www.MegaLab.it

[partyboy78]

ciao,ho un problema...mesi fa ho caricato virusfighter...poi l 'ho cancellato subito !! ma adesso fancendo una scansione con combofix mi dice che è ancora attivo!! ho provato con cerca e ha vedere nei programmi ma non l ho trovo!! deve essere qualche file con un altro nome!! sapete dirmi come rimuoverlo?? o potete consigliarmi qualche programma x pulire il pc da file scancellati e inutili? grazie

[crazy.cat]

ci fai vedere il log di combofix?

[partyboy78]

grazie x aver risposo crazy.cat ! ti mando adesso combofix...puoi dare un' occhiata se c'è ancora qualche residuo dal virus beagle che ho preso...dovrei averlo eliminato...se vuoi ti mando anche gli altri report??

ComboFix 09-10-26.06 - Beppe 31/10/2009 8.37.16.11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.192 [GMT 1:00]
Eseguito da: c:\documents and settings\Beppe\Desktop\aab.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: VIRUSfighter ver. 5.99 *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Trend Micro PC-cillin Internet Security *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((( Files Creati Da 2009-09-28 al 2009-10-31 )))))))))))))))))))))))))))))))))))
.

2009-10-31 07:31 . 2009-10-31 07:32 -------- d-----w- C:\aab
2009-10-30 17:18 . 2008-05-29 08:28 28416 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-30 17:18 . 2009-10-30 17:18 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-30 17:17 . 2009-10-30 17:17 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\TuneUp Software
2009-10-30 17:16 . 2009-10-30 17:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-10-30 17:15 . 2009-10-30 17:20 -------- d-----w- c:\programmi\TuneUp Utilities 2008
2009-10-30 17:12 . 2009-10-30 17:12 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-10-29 19:45 . 2009-10-29 19:46 -------- d-----w- C:\FindyKill
2009-10-29 19:16 . 2009-10-29 19:16 -------- d-----w- c:\programmi\Trend Micro
2009-10-28 19:04 . 2009-10-28 19:04 44288 ----a-w- c:\windows\system32\drivers\viragtlt.sys
2009-10-28 18:10 . 2009-10-28 18:10 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-28 18:07 . 2009-10-28 18:22 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-28 18:07 . 2009-10-28 18:22 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-28 18:04 . 2009-10-31 08:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-10-28 18:04 . 2009-10-28 18:04 -------- d-----w- c:\programmi\Kaspersky Lab
2009-10-27 19:13 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\37837622.sys
2009-10-27 17:07 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\99745568.sys
2009-10-27 16:38 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\54650354.sys
2009-10-27 16:36 . 2009-10-27 16:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CrystalIdea Software
2009-10-27 16:29 . 2009-10-27 16:29 -------- d-----w- c:\programmi\Uninstall Tool
2009-10-27 16:28 . 2009-10-29 21:35 22060 -c--a-w- c:\windows\system32\dllcache\npds.zip
2009-10-27 16:28 . 2009-10-29 21:36 403 -c--a-w- c:\windows\system32\dllcache\npdrmv2.zip
2009-10-27 16:16 . 2009-10-27 16:17 -------- d-----w- C:\abc13308a
2009-10-26 21:30 . 2009-10-26 21:30 -------- d-----w- c:\programmi\Codyssey
2009-10-26 21:21 . 2009-10-26 21:24 -------- d-----w- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Eraser
2009-10-26 21:17 . 2009-06-10 13:22 83344 ----a-w- c:\windows\system32\Erasext.dll
2009-10-26 21:17 . 2009-06-10 13:22 307088 ----a-w- c:\windows\system32\Eraser.dll
2009-10-26 21:17 . 2009-06-10 13:22 73104 ----a-w- c:\windows\system32\Eraserl.exe
2009-10-26 19:29 . 2009-10-26 19:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Martau
2009-10-24 19:09 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\07980805.sys
2009-10-17 10:44 . 2009-10-17 10:48 -------- d-----w- c:\programmi\XP TCPIP Repair
2009-10-17 08:26 . 2009-10-17 08:26 -------- d-----w- c:\documents and settings\Default User\Impostazioni locali\Dati applicazioni\Microsoft Help
2009-10-14 17:47 . 2009-10-14 17:47 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\Malwarebytes
2009-10-14 17:47 . 2009-10-14 17:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-10-14 17:41 . 2009-10-31 08:03 85542944 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-14 17:36 . 2009-10-27 18:01 14848 -c--a-w- c:\windows\system32\dllcache\register.exe.REN
2009-10-14 14:07 . 2009-10-14 14:07 -------- d-----w- C:\QUARANTENA_VIRIT
2009-10-13 20:25 . 2009-10-13 20:25 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\Desktop Maestro
