Ciao r16
ho installato e lanciato Windows Install Clean Up ma non riesco a trovare nessuna voce collegata a Prevx.
Ho eliminato il servizio 023............. e tutto quello che già mi avevi consigliato nel post precedente.
Posso approfittare ad eliminare con Wind.Install Clean Up l'OGA Notifier?
Grazie

Ecco ilfile log richiesto:

ComboFix 09-04-28.05 - bonfà 29/04/2009 15.14.52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.531 [GMT 2:00]
Eseguito da: c:\documents and settings\bonfà\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *enabled*
FW: Kaspersky Internet Security *disabled*
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\afcffeccfc4_g.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-05-28 al 2009-4-29 )))))))))))))))))))))))))))))))))))
.

2009-04-29 10:28 . 2009-04-29 10:28 -------- d-----w c:\programmi\Windows Installer Clean Up
2009-04-28 23:18 . 2009-04-28 23:18 -------- d-----w c:\programmi\p-nand-q.com
2009-04-28 22:15 . 2009-04-28 22:15 -------- d-----w c:\programmi\Trend Micro
2009-04-27 11:51 . 2009-04-27 11:51 -------- d-----w c:\programmi\Microsoft Silverlight
2009-04-27 00:32 . 2009-04-27 00:32 -------- d-----w c:\programmi\VS Revo Group
2009-04-24 18:55 . 2009-04-24 18:55 22024 ----a-w c:\windows\system32\drivers\pxscan.sys
2009-04-24 18:55 . 2009-04-24 18:55 27656 ----a-w c:\windows\system32\drivers\pxsec.sys
2009-04-24 18:55 . 2009-04-26 08:18 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\PrevxCSI
2009-04-20 08:58 . 2009-04-20 08:58 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Macrium
2009-04-20 08:36 . 2009-04-20 08:36 -------- d-----w c:\programmi\Macrium
2009-04-15 14:58 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 14:58 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 14:58 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 14:58 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 14:58 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 14:58 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 14:58 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 14:58 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 14:58 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 14:58 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-13 10:03 . 2009-04-18 15:42 18440 ----a-w c:\windows\system32\drivers\pxprot.sys
2009-04-13 10:03 . 2009-04-13 10:03 16904 ----a-w c:\windows\system32\drivers\pxrts.sys
2009-04-10 21:54 . 2009-04-28 19:52 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-04-10 21:54 . 2009-04-10 21:54 -------- d-----w c:\programmi\Google
2009-04-05 10:03 . 2009-04-29 12:08 -------- d-----w c:\programmi\Football Generation
2009-04-05 07:56 . 2007-05-16 07:41 29704 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-05 07:56 . 2009-04-05 07:56 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-04-05 07:56 . 2009-04-28 18:14 -------- d-----w c:\programmi\TuneUp Utilities 2007
2009-04-03 21:05 . 2009-04-03 21:05 -------- d-----w c:\programmi\Glary Utilities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 10:29 . 2008-10-10 10:20 -------- d-----w c:\programmi\MSECache
2009-04-28 23:51 . 2009-01-16 18:05 499744 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-28 23:51 . 2009-01-16 18:05 4884 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-28 23:51 . 2009-01-16 18:05 43956 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-28 23:51 . 2009-01-16 18:05 5085728 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-20 11:12 . 2009-02-09 14:22 -------- d-----w c:\programmi\File comuni\Acronis
2009-04-16 13:06 . 2006-03-02 12:00 71908 ----a-w c:\windows\system32\perfc010.dat
2009-04-16 13:06 . 2006-03-02 12:00 443528 ----a-w c:\windows\system32\perfh010.dat
2009-04-15 15:56 . 2008-12-15 14:09 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-04-06 20:28 . 2008-10-10 10:14 -------- d-----w c:\programmi\File comuni\Adobe
2009-04-06 13:32 . 2008-12-15 14:09 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-12-15 14:09 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 10:03 . 2008-10-10 08:51 -------- d--h--w c:\programmi\InstallShield Installation Information
2009-04-05 07:54 . 2008-12-15 17:26 -------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-03-30 15:19 . 2009-02-04 18:30 -------- d-----w c:\programmi\ECDL- Patente europea del computer
2009-03-30 15:19 . 2009-02-04 18:30 737280 ----a-w c:\windows\iun6002.exe
2009-03-25 17:28 . 2009-03-25 16:42 -------- d-----w c:\programmi\CGEMS
2009-03-25 17:27 . 2009-03-25 16:30 253952 ------w c:\windows\Setup1.exe
2009-03-25 17:27 . 2009-03-25 16:30 74752 ----a-w c:\windows\ST6UNST.EXE
2009-03-19 20:53 . 2008-12-28 15:00 153104 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-03-15 11:58 . 2008-10-27 17:10 -------- d-----w c:\programmi\Metin2_Italiano
2009-03-06 14:19 . 2006-03-02 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-03-02 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:08 . 2006-03-02 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-10 14:15 . 2008-01-29 16:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-09 14:22 . 2009-02-09 14:22 392320 ----a-w c:\windows\system32\drivers\timntr.sys
2009-02-09 14:22 . 2009-02-09 14:22 32768 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2009-02-09 14:22 . 2009-02-09 14:22 114048 ----a-w c:\windows\system32\drivers\snapman.sys
2009-02-09 14:04 . 2006-03-02 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2004-08-19 15:34 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2006-03-02 12:00 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2006-03-02 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2006-03-02 12:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2006-03-02 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2006-03-02 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2006-03-02 12:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2006-03-02 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2006-03-02 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-02-03 18:38 . 2009-01-16 18:05 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 18:38 . 2009-01-16 18:05 101287 ----a-w c:\windows\system32\drivers\klin.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Easy-PrintToolBox"="c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 206088]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 13:56 352256 ----a-w c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"=c:\programmi\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

