ciao e grazie per l'aiuto.
questo è il log di mbr.exe appena fatto:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
combofix invece l'ho usato l'ultima volta il 22.12.2009 e questo è il log su cui un esperto mi ha detto che secondo lui sono pulito (purtroppo non posso usarlo adesso perchè dovrei bloccare il lavoro dell'ufficio):
ComboFix 09-12-21.08 - Administrator 22/12/2009 16.58.37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1551 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\desktop\combofix.exe
Opzioni usate :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))).
c:\documents and settings\Administrator\Dati applicazioni\EurekaLog
c:\documents and settings\Administrator\Dati applicazioni\EurekaLog\EurekaLog.ini
c:\documents and settings\HelpAssistant\Dati applicazioni\EurekaLog
c:\documents and settings\HelpAssistant\Dati applicazioni\EurekaLog\EurekaLog.ini
C:\LOG.TXT
c:\windows\system32\Cache
c:\windows\system32\dbexpmysql.dll
c:\windows\system32\FAXFORM.DLL
c:\windows\system32\NTSVc.ocx
c:\windows\system32\twain.dll
((((((((((((((((((((((((( Files Creati Da 2009-11-22 al 2009-12-22 )))))))))))))))))))))))))))))))))))
2009-12-22 15:02 . 2009-12-22 15:22 -------- d-----w- c:\programmi\Navilog1
2009-12-21 21:59 . 2009-12-22 15:49 -------- d-----w- C:\Lop SD
2009-12-21 15:52 . 2009-12-07 20:52 27 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Dropbox\cache\2009-12-21\jpdftweak (deleted 4b1d6b11-1b-850a34b004000e1).bat
2009-12-21 11:43 . 2009-12-21 11:07 583168 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2009-12-21 11:43 . 2009-12-21 11:07 686080 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2009-12-21 11:43 . 2009-12-21 11:07 655872 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\msvcr90.dll
2009-12-21 11:43 . 2009-12-21 11:07 568832 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\msvcp90.dll
2009-12-21 11:43 . 2009-12-21 11:07 224768 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\msvcm90.dll
2009-12-21 11:07 . 2009-12-21 11:07 686080 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2009-12-21 11:07 . 2009-12-21 11:07 655872 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\msvcr90.dll
2009-12-21 11:07 . 2009-12-21 11:07 583168 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2009-12-21 11:07 . 2009-12-21 11:07 568832 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\msvcp90.dll
2009-12-21 11:07 . 2009-12-21 11:07 224768 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B4.tmp_\sun-pdfimport.oxt\msvcm90.dll
2009-12-20 18:08 . 2009-12-20 18:08 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\Avira
2009-12-20 17:58 . 2009-12-20 18:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-20 17:58 . 2009-12-20 18:00 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-20 17:53 . 2009-12-20 17:53 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Avira
2009-12-20 17:47 . 2009-12-20 15:26 52224 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-20 17:32 . 2009-05-08 12:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2009-12-20 17:32 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-20 17:32 . 2009-02-24 11:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2009-12-20 17:32 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-20 17:32 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-20 15:26 . 2009-12-20 15:26 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-18 16:21 . 2009-12-18 17:16 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\VMware
2009-12-18 16:16 . 2009-12-18 16:16 909320 ----a-w- c:\documents and settings\All Users\Dati applicazioni\VMware\VMware Player\Uninstaller\uninstall.exe
2009-12-18 16:16 . 2009-12-18 16:09 569344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\VMware\VMware Player\Uninstaller\module_core.dll
2009-12-18 16:16 . 2009-12-18 16:09 331776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\VMware\VMware Player\Uninstaller\module_ws.dll
2009-12-18 16:16 . 2009-12-18 16:09 958000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\VMware\VMware Player\Uninstaller\vnetlib64.dll
2009-12-18 16:16 . 2009-12-18 16:09 922672 ----a-w- c:\documents and settings\All Users\Dati applicazioni\VMware\VMware Player\Uninstaller\vnetlib64.exe
2009-12-18 16:16 . 2009-12-18 16:09 760368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\VMware\VMware Player\Uninstaller\vnetlib.dll
2009-12-18 16:16 . 2009-12-18 16:09 703024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\VMware\VMware Player\Uninstaller\vnetlib.exe
2009-12-18 16:16 . 2009-12-18 16:09 731696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\VMware\VMware Player\Uninstaller\vminstutil.dll
2009-12-18 16:16 . 2009-12-22 15:52 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\VMware
2009-12-18 16:15 . 2009-10-21 23:13 59952 ----a-r- c:\windows\system32\vnetinst.dll
2009-12-18 16:15 . 2009-10-21 23:13 16560 ----a-r- c:\windows\system32\drivers\vmnetadapter.sys
