\http___youtube_com_rss_global_top_viewed_today_rss_structured.xml (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\msupdate.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\SERVICES.EXE (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drmgs.sys (Rootkit.Agent) -> No action taken.

log combofix

ComboFix 09-01-09.03 - Paolo 2009-01-10 18.02.59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1535.934 [GMT 1:00]
Eseguito da: c:\documents and settings\Paolo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Paolo\Dati applicazioni\.#
c:\documents and settings\Paolo\Dati applicazioni\.#\MBX@1F0@BD3720.###
c:\documents and settings\Paolo\Dati applicazioni\.#\MBX@1F0@BD3730.###
c:\documents and settings\Paolo\Dati applicazioni\.#\MBX@1F0@BD3750.###
c:\documents and settings\Paolo\Dati applicazioni\.#\MBX@618@BD3720.###
c:\documents and settings\Paolo\Dati applicazioni\.#\MBX@618@BD3730.###
c:\documents and settings\Paolo\Dati applicazioni\.#\MBX@618@BD3750.###
c:\documents and settings\Paolo\Dati applicazioni\.#\MBX@F4@BD3720.###
c:\documents and settings\Paolo\Dati applicazioni\.#\MBX@F4@BD3730.###
c:\documents and settings\Paolo\Dati applicazioni\.#\MBX@F4@BD3750.###
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
c:\windows\system32\tmp0_386198193323.bk

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Service_ISODrive


((((((((((((((((((((((((( Files Creati Da 2008-12-10 al 2009-01-10 )))))))))))))))))))))))))))))))))))
.