2009-10-13 20:24 . 2009-10-23 06:59 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-11 10:25 . 2009-10-11 10:34 -------- d-----w- C:\abc
2009-10-10 14:54 . 2009-10-10 14:54 -------- d-----w- c:\programmi\MIKSOFT
2009-10-10 11:57 . 2009-10-11 12:41 -------- d-----w- c:\programmi\Lphant
2009-10-09 15:56 . 2009-10-11 12:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-09 15:38 . 2009-10-09 15:38 -------- d-----w- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\PackageAware
2009-10-09 13:33 . 2009-10-09 13:33 -------- d-----w- c:\documents and settings\Beppe\DoctorWeb
2009-10-09 05:28 . 2009-10-09 15:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2009-10-09 05:28 . 2009-10-09 05:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2009-10-09 05:28 . 2009-10-09 05:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2009-10-07 22:15 . 2009-10-07 22:15 -------- d-----w- c:\programmi\NOS
2009-10-07 20:27 . 2009-10-07 20:27 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-07 20:26 . 2009-10-07 20:26 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-10-07 20:26 . 2009-10-07 20:26 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\DivX
2009-10-07 20:26 . 2009-10-07 20:26 -------- d-----w- c:\programmi\Codec Pack - All In 1
2009-10-07 20:25 . 2009-10-07 20:25 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\ATI
2009-10-07 20:22 . 2009-10-07 20:22 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\{FCCD3ACF-B2F9-4087-B2A4-0DB5FADB9C32}
2009-10-07 20:22 . 2009-10-07 20:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-10-06 21:42 . 2009-10-07 20:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS(4)
2009-10-06 20:51 . 2009-10-07 20:59 -------- d-----w- c:\programmi\Mozilla Firefox(2)
2009-10-06 20:28 . 2009-10-06 20:28 0 ----a-w- c:\windows\nsreg.dat
2009-10-06 20:28 . 2009-10-06 20:28 -------- d-----w- c:\documents and settings\Beppe\Impostazioni locali\Dati applicazioni\Mozilla
2009-10-06 09:46 . 2009-10-07 20:26 -------- d-----w- c:\programmi\K-Lite Codec Pack(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 07:59 . 2009-10-14 17:41 1003784 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-28 18:01 . 2009-01-19 19:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-10-27 15:57 . 2008-10-16 17:58 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\uTorrent
2009-10-27 15:41 . 2001-08-31 12:00 91962 ----a-w- c:\windows\system32\perfc010.dat
2009-10-27 15:41 . 2001-08-31 12:00 505964 ----a-w- c:\windows\system32\perfh010.dat
2009-10-24 09:20 . 2009-10-13 14:23 241664 ----a-w- c:\documents and settings\NetworkService\NTUSER.DAT.TMP
2009-10-24 09:20 . 2009-10-12 12:31 32422 ----a-w- c:\windows\SchedLgU.Txt.TMP
2009-10-24 09:20 . 2009-10-12 12:31 262144 ----a-w- c:\documents and settings\LocalService\NTUSER.DAT.TMP
2009-10-24 09:20 . 2009-10-12 12:31 1024 ----a-w- c:\documents and settings\Beppe\ntuser.dat.LOG.TMP
2009-10-22 08:19 . 2009-10-12 12:31 1024 ----a-w- c:\documents and settings\Beppe\NTUSER~1.LOG.TMP
2009-10-22 08:18 . 2009-10-18 17:29 786432 ----a-w- c:\documents and settings\Administrator\ntuser.dat.TMP
2009-10-19 12:18 . 2009-09-08 21:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DriverScanner
2009-10-17 18:02 . 2008-09-05 16:15 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-10-13 20:14 . 2009-02-22 17:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trend Micro
2009-10-12 16:34 . 2008-11-13 14:58 -------- d-----w- c:\programmi\Softwin
2009-10-12 16:34 . 2008-11-13 14:55 -------- d-----w- c:\programmi\File comuni\Softwin
2009-10-08 17:39 . 2008-10-31 13:41 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-10-07 22:17 . 2009-09-30 10:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-10-07 20:23 . 2009-09-16 17:35 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-10-07 20:22 . 2009-09-08 21:18 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-10-06 21:35 . 2008-09-15 20:28 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\Vso
2009-10-01 11:21 . 2008-11-21 10:40 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\Datalayer
2009-09-16 18:12 . 2008-09-10 06:39 -------- d-----w- c:\programmi\ATI Technologies
2009-09-16 17:39 . 2008-09-23 20:53 -------- d-----w- c:\programmi\Uniblue
2009-09-16 17:01 . 2009-09-16 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Uniblue
2009-09-16 16:59 . 2008-09-23 20:53 -------- d-----w- c:\documents and settings\Beppe\Dati applicazioni\Uniblue
2009-09-15 17:56 . 2009-09-15 17:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-09-11 14:17 . 2001-08-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 07:52 . 2009-09-02 17:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2009-09-09 07:51 . 2009-09-08 21:48 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}