2009-12-18 16:15 . 2009-10-22 03:44 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2009-12-18 16:15 . 2009-10-22 03:44 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2009-12-18 16:15 . 2009-10-22 03:44 760368 ----a-w- c:\windows\system32\vnetlib.dll
2009-12-18 16:15 . 2009-10-22 03:44 395824 ----a-w- c:\windows\system32\vmnat.exe
2009-12-18 16:15 . 2009-10-21 23:13 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2009-12-18 16:11 . 2009-10-22 03:45 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2009-12-18 16:11 . 2009-12-18 16:11 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\VMware
2009-12-18 15:38 . 2009-12-22 16:04 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\VMware
2009-12-18 15:38 . 2009-12-22 16:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\VMware
2009-12-17 17:35 . 2009-12-17 17:35 -------- d-----w- c:\programmi\Windows Installer Clean Up
2009-12-17 08:46 . 2009-12-17 08:47 -------- d-----w- C:\Uninstall_Moduli di Controllo Cessioni di Quote. Vers. 9.0.5
2009-12-16 16:34 . 2009-12-16 16:34 -------- d-----w- c:\programmi\Common Files
2009-12-16 15:11 . 2003-08-13 14:27 65280 ----a-w- c:\windows\system32\drivers\Rtlnic51.sys
2009-12-16 14:17 . 2009-03-25 13:29 130432 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-12-16 14:17 . 2009-03-03 19:18 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-11 19:05 . 2009-12-20 17:46 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-11 19:05 . 2009-12-20 17:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-12-11 19:05 . 2009-12-11 19:05 -------- d-----w- c:\programmi\Avira
2009-12-09 17:17 . 2009-12-09 17:17 1924200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2009-12-08 17:59 . 2009-12-08 17:59 -------- d-----w- c:\programmi\VS Revo Group
2009-12-08 17:21 . 2009-12-08 17:21 -------- d-----w- c:\documents and settings\HelpAssistant\.java
2009-12-08 17:21 . 2009-12-08 17:21 -------- d-----w- c:\documents and settings\HelpAssistant\.housecall6.6
2009-12-08 15:35 . 2009-12-08 15:35 -------- d-----w- c:\documents and settings\Administrator\.java
2009-12-08 13:37 . 2001-08-30 22:08 54272 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-12-08 13:36 . 2001-08-17 20:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2009-12-08 13:35 . 2001-08-30 22:07 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-12-08 13:34 . 2001-08-17 21:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2009-12-08 13:33 . 2001-08-17 19:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-12-08 13:32 . 2001-08-30 22:07 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2009-12-08 13:31 . 2001-08-30 22:07 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2009-12-08 13:30 . 2001-08-17 20:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2009-12-08 13:29 . 2001-08-30 22:08 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2009-12-08 13:28 . 2001-08-17 19:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-12-08 13:27 . 2008-04-13 19:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2009-12-08 13:26 . 2001-08-17 19:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2009-12-08 13:22 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-12-08 13:22 . 2008-04-14 03:13 29696 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2009-12-08 13:22 . 2001-08-17 20:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2009-12-08 13:22 . 2008-04-14 03:14 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2009-12-08 13:22 . 2001-08-17 20:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2009-12-08 13:22 . 2008-04-13 19:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2009-12-08 13:22 . 2001-08-17 19:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2009-12-08 13:22 . 2001-08-30 22:07 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2009-12-08 13:22 . 2001-08-17 20:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2009-12-08 13:22 . 2008-04-14 02:52 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2009-12-08 13:22 . 2001-08-30 18:43 13568 -c--a-w- c:\windows\system32\dllcache\inport.sys
2009-12-08 13:22 . 2001-08-17 20:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2009-12-08 13:22 . 2001-08-30 22:07 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-12-08 13:20 . 2001-08-17 20:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2009-12-08 13:19 . 2001-08-30 22:07 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-12-08 13:18 . 2001-08-17 19:19 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys
2009-12-08 13:17 . 2001-08-30 22:07 102484 -c--a-w- c:\windows\system32\dllcache\digiinf.dll
2009-12-08 13:16 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-12-08 13:14 . 2001-08-30 19:19 13952 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-12-08 13:13 . 2001-08-17 20:51 14848 -c--a-w- c:\windows\system32\dllcache\asc3550.sys
2009-12-08 13:12 . 2001-08-17 21:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-12-08 13:11 . 2001-08-30 22:07 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-08 12:13 . 2009-12-08 12:13 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\Grisoft