2009-01-10 17:28 . 2009-01-10 17:29 2,914,322 -ra------ c:\programmi\ComboFix.exe
2009-01-10 17:25 . 2009-01-10 17:59 <DIR> d-------- c:\programmi\Ccleaner
2009-01-10 17:24 . 2009-01-10 17:24 886,925 --a------ c:\programmi\ccleaner.zip
2009-01-10 14:56 . 2009-01-10 17:15 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-10 14:56 . 2009-01-10 14:56 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\Malwarebytes
2009-01-10 14:56 . 2009-01-10 14:56 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-10 14:56 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-10 14:56 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-10 14:55 . 2009-01-10 14:55 2,697,168 --a------ c:\programmi\mbam-setup.exe
2009-01-10 13:30 . 2009-01-10 13:30 <DIR> d-------- c:\programmi\Trend Micro
2009-01-10 13:30 . 2009-01-10 13:30 812,344 --a------ c:\programmi\HJTInstall.exe
2009-01-10 06:06 . 2009-01-10 18:03 <DIR> dr-hs---- C:\RESTORE
2009-01-10 06:06 . 2009-01-10 06:06 28,679 --a------ c:\windows\renamed.exe
2009-01-09 18:09 . 2009-01-09 18:09 268 --ah----- C:\sqmdata00.sqm
2009-01-09 18:09 . 2009-01-09 18:09 244 --ah----- C:\sqmnoopt01.sqm
2009-01-09 18:09 . 2009-01-09 18:09 244 --ah----- C:\sqmnoopt00.sqm
2009-01-09 18:09 . 2009-01-09 18:09 136 --ah----- C:\sqmdata01.sqm
2009-01-08 20:20 . 2009-01-08 20:20 <DIR> d-------- c:\documents and settings\luca\Application Data\DivX
2009-01-07 22:39 . 2009-01-07 22:39 <DIR> d-------- c:\programmi\MSBuild
2009-01-07 22:37 . 2009-01-07 22:40 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-07 22:37 . 2009-01-07 22:37 <DIR> d-------- c:\programmi\Reference Assemblies
2009-01-07 22:36 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-07 22:04 . 2009-01-07 22:04 <DIR> d-------- c:\programmi\Windows Sidebar
2008-12-27 09:43 . 2008-12-27 09:43 <DIR> d-------- c:\programmi\7-Zip
2008-12-27 09:15 . 2008-12-27 09:15 1,947,981 --a------ c:\programmi\installer_7-Zip_File_Manager_4_42.exe
2008-12-27 02:50 . 2008-12-27 02:50 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Elaborate Bytes
2008-12-24 14:44 . 2008-12-24 14:44 <DIR> d-------- c:\documents and settings\Francesco\Application Data\DAEMON Tools Pro
2008-12-24 14:44 . 2008-12-24 14:44 <DIR> d-------- c:\documents and settings\Francesco\Application Data\DAEMON Tools Lite
2008-12-24 14:44 . 2008-12-24 14:44 <DIR> d-------- c:\documents and settings\Francesco\Application Data\DAEMON Tools
2008-12-24 14:36 . 2008-12-24 14:36 126,976 --a------ c:\windows\War3Unin.exe
2008-12-24 14:36 . 2008-12-24 14:36 15,903 --a------ c:\windows\War3Unin.dat
2008-12-24 14:36 . 2008-12-24 14:36 2,829 --a------ c:\windows\War3Unin.pif
2008-12-24 14:32 . 2008-12-24 14:41 <DIR> d-------- c:\programmi\Warcraft III
2008-12-23 10:35 . 2008-12-23 10:35 47,104 --a------ c:\windows\system32\KMVIDC32.DLL
2008-12-23 09:03 . 2008-12-27 22:02 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\DAEMON Tools Pro
2008-12-23 09:03 . 2008-12-23 09:03 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\DAEMON Tools
2008-12-23 09:02 . 2008-12-23 09:02 <DIR> d-------- c:\programmi\DAEMON Tools Lite
2008-12-23 09:02 . 2008-12-23 09:02 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2008-12-23 08:54 . 2008-12-23 09:04 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\DAEMON Tools Lite
2008-12-23 08:54 . 2008-12-23 08:54 7,410,632 --a------ c:\programmi\daemon4302-lite.exe
2008-12-23 08:54 . 2008-12-23 08:54 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-20 01:21 . 2008-12-20 01:35 <DIR> d-------- c:\programmi\moonshell171_with_dpgtools13
2008-12-20 01:21 . 2008-12-20 01:21 <DIR> d-a------ c:\programmi\moonshell_v1.71
2008-12-20 01:20 . 2008-12-20 01:20 2,636,494 --a------ c:\programmi\moonshell-for-r4-v1.71.zip
2008-12-20 01:11 . 2008-12-20 01:11 14,414,817 --a------ c:\programmi\moonshell171_with_dpgtools13.zip
2008-12-17 14:10 . 2008-12-17 14:20 17,464,248 --a------ c:\programmi\IE7Setup_G.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 16:33 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Skype
2009-01-10 16:32 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\skypePM
2009-01-10 08:40 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\uTorrent
2009-01-08 19:20 --------- d-----w c:\documents and settings\luca\Application Data\Nero
2009-01-08 03:05 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Nero
2009-01-08 00:38 --------- d-----w c:\programmi\eMule
2009-01-07 22:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2009-01-07 21:19 --------- d-----w c:\programmi\File comuni\Nero
2009-01-07 21:05 --------- d-----w c:\programmi\Nero
2009-01-07 20:09 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-01-07 20:07 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-07 19:39 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-07 19:39 --------- d-----w c:\programmi\Ahead
2009-01-07 18:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\VMware
2009-01-07 18:31 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\VMware
2009-01-07 18:27 --------- d-----w c:\documents and settings\luca\Application Data\VMware
2009-01-07 18:22 --------- d-----w c:\documents and settings\Francesco\Application Data\VMware
2009-01-07 18:20 --------- d-----w c:\documents and settings\LocalService\Dati applicazioni\VMware
2008-12-27 21:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2008-12-27 01:47 --------- d-----w c:\programmi\Elaborate Bytes
2008-12-24 00:26 --------- d-----w c:\programmi\WinFax
