virus win32\patched. D0 (disperazione totale..)

[Moretta]

Buona sera..premetto che è la prima volta che mi iscrivo a questo tipo di forum..in genere son sempre riuscita a rimuovere i virus leggendo le soluzioni date ad altri..ma stavolta proprio nn riesco..

E' più di una settimana che ho problemi con questo "animale" identificato come virus Win32\Patched. D0

Il resident Shield di AVG mi si attiva in continuazione dicendomi che il file C:\WINDOWS\system32\drivers\ACPIEC.sys è danneggiato...ho fatto varie scansioni anche con Malwarebytes che in più mi ha trovato delle !password stealt"..

Il problema AVG continua a rimuovere sto benedetto virus..ma sembra si ricrei di continuo..non ce la faccio più..sto veramente impazzendo

Se è possibile un qualche aiuto ve ne sarò grata in eterno...

Vi posto il log di HjachThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58:41, on 21/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\SupportAppXL\onda_mon.exe
C:\WINDOWS\PLFSetL.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Acer\Acer VCM\RS_Service.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Safari\Safari.exe
C:\Programmi\Windows Live\Mail\wlmail.exe
C:\Documents and Settings\Morèèè\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w88l23257
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w88l23257
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5w88l23257
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: roccoabazia Toolbar - {e13e395f-77a5-499b-897e-134c03375af7} - C:\Programmi\roccoabazia\tbrocc.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: roccoabazia Toolbar - {e13e395f-77a5-499b-897e-134c03375af7} - C:\Programmi\roccoabazia\tbrocc.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: roccoabazia Toolbar - {e13e395f-77a5-499b-897e-134c03375af7} - C:\Programmi\roccoabazia\tbrocc.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [snp2uvc] rundll32.exe C:\WINDOWS\system32\csnp2uvc.dll,ResetCIDS
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Programmi\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 3462690984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3462676625
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Acer\Acer VCM\Skype4COM.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Programmi\Acer\Acer VCM\RS_Service.exe

--
End of file - 10235 bytes

[bik]

Innanzitutto Scaricati un disco di avvio di Avira, masterizza la ISO su un CD e fai avviare il PC da CD con questo disco.
Il disco lo scarichi da http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
Ripulisci quello che ti chiede.
Dopo, se non ha rimosso tutto, fixa queste voci da hijack (sempre se non sei sicuro della provenienza)

R3 - URLSearchHook: roccoabazia Toolbar - {e13e395f-77a5-499b-897e-134c03375af7} - C:\Programmi\roccoabazia\tbrocc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: roccoabazia Toolbar - {e13e395f-77a5-499b-897e-134c03375af7} - C:\Programmi\roccoabazia\tbrocc.dll
O3 - Toolbar: roccoabazia Toolbar - {e13e395f-77a5-499b-897e-134c03375af7} - C:\Programmi\roccoabazia\tbrocc.dll

Poi vediamo come va.
Se posso darti un consiglio sostituisci AVG con un antivirus di più valido, come free posso consigliarti Avast 5, Avira free o Microsoft security essenzial (in ordine di preferenza).

[Luke57]

Ciao, per adesso lascia stare il cd di Avira, scarica Combofix direttamente sul desktop dal link seguente:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- disconnettiti da internet
- disattiva il tuo antivirus
- esegui ComboFix.exe
- NON installare la RECOVERY CONSOLE
- NON interferire con la scansione del programma
- a scansione ultimata vai in C:\ e copia/incolla, nella tua prossima risposta, il log contentuto nel file
Combofix.txt

[Moretta]

Ecco:

ComboFix 10-04-21.01 - Morèèè 23/04/2010 21.17.04.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1014.587 [GMT 2:00]
Eseguito da: c:\documents and settings\Morèèè\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmi\Extension Changer\extmain.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000026_.tmp.dll
c:\windows\system32\fsc.txt
c:\windows\system32\ide.txt
c:\windows\system32\lpe.txt
c:\windows\system32\qks.txt
c:\windows\system32\vbzlib1.dll

La copia infetta di c:\windows\system32\drivers\ACPIEC.sys è stata trovata e disinfettata
ipristinata copia da - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Creati Da 2010-03-23 al 2010-04-23 )))))))))))))))))))))))))))))))))))
.