2009-12-08 12:04 . 2009-12-08 12:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Grisoft
2009-12-08 11:45 . 2009-12-17 07:56 -------- d-----w- C:\Uninstall_Moduli di Controllo Cessioni di Quote. Vers. 9.0.4
2009-12-08 11:34 . 2009-12-08 11:34 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\YCanPDF
2009-12-08 07:42 . 2009-12-07 20:52 27 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\cache\2009-12-21\jpdftweak (deleted 4b1d6b11-1b-850a34b004000e1).bat
2009-12-04 14:58 . 2009-12-04 14:58 4844296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-04 08:18 . 2009-12-20 15:26 117760 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-04 08:18 . 2009-12-04 08:18 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\SUPERAntiSpyware.com
2009-12-04 07:20 . 2009-12-20 15:26 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-04 07:19 . 2009-12-04 07:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-04 07:19 . 2009-12-04 07:19 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-04 07:19 . 2009-12-04 07:19 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com
2009-12-04 07:19 . 2009-12-04 07:19 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-03 18:31 . 2009-12-03 18:31 191128 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-03 18:11 . 2009-12-08 08:33 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-03 17:50 . 2009-12-03 18:01 -------- d-----w- c:\documents and settings\Administrator\.housecall6.6
2009-12-02 11:59 . 2009-12-15 14:16 -------- d-----w- c:\documents and settings\HelpAssistant\dikeTmpdir
2009-12-01 11:34 . 2009-12-01 11:34 -------- d-----w- c:\programmi\Uninstall ModuliControlloEAS
2009-12-01 08:33 . 2009-12-08 17:49 -------- d-----w- c:\programmi\Wise Registry Cleaner
2009-11-30 20:17 . 2009-12-08 11:44 -------- d-----w- C:\Uninstall_Moduli di Controllo Cessioni di Quote. Vers. 9.0.3
2009-11-30 16:35 . 2009-11-30 16:35 -------- d-----w- c:\programmi\ProcessExplorer
2009-11-30 16:08 . 2009-11-30 16:08 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-11-30 16:08 . 2009-11-30 16:08 -------- d-----w- c:\documents and settings\HelpAssistant\TOSHIBA
2009-11-30 16:08 . 2009-11-30 16:08 -------- d-----w- c:\documents and settings\HelpAssistant\InstallAnywhere
2009-11-30 16:08 . 2009-11-30 16:08 -------- d-----w- c:\documents and settings\HelpAssistant\EurekaLog
2009-11-30 16:04 . 2009-11-30 16:04 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\Vso
2009-11-30 16:04 . 2009-11-28 11:20 152576 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-30 16:04 . 2009-11-28 11:11 79488 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-30 16:04 . 2009-11-28 08:24 61440 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Sun\Java\Deployment\cache\6.0\50\6b9b56b2-7ce72683-1.0.3--n\IeEmbed.exe
2009-11-30 16:04 . 2009-11-28 08:24 45056 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Sun\Java\Deployment\cache\6.0\50\6b9b56b2-7ce72683-1.0.3--n\tray.dll
2009-11-30 16:04 . 2009-11-28 08:24 188416 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Sun\Java\Deployment\cache\6.0\50\6b9b56b2-7ce72683-1.0.3--n\MozEmbed.exe
2009-11-30 16:04 . 2009-11-28 08:24 110592 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Sun\Java\Deployment\cache\6.0\50\6b9b56b2-7ce72683-1.0.3--n\jdic.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 15:10 . 2008-11-26 08:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-12-22 13:20 . 2009-10-23 16:25 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox
2009-12-21 11:06 . 2009-11-30 16:03 1 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-21 11:06 . 2009-03-06 14:36 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-20 08:59 . 2007-11-20 09:20 7588 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-18 15:40 . 2007-08-02 12:00 96494 ----a-w- c:\windows\system32\perfc010.dat
2009-12-18 15:40 . 2007-08-02 12:00 520458 ----a-w- c:\windows\system32\perfh010.dat
2009-12-16 19:58 . 2007-11-20 07:57 159744 ----a-w- c:\windows\system32\siscmon.exe
2009-12-16 15:50 . 2007-08-02 12:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-12-08 11:34 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\ntr
2009-12-04 08:44 . 2007-11-16 14:57 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-12-01 09:19 . 2007-11-28 18:25 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\ScanSoft
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\OpenOffice.org
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\OfficeUpdate12
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\Malwarebytes
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\Faxalo
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\Dropbox
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\DivX
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\Apple Computer
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\AISoftware