2009-09-09 07:51 . 2009-09-08 21:49 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-09-09 07:51 . 2009-09-09 07:51 867336 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-09-04 21:03 . 2001-08-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:56 . 2001-08-31 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2001-08-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 17:24 . 2008-09-05 14:26 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2008-09-05 14:26 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2008-09-05 14:26 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-09-05 14:26 35552 ----a-w- c:\windows\system32\wups(2)(3).dll
2009-08-06 17:24 . 2007-07-30 17:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2007-07-30 17:19 44768 ----a-w- c:\windows\system32\wups2(2)(3).dll
2009-08-06 17:24 . 2008-09-05 13:59 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2001-08-31 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2008-09-05 14:26 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2008-09-06 15:49 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2008-09-05 13:59 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 17:23 . 2008-07-18 20:07 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 08:59 . 2001-08-31 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:56 . 2001-08-31 12:00 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2001-08-30 21:33 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot_2009-10-27_19.02.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-03 14:45 . 2009-07-03 14:45 27507 c:\windows\system32\drivers\klopp.dat
+ 2009-05-16 19:59 . 2009-05-16 19:59 19472 c:\windows\system32\drivers\klmouflt.sys
+ 2009-05-13 16:46 . 2009-05-13 16:46 31760 c:\windows\system32\drivers\klim5.sys
+ 2008-12-15 19:41 . 2008-12-15 19:41 33808 c:\windows\system32\drivers\klbg.sys
+ 2008-09-05 14:06 . 2009-10-28 16:31 14848 c:\windows\system32\dllcache\register.exe
- 2008-09-05 14:06 . 2009-10-27 18:01 14848 c:\windows\system32\dllcache\register.exe
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-03 14:48 . 2009-07-03 14:48 219664 c:\windows\system32\klogon.dll
+ 2009-10-28 18:03 . 2009-10-28 18:03 296976 c:\windows\system32\drivers\klif.sys
+ 2009-06-15 13:01 . 2009-06-15 13:01 128016 c:\windows\system32\drivers\kl1.sys
+ 2009-10-28 04:24 . 2009-10-28 04:24 195584 c:\windows\Installer\20e1da0.msi
+ 2009-10-30 17:17 . 2009-10-30 17:17 2563072 c:\windows\Installer\ae522b.msi
+ 2009-10-28 18:07 . 2009-10-28 18:07 3401216 c:\windows\Installer\5dfa7b.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Uniblue RegistryBooster 2"="c:\programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-01-10 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 878080]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Beppe\Menu Avvio\Programmi\Esecuzione automatica\
is-H6EI7.lnk - c:\documents and settings\Beppe\Desktop\Virus Removal Tool2\is-H6EI7\startup.exe [2009-10-27 65536]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2008-9-9 525664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Lphant\\eLePhantClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55556:UDP"= 55556:UDP:UDP
"55555:TCP"= 55555:TCP:TCP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 20.41.32 33808]
R1 is-CPSHNdrv;is-CPSHNdrv;c:\windows\system32\drivers\54650354.sys [27/10/2009 17.38.22 148496]
R1 is-H6EI7drv;is-H6EI7drv;c:\windows\system32\drivers\37837622.sys [27/10/2009 20.13.00 148496]
R1 is-LLM70drv;is-LLM70drv;c:\windows\system32\drivers\07980805.sys [24/10/2009 20.09.41 148496]
R1 is-R58B8drv;is-R58B8drv;c:\windows\system32\drivers\99745568.sys [27/10/2009 18.07.46 148496]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [05/09/2008 15.13.18 45440]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 17.46.52 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 20.59.44 19472]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [05/09/2008 15.13.18 56960]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys c:\windows\system32\drivers\pavboot.sys
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19/01/2009 16.47.21 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19/01/2009 16.47.24 8320]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys f:\NTGLM7X.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-25 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2009-09-14 08:13]

