Fatta la scansione con Combofix. Tuttavia mi è successo per 3/4 volte di avere una schermata blu in fase di accensione e caricamento del s.o. Ora dopo questa operazione con Combofix il problema non dovrebbe ripresentarsi, almeno lo spero.
ComboFix 10-06-02.03 - Administrator 03/06/2010 15.03.18.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1033.18.767.422 [GMT 7:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-6C25-9D7C08000A00}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\egun.exe
c:\documents and settings\Administrator\My Documents\ac.exe
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-05-03 al 2010-06-03 )))))))))))))))))))))))))))))))))))
.
2010-06-03 05:37 . 2010-06-03 05:36 389120 ----a-w- c:\windows\system32\CF16970.exe
2010-06-03 05:10 . 2010-06-03 05:10 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aehelp.dll
2010-06-03 05:10 . 2010-06-03 05:10 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aegen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 05:11 . 2010-06-03 05:11 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
2010-06-03 05:11 . 2010-06-03 05:11 1352058 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescript.dll
2010-06-03 05:11 . 2010-06-03 05:11 2720118 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
2010-06-03 05:11 . 2010-06-03 05:11 2720118 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll
2010-06-03 05:10 . 2010-06-03 05:11 242038 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
2010-06-03 05:10 . 2010-06-03 05:11 377205 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
2010-06-02 15:01 . 2008-10-02 09:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 12:31 . 2010-06-03 05:11 127347 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
2010-05-13 12:31 . 2010-06-03 05:11 201081 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
2010-05-13 12:31 . 2010-06-03 05:11 192886 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
2010-05-12 05:46 . 2009-05-27 12:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2010-04-29 08:39 . 2008-10-02 09:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 08:39 . 2008-10-02 09:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 06:48 . 2009-10-02 10:45 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-26 15:57 . 2008-10-03 16:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-04-26 14:18 . 2008-10-03 16:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-04-24 12:28 . 2010-06-03 05:11 254324 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
2010-04-24 12:28 . 2010-06-03 05:11 106868 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
2010-04-24 12:28 . 2010-06-03 05:11 393588 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
2010-04-24 12:28 . 2010-06-03 05:11 53618 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aebb.dll
2010-04-20 05:07 . 2008-10-17 05:17 -------- d-----w- c:\program files\CCleaner
2010-04-17 12:29 . 2010-06-03 05:11 541043 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
2010-03-20 08:46 . 2010-06-03 05:11 426358 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
2009-12-27 08:49 . 2009-01-26 11:11 72 --sh--w- c:\windows\S3648A81E.tmp
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-06-27 190024]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-15 04:19 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^C6 Messenger.lnk]
backup=c:\windows\pss\C6 Messenger.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PartMetBackup.lnk]
backup=c:\windows\pss\PartMetBackup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IDW Logging Tool.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DevconDefaultDB]
c:\windows\READREG [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 07:56 17920 ----a-w- c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-11 07:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-22 17:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 22:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 03:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 04:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-09 21:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-05-30 07:30 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DisplayTrayIcon"=c:\windows\system32\TrayIcon.exe
"flockbox"=c:\program files\My Lockbox\flockbox.exe /a
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\LinkCreator.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\C6 Messenger\\plugin\\fsmodule\\C6FileSharing.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [1/5/2009 6:12 PM 17264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 2:07 PM 55024]
R2 FTPGetterLauncher;FTPGetter Launcher;c:\program files\FTPGetter\ftpgsrv.exe [9/4/2009 10:50 AM 53760]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/11/2009 4:00 AM 717296]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 2:07 PM 7408]
.
Contenuto della cartella 'Scheduled Tasks'
2010-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 06:42]
2010-06-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-07 02:38]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.msn.it/
uInternet Connection Wizard,ShellNext = hxxp://www.tot.co.th/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b37eqjo7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=14597&l=dis
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b37eqjo7.default\extensions\{bc4be15d-6a34-4356-9e97-79e43da32b1d}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPC6Helper.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-03 15:15
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(540)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Ora fine scansione: 2010-06-03 15:19:48
ComboFix-quarantined-files.txt 2010-06-03 08:19
ComboFix2.txt 2009-10-02 12:52
ComboFix3.txt 2009-05-29 05:19
Pre-Run: 6.064.599.040 bytes free
Post-Run: 6.122.557.440 bytes free
- - End Of File - - AE08B426748CF247CF232C3816BC8893