2009-11-30 16:03 . 2009-11-30 16:03 -------- d-----w- c:\documents and settings\HelpAssistant\Dati applicazioni\Ahead
2009-10-23 16:25 . 2009-10-23 16:25 89962 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\Uninstall.exe
2009-10-22 03:45 . 2009-10-22 03:45 853936 ----a-w- c:\windows\system32\drivers\vmx86.sys
2009-10-22 03:45 . 2009-10-22 03:45 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2009-10-22 02:47 . 2009-10-22 02:47 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2009-10-22 02:22 . 2009-10-22 02:22 252464 ----a-w- c:\windows\system32\vmnc.dll
2009-10-21 05:38 . 2007-08-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2007-08-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-08-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 11:01 . 2009-10-13 11:01 249856 ------w- c:\windows\Setup1.exe
2009-10-13 11:01 . 2009-10-13 11:01 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-13 10:33 . 2007-08-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2007-08-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2007-08-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:33 . 2009-10-12 13:33 64960 ----a-w- c:\windows\system32\drivers\stcp2v30.sys
2009-10-09 01:18 . 2009-10-09 01:18 26805255 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\Dropbox.exe
2009-10-08 21:18 . 2009-11-30 16:03 499712 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Dropbox\bin\msvcp71.dll
2009-10-08 21:18 . 2009-11-30 16:03 348160 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Dropbox\bin\msvcr71.dll
2009-10-08 21:18 . 2009-10-08 21:18 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\msvcp71.dll
2009-10-08 21:18 . 2009-10-08 21:18 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\msvcr71.dll
2009-10-08 21:18 . 2009-11-30 16:03 77824 ----a-w- c:\documents and settings\HelpAssistant\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
2009-10-08 21:18 . 2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
2009-09-25 16:41 . 2009-09-25 16:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe" [2008-03-11 1274744]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe" [2008-03-06 884696]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2008-03-06 136472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"VMware hqtray"="d:\vmware\hqtray.exe" [2009-10-22 64048]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Gestore Chiave.lnk - c:\italwin\KeyServer.exe [2007-11-21 155648]
Rupsmon Daemon.lnk - c:\programmi\Megatec\UPSilon 2000\Monw32.exe [2008-3-25 40960]
Service Manager.lnk - c:\programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
siscmon.lnk - h:\windows\system32\siscmon.exe [2007-11-20 159744]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 10:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2009-09-08 07:09 196608 ----a-w- c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2009-09-08 07:09 69632 ----a-w- c:\programmi\File comuni\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 15:14 1394000 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-25 23:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-28 11:21 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"gupdate1c9b91c5f551d6a"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"RTHDCPL"=RTHDCPL.EXE
"NeroFilterCheck"=c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Java\\jre1.5.0_14\\bin\\javaw.exe"=
"c:\\Programmi\\File comuni\\Acronis\\Agent\\agent.exe"=
"c:\\Programmi\\Acronis\\LicenseServer\\LicenseServerConsole.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programmi\\Acronis\\TrueImageEchoWorkstation\\TrueImage.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Java\\jre1.5.0_16\\bin\\javaw.exe"=
"d:\\VMWARE\\vmware-authd.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4890:TCP"= 4890:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"6269:TCP"= 6269:TCP:Services
"2759:TCP"= 2759:TCP:Services
R0 3wareDrv;3wareDrv;c:\windows\system32\drivers\3wareDrv.sys [16/11/2007 11.06.27 82184]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [04/02/2008 8.57.37 30656]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8.43.30 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8.43.28 74480]
R2 3DM2;AMCC 3DM2;c:\programmi\AMCC\3DM2\3dm2.exe [16/11/2007 16.25.38 1687552]
R2 AcronisAgent;Acronis Remote Agent;c:\programmi\File comuni\Acronis\Agent\agent.exe [11/03/2008 12.16.50 517848]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programmi\Avira\AntiVir Desktop\avmailc.exe [20/12/2009 18.32.42 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [20/12/2009 18.32.42 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programmi\Avira\AntiVir Desktop\avwebgrd.exe [20/12/2009 18.32.42 434945]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [27/11/2009 17.21.02 276816]
R2 MSSQL$ITALSTUDIO;MSSQL$ITALSTUDIO;c:\programmi\Microsoft SQL Server\MSSQL$ITALSTUDIO\Binn\sqlservr.exe -sITALSTUDIO --> c:\programmi\Microsoft SQL Server\MSSQL$ITALSTUDIO\Binn\sqlservr.exe -sITALSTUDIO [?]