2009-09-14 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2009-09-14 08:13]

2009-10-28 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\programmi\Uniblue\SpyEraser\SpyEraser.exe [2009-09-16 13:44]

2009-09-16 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\programmi\Uniblue\SpyEraser\SpyEraser.exe [2009-09-16 13:44]

2009-10-31 c:\windows\Tasks\User_Feed_Synchronization-{5E3EABF5-93D7-4BDA-8F12-80749F258036}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2009-10-31 c:\windows\Tasks\Verifica e correzione automatica.job
- c:\programmi\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Beppe\Dati applicazioni\Mozilla\Firefox\Profiles\ie1iw790.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Beppe\Dati applicazioni\Mozilla\Firefox\Profiles\ie1iw790.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 09:02
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[Roberto88]

a me successe la stessa cosa molto tempo fa con AVG, risolsi reinstallandolo e disinstallandolo con Revo Uninstaller (ripulendo tutte le voci asociate nel registro) e per sicurezza feci alcune passate con CCleaner e Wintools.net
spero di esserti stato d'aiuto

[partyboy78]

non arrivo ancora ad eliminarlo...ho la cartella in c con la sottocartella con il programma "njeeves" ogni volta che provo a cancellarla mi dice impossibile eliminare controllare che il disco non sia pieno o protetto da scrittura e che il file non sia attualmente in uso!

[crazy.cat]

Hai già fatto la scansione con Malwarebytes o superantispyware?

[partyboy78]

non ho provo con sti 2 ,adsso provo!!...ho fatto la scansione con:combofix,fxbeagle,findykill,hijackthis,elibagla e ho messo l'antivirus kaspersky versione di prova 30 giorni!se vuoi ti mando i report così gli dai un occhiata??

[crazy.cat]

fxbeagle,findykill,hijackthis,elibagla

Tutte cose inutili contro virusfighter che è un rogue software.
I log non servono.

[partyboy78]

ma 6 sicuro che si tratti di un virus?? VIRUSfighter ver. 5.99 è un antivirus che avevo caricato mesi fa....qualche file del antivirus si deve essere misciato a qualche file di windows..e non lo trovo dove si è nascosto x cancellarlo!! malwarebytes non ha trovato niente,mentre superantispyware mi ha trovato 22 ardware tracking cokie!

[crazy.cat]

Lo davano come uno rogue, cioè un programma inutile e pericoloso (ma forse è cambiato)
http://www.2-spyware.com/remove-virusfighter.html

Ci sono anche delle istruzioni su cosa ripulire.

[partyboy78]

ho visto il sito...ma non è il mio caso mi sa...ho provato a vedere le voci di registro da scancellare che c'erano sul sito ma sul mio pc non c'è traccia di loro!!

[partyboy78]

ciao,crazy.cat penso di aver trovato dove si nasconde virusfighter...ho fatto la scansione con hijachthis e me l'ha trovato! puoi vedermi quali file inutili posso cancellare che io non ho esperienza!ti mando l,allegato! grazie Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.45.04, on 04/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0636430906
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63DCB9C-C6C6-4E60-86C8-BC68796EF54E}: NameServer = 85.37.17.14 85.38.28.78
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7153 bytes

[crazy.cat]

Devi rimuovere i due servizi inutili seguendo le istruzioni di questo articolo
http://www.MegaLab.it/2578/ripulire-la- ... di-windows

O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe (file missing)