2008-12-23 00:34 --------- d-----w c:\programmi\SlySoft
2008-12-20 00:17 4,836,553 ----a-w c:\programmi\English-1.18.rar
2008-12-05 22:52 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-05 17:26 --------- d-----w c:\documents and settings\Francesco\Application Data\Skype
2008-11-28 23:46 --------- d-----w c:\programmi\Alice Messenger
2008-11-28 23:37 308,027 ----a-w c:\programmi\SaltoDelCavallo.zip
2008-11-27 13:19 --------- d-----w c:\documents and settings\Francesco\Application Data\EPSON
2008-11-19 21:28 --------- d-----w c:\programmi\Motorola Phone Tools
2008-11-19 21:28 --------- d-----w c:\programmi\Avanquest update
2008-11-19 21:27 --------- d-----w c:\programmi\InstallShield Installation Information
2008-11-19 21:11 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\BVRP Software
2008-11-19 21:09 --------- d-----w c:\programmi\File comuni\Motorola Shared
2008-11-19 21:09 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\InstallShield
2008-11-19 11:33 --------- d-----w c:\programmi\File comuni\Skype
2008-11-18 23:55 183 ----a-w c:\programmi\presence_sip_notpaul1_virgilio_it.xml
2008-11-18 23:37 9,267,104 ----a-w c:\programmi\InstallAliceMessenger.exe
2008-11-18 23:37 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2008-11-18 22:40 --------- d-----w c:\programmi\Windows Live
2008-11-18 22:27 --------- d-----w c:\documents and settings\NetworkService\Dati applicazioni\VMware
2008-11-12 12:02 --------- d-----w c:\programmi\DivX
2008-11-11 22:42 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Any DVD Converter Professional
2008-10-14 12:53 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLec.DAT
2008-10-03 23:27 2,032,633 ----a-w c:\programmi\YambInstaller-2.0.0.8.exe
2008-10-03 22:31 16,441,149 ----a-w c:\programmi\any-dvd-converter.exe
2008-10-03 20:25 16,765,131 ----a-w c:\programmi\WmrInstall_12_1.exe
2008-10-02 20:13 594,026 ----a-w c:\programmi\avanti-028.7z
2008-10-02 20:12 2,972,224 ----a-w c:\programmi\ffmpeg-15394.7z
2008-09-20 15:29 2,000,324 ----a-w c:\programmi\cdex_151.exe
2008-09-18 10:49 2,801,968 ----a-w c:\programmi\Acoustica-Audio-Converter-Pro-Installer.exe
2008-09-18 10:48 14,595,600 ----a-w c:\programmi\AVSAudioConverter.exe
2008-04-20 22:02 2,364,957 ----a-w c:\programmi\vidomiinstaller.469.exe
2008-04-12 00:17 2,456,104 ----a-w c:\programmi\eMule_AdunanzA_3-14_Installer.exe
2008-04-05 21:44 32 ----a-w c:\documents and settings\All Users\Dati applicazioni\ezsid.dat
2008-03-14 00:58 9,722,720 ----a-w c:\programmi\spybotsd152.exe
2008-03-14 00:55 15,622,673 ----a-w c:\programmi\adaware2007l.zip
2008-03-10 17:48 23,510,720 ----a-w c:\programmi\dotnetfx.exe
2008-02-08 00:15 195,378,640 ----a-w c:\programmi\Nero-8.2.8.0_ita_update.exe
2008-02-07 23:46 3,311,663 ----a-w c:\programmi\uiso8_pe.exe
2008-02-03 08:18 995,351 ----a-w c:\programmi\DigitalTV2050Setup.exe
2008-01-15 23:06 534,252 ----a-w c:\programmi\nwpsetup.exe
2007-12-28 15:39 2,356,231 ----a-w c:\programmi\cdbxp_setup_4.0.022.370.exe
2007-12-21 06:39 2,744,087 ----a-w c:\programmi\flac-1.2.1b.exe
2007-12-17 11:43 4,845,370 ----a-w c:\programmi\LimeWire Pro 4.14.12.rar
2007-12-09 19:45 209,847 ----a-w c:\programmi\utorrent_1[1].7.5.zip
2007-12-04 20:52 1,195,156 ----a-w c:\programmi\parentalcontrolsetup403.zip
2007-12-04 20:51 1,412,727 ----a-w c:\programmi\Naomi329.zip
2007-12-04 00:22 13,413,048 ----a-w c:\programmi\Google_Earth_BZXV.exe
2007-12-04 00:02 12,458,131 ----a-w c:\programmi\RealPlayer10-5GOLD.zip
2007-12-01 18:15 245 ----a-w c:\programmi\VCMdefault.js
2007-11-14 23:53 2,228,534 ----a-w c:\programmi\audacity-win-1.2.6.exe
2007-11-14 22:55 852,462 ----a-w c:\programmi\Mp3Merger_Setup.exe
2007-10-21 21:09 1,695,497 ----a-w c:\programmi\mp3moulder.exe
2007-10-21 20:55 2,125,249 ----a-w c:\programmi\burrrn_package.exe
2007-10-21 08:02 1,307,613 ----a-w c:\programmi\MAC_401b2.exe
2007-10-20 21:09 1,156,096 ----a-w c:\programmi\iview410_setup.exe
2007-09-05 08:25 7,706,216 ----a-w c:\programmi\winzip110.exe
2007-08-12 13:06 10,380,793 ----a-w c:\programmi\Roland Virtual Sound Canvas V 3.2 (Ottimo Emulatore Software X Midi - for XP only).rar
2007-05-21 22:07 1,263,066 ----a-w c:\programmi\Roster Manager setup.exe
2007-05-21 17:28 65,068 ----a-w c:\programmi\05bbc_10.zip
2007-05-20 22:46 9,516,033 ----a-w c:\programmi\vlc-0.8.6b-win32.exe
2007-05-18 21:41 3,858,985 ----a-w c:\programmi\eMule0.48a-Installer.exe
2007-05-17 16:12 23,785,000 ----a-w c:\programmi\SkypeSetup.exe
2007-05-17 09:47 14,874,584 ----a-w c:\programmi\Avast setup.exe
2007-05-16 20:58 15,714,552 ----a-w c:\programmi\Google_Earth_BZXW.exe
2007-04-16 15:06 5,797,872 ----a-w c:\programmi\Firefox Setup 2.0.0.3.exe
2007-03-28 14:35 685,929 ----a-w c:\programmi\TPlayerSetup.exe
2006-12-21 14:30 1,026,699 ----a-w c:\programmi\VirtualDub-1.6.15.zip
2006-10-22 11:05 7,334,683 ----a-w c:\programmi\ALCOHOL_120+CRACK.zip
2003-08-14 18:13 40,960 ----a-w c:\programmi\Uninstall_PCM.exe
2002-08-05 20:01 549,888 ----a-w c:\programmi\DVDDecrypter.exe
2007-06-02 22:12 66,672 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2007-06-02 22:12 54,376 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2007-06-02 22:12 34,952 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2007-06-02 22:12 46,720 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2007-06-02 22:12 172,144 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d8ff73f5-ab9c-49aa-8c0f-1f760acb3706}"= "c:\programmi\assistentidivolo\tbass1.dll" [2008-11-21 1784856]

