Ciao a tutti ,
Circa 6-7 mesi fa mi ero beccato un root kit nel MBR. e mi avete data una mano a rimuoverlo.

Ora mi è capitata una cosa , credo simile , per cui richiedo aiuto.
Ieri sera al momento di spegnere il PC o sentito 3 beep e la memoria mi è tornata all'improvviso al problema passato.

Ora stamattina ho acceso è ho visto che non mi funziona la scheda di rete WIFI. insospettito ho lanciato subito malwareBytes e ha beccato questo virsu "PUM.Bad.proxy" che ha rimosso. Ho poi lanciato superantispyware che ha trovato un paio di cosucce.
Infine ho lanciato MBR.exe -t di cui riporto il log:

mbr.exe -t
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.s
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !

Mi date una occhiata e una mano.

Al momento la connessione via cavo funziona. Ho controllato i processi e non ho incrementi di memoria strani e nemmeno connessioni TCP strane attive.

Comunque ho provato a fare il ripristo del WIFI e non funziona , dice che c'è un problema.

Grzie a tutti
Joss

edit:
mentre aspettavo mi sono portato avanti e ho fatto anche il log di HiJack che allego.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.46.34, on 28/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\ASNA\ADB Engine 4.7\adbntsvc.exe
E:\Programmi\Java\jre6\bin\jqs.exe
E:\Programmi\CDBurnerXP\NMSAccessU.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
E:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
E:\Programmi\Synaptics\SynTP\SynTPEnh.exe
E:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
E:\Programmi\Microsoft ActiveSync\wcescomm.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
E:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
E:\PROGRA~1\MICROS~4\rapimgr.exe
F:\Programmi\totalcmd750\TOTALCMD.EXE
F:\Programmi\FirefoxPortable3\FirefoxPortable.exe
F:\Programmi\FirefoxPortable3\App\firefox\firefox.exe
F:\Programmi\FirefoxPortable3\App\firefox\plugin-container.exe
F:\Programmi\PsPad\PSPad.exe
E:\Programmi\AVG\AVG10\avgtray.exe
E:\Programmi\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
E:\Programmi\AVG\AVG10\avgwdsvc.exe
E:\Programmi\AVG\AVG10\avgrsx.exe
E:\Programmi\AVG\AVG10\avgcsrvx.exe
E:\Programmi\AVG\AVG10\avgchsvx.exe
E:\Programmi\AVG\AVG10\avgnsx.exe
E:\Programmi\AVG\AVG10\avgemcx.exe
E:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
F:\Programmi\PDFViewer\PDFXCview.exe
E:\WINDOWS\system32\msiexec.exe
E:\AntiVirus\HiJackThis\PFiles\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Programmi\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] E:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPStart] E:\Programmi\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WHITNEY_S2P] E:\Programmi\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] E:\Programmi\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267257553734
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46B013CF-128D-45CA-A2D6-0B8E71F4A2D5}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C779A80-D815-4F88-BC54-834B33B63913}: Domain = RisoViazzo.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C779A80-D815-4F88-BC54-834B33B63913}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programmi\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Acceler8DB Server - ASNA Inc. - E:\Programmi\ASNA\ADB Engine 4.7\adbntsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - E:\Programmi\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - E:\Programmi\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - E:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: lmab_device - - E:\WINDOWS\system32\LMabcoms.exe
O23 - Service: NMSAccessU - Unknown owner - E:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 7861 bytes


appena potete aiutatemi , grazie

Per favore R16 , ho bisogno di una mano, se puoi ! grazie

edit:
Ho ricontrollato il
vecchio thread

e mi sembra che il MBR sia lo stesso di come lo avevamo lasciato allora.
Potrebbe essere solo un problema al blocco del WIFI ?

Come non è il massimo.....
Salvare un'immagine (anche se vecchia) serve proprio, in casi come questi.
Aggiorna tutto il pc, e fai un'altra scansione con MBR.exe.
Posta il log.