R2 0167801232134318mcinstcleanup;0167801232134318mcinstcleanup; [x]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2009-04-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]

2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-29 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2009-04-03 07:49]

2009-04-29 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 21:54]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)


.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Aggiungi al banner Blocco pubblicità - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\bonfà\Dati applicazioni\Mozilla\Firefox\Profiles\v7on5wlp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 15:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-04-29 15.17.54
ComboFix-quarantined-files.txt 2009-04-29 13:17

Pre-Run: 87.588.585.472 byte disponibili
Post-Run: 87.604.269.056 byte disponibili

187 --- E O F --- 2009-04-29 09:01

Ho eliminato, come da te consigliato, i file in rosso e pulito con CCleaner.

Finalmente sono riuscito a reinstallare Prevx 3.0.
TANTISSIME GRAZIE A R16 E A ENIGMISTA 63.
SIETE STATI BRAVISSIMI E PAZIENTISSIMI.
CIAO

Disinstalla combofix in questo modo:
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Ricordati di rinascondere le cartelle di sistema
Ciao!

Ciao gli aggiornamenti del software (oggi e' uscita la versione 3.0.1.0.65 che ho aggiornato) preferisco farla manualmente,basta andare sul sito ufficiale,scaricare la nuova versione ed installarla sopra quella che hai gia' e si aggiorna. La spunta in rimuovi automaticamente file bloccati,l'ho tolta perche' se durante l'installazione di un software prevx rileva un infezione,se il software e' abbastanza grande puo' mandare il programma in autoprotezione,manualmente lui ti segnala l'infezione e ti guida passo passo alla rimozione e lo mette in quarantena,in caso di falso positivo puoi ripristinarlo.
Per quanto riguarda malwarebytes e superantispyware ti sei risposto da solo, in 6 mesi non hanno mai rilevato nulla,ed inoltre da un controllo col Get SistemInfo per kaspersky hanno parecchie DLL incompatibili con il kis,e poi sono dell'idea che un software senza protezione in tempo reale sia poco utile,ormai il virus e' gia' dentro il pc,siccome io non scansiono tutti i giorni,ma una volta alla settimana,ritengo che il realtime sia piu' utile che non un virus dentro al pc per giorni e giorni.Chiaramente non ho installato sul pc software con le stesse caratteristiche in realtime altrimenti posson esserci conflitti.
Come vedi da questa immagine i piu' rilevanti software di protezione non riescono a stare dietro a tutte le minacce e potrai vedere quanti presunti virus non rilevano,chiaramente la percentuale dei NON rilevamenti piu' alta e' dettata dal fatto che molti utenti utilizzano quel software,quindi pui' utenti utilizzano piu' e' alta la percentuale.
Per vista non so io uso kis e prevx su 2 pc con xp,ma non ho problemi. Ti posso confrmare che programmi come LIVE PLAYER .EXE,SPEED DOWNLOAD.EXE, non sono stati rilevati infetti da kis,ma da prevx edge.