[HKEY_CLASSES_ROOT\clsid\{d8ff73f5-ab9c-49aa-8c0f-1f760acb3706}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8ff73f5-ab9c-49aa-8c0f-1f760acb3706}]
2008-11-21 00:16 1784856 --a------ c:\programmi\assistentidivolo\tbass1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d8ff73f5-ab9c-49aa-8c0f-1f760acb3706}"= "c:\programmi\assistentidivolo\tbass1.dll" [2008-11-21 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D8FF73F5-AB9C-49AA-8C0F-1F760ACB3706}"= "c:\programmi\assistentidivolo\tbass1.dll" [2008-11-21 1784856]

[HKEY_CLASSES_ROOT\clsid\{d8ff73f5-ab9c-49aa-8c0f-1f760acb3706}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"Creative WebCam Tray"="c:\programmi\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-12-13 103720]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"Google Update"="c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-27 133104]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programmi\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-05-27 413696]
"PWRISOVM.EXE"="c:\programmi\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"InCD"="c:\programmi\Nero\Nero8\InCD\InCD.exe" [2007-12-13 1082152]
"Sony Ericsson PC Suite"="c:\programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"PCMService"="c:\programmi\Medion Home Cinema XL II\PowerCinema\PCMService.exe" [2003-06-24 61440]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-16 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"SMSERIAL"="sm56hlpr.exe" [2003-03-27 c:\windows\sm56hlpr.exe]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2000-02-17 c:\windows\system32\WFXSNT40.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Controller.LNK - c:\programmi\WinFax\WFXCTL32.EXE [2007-09-04 542208]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-05-27 127488]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\progra~1\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\Nero\\Nero8\\Nero Burning Rom\\nero.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Alice Messenger\\alicemessenger.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Warcraft III\\Warcraft III.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-12-12 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-22 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-22 20560]
R4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]
R4 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2007-12-18 6016]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2007-05-17 178913]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2008-02-04 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2008-02-04 85696]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\programmi\Nero\Nero8\InCD\NBHRegInCDSrv.exe --> c:\programmi\Nero\Nero8\InCD\NBHRegInCDSrv.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDRec

