Da un po di tempo, dopo circa una ventina di minuti di connessione alla rete, mi esce la seguente schermata:l'istruzione a 0x6f8917c2 ha fatto riferimento alla memoria a " 0x6f8917c2. La memoria non poteva essere "read".
Cosa è successo? nel fattempo ho eseguito il combfix che mi ha dato il seguenet log che allego:





ComboFix 09-06-16.05 - EGIDIO 17/06/2009 14.31.20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.705 [GMT 2:00]
Eseguito da: c:\documents and settings\EGIDIO\Desktop\SICUREZZA\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00650074-006D-0033-3200-5C006D006100}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-05-17 al 2009-06-17 )))))))))))))))))))))))))))))))))))
.

2009-06-17 11:55 . 2009-06-17 11:55 -------- d-----w- c:\windows\LastGood

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 11:55 . 2001-08-31 12:00 437272 ----a-w- c:\windows\system32\perfh010.dat
2009-06-17 11:55 . 2001-08-31 12:00 69568 ----a-w- c:\windows\system32\perfc010.dat
2009-06-17 11:19 . 2009-06-11 12:49 -------- d-----w- c:\documents and settings\EGIDIO\Dati applicazioni\IObit
2009-06-17 11:17 . 2009-06-16 10:54 -------- d-----w- c:\programmi\UltraVNC
2009-06-16 07:14 . 2009-06-09 08:41 78048 ----a-w- c:\documents and settings\EGIDIO\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-12 10:47 . 2009-06-09 08:34 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-12 10:31 . 2009-06-12 10:31 -------- d-----w- c:\programmi\AnVir Task Manager
2009-06-11 15:51 . 2009-06-11 15:51 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\Yahoo!
2009-06-11 13:02 . 2009-06-11 13:02 -------- d-----w- c:\documents and settings\EGIDIO\Dati applicazioni\Yahoo!
2009-06-11 13:02 . 2009-06-11 13:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2009-06-11 12:50 . 2009-06-11 12:50 -------- d-----w- c:\programmi\Yahoo!
2009-06-11 12:49 . 2009-06-11 12:49 -------- d-----w- c:\programmi\IObit
2009-06-11 06:38 . 2009-06-11 06:38 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-06-10 09:33 . 2009-06-10 08:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-06-10 09:33 . 2009-06-10 08:37 -------- d-----w- c:\programmi\NOS
2009-06-10 08:47 . 2009-06-10 08:46 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-10 08:39 . 2009-06-10 08:39 -------- d-----w- c:\programmi\Google
2009-06-10 08:39 . 2009-06-10 08:38 1886320 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe
2009-06-10 07:20 . 2009-06-09 11:32 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-06-10 06:57 . 2009-06-09 11:37 -------- d-----w- c:\programmi\ATI Technologies
2009-06-10 06:57 . 2009-06-09 11:32 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-09 12:55 . 2009-06-09 09:03 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-06-09 12:50 . 2009-06-09 12:50 -------- d-----w- c:\programmi\Trend Micro
2009-06-09 11:59 . 2009-06-09 11:59 -------- d-----w- c:\programmi\Microsoft.NET
2009-06-09 11:58 . 2009-06-09 11:58 -------- d-----w- c:\programmi\Microsoft Works
2009-06-09 11:44 . 2009-06-09 11:44 45056 ----a-r- c:\documents and settings\EGIDIO\Dati applicazioni\Microsoft\Installer\{90B5E602-1867-449D-86FD-FC9DEA4434BF}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2009-06-09 11:44 . 2009-06-09 11:43 -------- d-----w- c:\programmi\Hewlett-Packard
2009-06-09 11:44 . 2009-06-09 11:43 -------- d--h--w- c:\programmi\Zero G Registry
2009-06-09 11:42 . 2009-06-09 11:42 -------- d-----w- c:\programmi\HP
2009-06-09 11:41 . 2009-06-09 11:41 -------- d-----w- c:\programmi\File comuni\SWF Studio
2009-06-09 11:35 . 2009-06-09 11:35 -------- d-----w- c:\programmi\ASUS
2009-06-09 11:32 . 2009-06-09 11:32 -------- d-----w- c:\programmi\Analog Devices
2009-06-09 09:04 . 2009-06-09 09:04 -------- d-----w- c:\documents and settings\EGIDIO\Dati applicazioni\Malwarebytes
2009-06-09 09:04 . 2009-06-09 09:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-09 09:03 . 2009-06-09 09:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-06-09 09:02 . 2009-06-09 09:02 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-06-09 08:55 . 2009-06-09 08:55 -------- d-----w- c:\programmi\Avira
2009-06-09 08:55 . 2009-06-09 08:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-06-09 08:42 . 2009-06-09 08:42 12328 ----a-w- c:\documents and settings\TRIBUTI\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-09 08:35 . 2009-06-09 08:35 -------- d-----w- c:\programmi\microsoft frontpage
2009-06-09 08:33 . 2009-06-09 08:33 -------- d-----w- c:\programmi\Servizi in linea
2009-06-09 08:32 . 2009-06-09 08:32 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-03-30 08:33 . 2009-06-09 08:55 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-03-24 14:08 . 2009-06-09 08:55 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\WINDOWS\\system32\\ntvdm.exe"=

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKU-Default-Run-CTFMON.EXE - c:\windows\system32\CTFMON.EXE


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {12054981-275B-4108-842C-36AACD1DE8FF} = 151.99.125.2
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 14:33
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-06-17 14.34.16
ComboFix-quarantined-files.txt 2009-06-17 12:34

Pre-Run: 15.008.706.560 byte disponibili
Post-Run: 15.010.160.640 byte disponibili

113
Per favore lo volete esaminare?
Grazieeeeeeeeeeeeeeeeeeeeeeeeeeee!