Ho lanciato il tool per rimuovere eventual Conficker che mi avevi consigliato (in provvisoria naturalmente) ma non ha rilevato alcuna infezione ( e nemmeno rilasciato log ).

Permangono i soliti problemi, gli avvi tentati oggi mi fanno pensare a problemi nella fase di avvio, tant'è vero che non carica tutti i programmi soliti dell'avvio (e che solitamente vengono visualizzati in basso a dx vicino all'orologio), nemmeno Kaspersky per esempio. E da lì non si riesce a cliccare nulla perchè appare clessidra e da lì non si schioda.....

Niente da fare, guarda....
Nemmeno riesco a usarlo il tool suggerito, perchè disinstallare Kaspersky si può fare solo in modalità normale, e il pc in modalità normale nemmeno supera la fase di avvio....
Sembra impietrito ....non mi lascia fare nulla.....

Mi fermo prima, il suggerimento era prima disinstallare Kaspersky, ma come t'ho scritto non mi è possibile.....in pratica in modalità normale non posso fare assolutamente nulla.

SDFix l'ho scaricato con altro pc e l'ho su un CD...ma posso farlo partire in provvisora con kaspersky ancora installato?

In provvisoria, naturalmente...?

OK: cancellati tutti tranne C:\31.tmp che non c'era....

Ora?

Ecco il report:


SDFix: Version 1.240
Run by Mario on 07/09/2009 at 23.44

Microsoft Windows XP [Versione 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 23:49:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmi\\NetMeeting\\conf.exe"="C:\\Programmi\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\Programmi\\Messenger\\msmsgs.exe"="C:\\Programmi\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmi\\Windows Media Player\\wmplayer.exe"="C:\\Programmi\\Windows Media Player\\wmplayer.exe:*:Enabled:wmplayer"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Programmi\\mIRC\\mirc.exe"="C:\\Programmi\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\BitComet\\BitComet.exe"="C:\\Programmi\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Programmi\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Programmi\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"
"C:\\Programmi\\Mediacenter 1.0a\\Mediacenter.exe"="C:\\Programmi\\Mediacenter 1.0a\\Mediacenter.exe:*:Enabled:Mediacenter"
"C:\\Programmi\\eMule\\eMule.exe"="C:\\Programmi\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Programmi\\AvaTrader\\fx_loader.exe"="C:\\Programmi\\AvaTrader\\fx_loader.exe:*:Enabled:AvaTrader"
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"="C:\\Programmi\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Programmi\\SopCast\\SopCast.exe"="C:\\Programmi\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programmi\\Skype\\Phone\\Skype.exe"="C:\\Programmi\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Programmi\\uTorrent\\uTorrent.exe"="C:\\Programmi\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Documents and Settings\\Mario\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Mario\\Desktop\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Programmi\\P2Pcontrol\\p2control.exe"="C:\\Programmi\\P2Pcontrol\\p2control.exe:*:Enabled:P2Control"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmi\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 14 Apr 2008 1,695,232 A.SH. --- "C:\Programmi\Messenger\msmsgs.exe"
Tue 31 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 19 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 30 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 19 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Mon 19 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"
Mon 19 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv05.tmp"
Tue 20 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv06.tmp"
Tue 20 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv07.tmp"
Tue 20 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv08.tmp"
Wed 28 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv09.tmp"
Sat 3 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv0a.tmp"
Mon 5 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv0b.tmp"
Tue 6 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv0c.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av1.tmp"
Fri 17 Jul 2009 13,014,807 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av10.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av11.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av12.tmp"
Sun 19 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av13.tmp"
Sun 19 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av14.tmp"
Wed 8 Jul 2009 12,880,554 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av14E.tmp"
Wed 22 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av15.tmp"
Wed 22 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av16.tmp"
Wed 22 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av17.tmp"
Fri 24 Jul 2009 13,356,138 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av18.tmp"
Fri 24 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av19.tmp"
Fri 24 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av1A.tmp"
Fri 24 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av1B.tmp"
Mon 27 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av1C.tmp"
Mon 27 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av1D.tmp"
Mon 27 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av1E.tmp"
Sun 12 Jul 2009 13,014,807 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av1E2.tmp"
Mon 27 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av1F.tmp"
Mon 13 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av2.tmp"
Mon 27 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av20.tmp"
Mon 27 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av21.tmp"
Thu 30 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av22.tmp"
Fri 31 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av23.tmp"
Sat 1 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av24.tmp"
Sat 1 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av25.tmp"
Sat 1 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av26.tmp"
Sat 1 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av27.tmp"
Sat 15 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av28.tmp"
Sat 15 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av29.tmp"
Sat 15 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av2A.tmp"
Sat 15 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av2B.tmp"
Sat 15 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av2C.tmp"
Sat 15 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av2D.tmp"
Sun 23 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av2E.tmp"
Sun 23 Aug 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av2F.tmp"
Thu 9 Jul 2009 12,962,367 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av2F4.tmp"
Mon 13 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av3.tmp"
Mon 7 Sep 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av30.tmp"
Mon 7 Sep 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av31.tmp"
Mon 13 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av4.tmp"
Mon 13 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av5.tmp"
Mon 13 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av6.tmp"
Mon 13 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av7.tmp"
Tue 14 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av8.tmp"
Tue 14 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\av9.tmp"
Tue 14 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\avA.tmp"
Tue 14 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\avB.tmp"
Tue 14 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\avC.tmp"
Tue 14 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\avD.tmp"
Tue 14 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\avE.tmp"
Fri 17 Jul 2009 0 A..H. --- "C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Bases\Cache\avF.tmp"

Finished!

In scansione rapida non ha trovato nulla....provo in scansione completa?

....e se così fosse?

ciaoo io proverei a fare una pulizia del disco ed in seguito a fare una bella defremmentazione :-)

Se hai il cd di installazione originale, potresti tentare di riparare Windows. (non stò parlando di formattazione).
Ecco un link, con 4 modi diversi:
http://maxdor.beepworld.it/ripararewindowsxp.htm
Vedi quello che più ti sembra congeniale. ( il punto 4 non mi sembra male)

P.S:
Toglimi una curiosità (in provvisoria naturalmente):
Fai Start\Esegui\ copia-incolla questo comando: control userpasswords2
E clicca OK.
Guarda se vedi qualche "nome utente" strano, o che non conosci.