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fcbef26-e6b8-11dc-ace3-005056c00008}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1958367476-682003330-1003.job
- c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-27 20:46]

2009-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1958367476-682003330-1008.job
- c:\documents and settings\luca\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-27 17:54]
.
.
------- Supplementare di scansione -------
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DCFD7122-CD52-435D-B4FD-532E94D86CCD} = 194.183.2.129,217.72.96.66
FF - ProfilePath - c:\documents and settings\Paolo\Dati applicazioni\Mozilla\Firefox\Profiles\lpzqz9v0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\programmi\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 18:07:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\WFXSVC.EXE
c:\programmi\WinFax\WFXMOD32.EXE
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
c:\programmi\File comuni\Teleca Shared\CapabilityManager.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
c:\programmi\Skype\Plugin Manager\skypePM.exe
c:\programmi\File comuni\Teleca Shared\Generic.exe
c:\programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-10 18:12:02 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-10 17:11:59

Pre-Run: 44.052.897.792 byte disponibili
Post-Run: 47,062,417,408 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

335 --- E O F --- 2008-12-19 00:49:35


nuovo log TM Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.16.44, on 10/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Programmi\WinFax\WFXMOD32.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programmi\QuickTime\QTTask.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmi\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\WinFax\WFXCTL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: assistentidivolo Toolbar - {d8ff73f5-ab9c-49aa-8c0f-1f760acb3706} - C:\Programmi\assistentidivolo\tbass1.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: assistentidivolo Toolbar - {d8ff73f5-ab9c-49aa-8c0f-1f760acb3706} - C:\Programmi\assistentidivolo\tbass1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: assistentidivolo Toolbar - {d8ff73f5-ab9c-49aa-8c0f-1f760acb3706} - C:\Programmi\assistentidivolo\tbass1.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Controller.LNK = C:\Programmi\WinFax\WFXCTL32.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCFD7122-CD52-435D-B4FD-532E94D86CCD}: NameServer = 194.183.2.129,217.72.96.66
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Programmi\Nero\Nero8\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10351 bytes

Grazie per l'aiuto