R2 SalvRiprNET3;Gestore Unificato Salvataggi-Ripristini Evol-Std Servizio;c:\programmi\File comuni\EVOL-STD\UtilitaSQL\BackupUnificato\Its.Strumenti.BackupUnificato.Base.Serv_BackupRestore.exe [24/01/2008 9.16.23 29696]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [22/10/2009 4.45.00 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\programmi\Common Files\VMware\USB\vmware-usbarbitrator.exe [22/10/2009 3.47.54 563760]
R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\drivers\WILPAR.SYS [19/11/2007 15.29.42 14096]
R3 ACSET;ACS USB Smart Card Reader;c:\windows\system32\drivers\acrusbxp.sys [20/11/2007 8.48.01 25728]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [20/12/2009 18.32.44 69632]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [26/07/2005 14.42.00 43968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/11/2009 17.20.58 19160]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys --> c:\windows\system32\DRIVERS\atl01_xp.sys [?]
S3 LGDDCDevice;LGDDCDevice;c:\programmi\LG Soft India\forteManager\bin\I2CDriver.sys [01/06/2009 9.10.03 14336]
S3 LGII2CDevice;LGII2CDevice;c:\programmi\LG Soft India\forteManager\bin\PII2CDriver.sys [01/06/2009 9.10.03 13312]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2A.tmp --> c:\windows\system32\2A.tmp [?]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8.43.30 7408]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [14/01/2008 15.17.31 44000]
S3 skeyusb;SmartKey USB;c:\windows\system32\drivers\skeyusb.sys [22/11/2007 9.06.09 45277]
S3 SQLAgent$ITALSTUDIO;SQLAgent$ITALSTUDIO;c:\programmi\Microsoft SQL Server\MSSQL$ITALSTUDIO\Binn\sqlagent.EXE -i ITALSTUDIO --> c:\programmi\Microsoft SQL Server\MSSQL$ITALSTUDIO\Binn\sqlagent.EXE -i ITALSTUDIO [?]
S4 gupdate1c9b91c5f551d6a;Servizio di Google Update (gupdate1c9b91c5f551d6a);"c:\programmi\Google\Update\GoogleUpdate.exe" /svc --> c:\programmi\Google\Update\GoogleUpdate.exe [?]
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.finanze.it/export/finanze/index.htmLSP: c:\programmi\Avira\AntiVir Desktop\avsda.dll
TCP: {724AC57D-2F3D-4C21-9D85-04D37A324FCE} = 151.99.125.1,151.99.0.100
TCP: {8DAF4341-E040-4D7A-A943-9ED0E1F487E1} = 151.99.125.1,151.99.0.100
TCP: {A656A814-0EFE-4F7A-A2F2-CCAB4F104D59} = 151.99.125.1,151.99.0.100
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\c8n781jp.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-22 17:05
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A6853A8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> 0x89c954c0
PacketIndicateHandler -> NDIS.sys @ 0xb9dd8a0d
SendHandler -> NDIS.sys @ 0xb9decb40
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\3DM2]
"ImagePath"="c:\programmi\AMCC\3DM2/3dm2.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2A.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(1336)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(1392)
c:\windows\system32\relog_ap.dll
c:\programmi\Avira\AntiVir Desktop\avsda.dll
- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\WININET.dll
c:\documents and settings\Administrator\Dati applicazioni\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft SQL Server\MSSQL$ITALSTUDIO\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Megatec\UPSilon 2000\RupsMon.exe
c:\programmi\Megatec\UPSilon 2000\USBMate.exe
c:\windows\system32\vmnat.exe
d:\vmware\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\W32MKDE.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-22 17:08:02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-22 16:08
Pre-Run: 100.762.419.200 byte disponibili
Post-Run: 100.718.911.488 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - B9DC329B8EE93A94C086136742904BAD