2010-04-21 17:39 . 2010-04-21 17:39 242696 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-04-21 17:39 . 2010-04-21 17:39 1689952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-04-19 07:27 . 2010-04-19 09:19 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-19 07:15 . 2010-04-19 07:15 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-19 07:15 . 2010-04-19 07:48 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-19 07:15 . 2010-04-19 07:15 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP
2010-04-19 07:14 . 2010-04-19 07:14 -------- d-----w- c:\programmi\Avidemux 2.5
2010-04-18 18:25 . 2010-04-19 07:14 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware(2)
2010-04-18 18:18 . 2010-04-18 18:18 -------- d-----w- c:\programmi\Enigma Software Group
2010-04-17 09:22 . 2010-04-17 09:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-17 09:16 . 2010-04-18 17:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-04-16 17:59 . 2010-04-16 17:59 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-16 14:31 . 2010-04-19 07:48 5918776 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-16 14:29 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-16 14:29 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 17:52 . 2010-04-14 17:53 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\Adobe
2010-04-12 14:08 . 2010-04-17 12:30 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-12 13:34 . 2010-04-12 13:34 -------- d-----r- c:\documents and settings\NetworkService\Preferiti
2010-04-12 13:32 . 2010-04-12 13:32 -------- d-----w- c:\documents and settings\NetworkService\Menu Avvio
2010-04-11 18:47 . 2010-04-11 18:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-11 15:29 . 2010-04-11 15:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Fugazo
2010-04-11 15:29 . 2010-04-11 15:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Zylom
2010-04-11 15:29 . 2006-09-26 10:03 98304 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2010-04-11 15:29 . 2006-09-26 10:03 161976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2010-04-07 16:49 . 2010-04-07 16:49 4255072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-04-03 12:09 . 2010-04-03 12:09 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-03 11:47 . 2010-04-03 11:47 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\roccoabazia
2010-04-01 20:14 . 2010-04-01 20:14 -------- d-----w- c:\windows\Sun
2010-04-01 19:27 . 2010-04-01 19:27 4076824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2010-04-01 19:27 . 2010-04-01 19:27 2059544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2010-04-01 19:27 . 2010-04-01 19:27 1274136 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2010-04-01 19:27 . 2010-04-01 19:27 598296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgsrmx.dll
2010-04-01 19:27 . 2010-04-01 19:27 313112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avglogx.dll
2010-04-01 19:27 . 2010-04-01 19:27 1598744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-04-01 19:27 . 2010-04-01 19:27 1515224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgwd.dll
2010-04-01 19:27 . 2010-04-01 19:27 556824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2010-04-01 19:27 . 2010-04-01 19:27 459544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcclix.dll
2010-04-01 19:27 . 2010-04-01 19:27 341272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxch32.dll
2010-04-01 19:27 . 2010-04-01 19:27 301336 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchclx.dll
2010-04-01 19:27 . 2010-04-01 19:27 1086744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchsvx.exe
2010-04-01 19:25 . 2010-04-01 19:25 1035032 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-04-01 15:36 . 2010-04-23 19:21 -------- d-----w- c:\programmi\Extension Changer
2010-03-29 13:38 . 2010-04-18 17:49 -------- d-----w- c:\programmi\Ask.com
2010-03-29 13:37 . 2010-03-29 13:37 -------- d-----w- c:\programmi\File comuni\Java
2010-03-29 13:37 . 2010-03-29 13:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-29 13:37 . 2010-03-29 13:37 -------- d-----w- c:\programmi\Java
2010-03-29 12:52 . 2010-03-29 12:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\4232
2010-03-29 11:53 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-03-29 11:23 . 2010-03-29 11:23 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-03-29 11:21 . 2010-03-29 11:23 -------- d-----w- C:\412355372bdc713ead0d
2010-03-29 11:21 . 2010-03-29 11:22 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-03-29 11:21 . 2010-03-29 11:21 -------- d-----w- c:\windows\system32\LogFiles
2010-03-29 11:21 . 2010-03-29 11:21 -------- d-----w- C:\f54d9250d03e7379c4b13da560e9
2010-03-27 13:58 . 2010-03-27 13:58 -------- d-----w- c:\programmi\Conduit
2010-03-27 13:58 . 2010-03-27 13:58 -------- d-----w- c:\programmi\roccoabazia
2010-03-26 10:00 . 2010-03-26 10:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-03-26 09:14 . 2007-02-20 15:04 190696 ----a-w- c:\windows\system32\NPSWF32_FlashUtil.exe
2010-03-26 09:14 . 2007-02-20 15:04 2463976 ----a-w- c:\windows\system32\NPSWF32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 19:15 . 2010-01-28 17:47 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-22 18:45 . 2009-08-01 21:24 71680 ----a-w- c:\windows\system32\perfc010.dat
2010-04-22 18:45 . 2009-08-01 21:24 441988 ----a-w- c:\windows\system32\perfh010.dat
2010-04-21 22:25 . 2001-08-30 19:43 12160 ----a-w- c:\windows\system32\drivers\ACPIEC.sys
2010-04-21 17:39 . 2010-01-12 17:09 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-19 08:43 . 2010-01-30 09:03 -------- d-----w- c:\programmi\Alice MOBILE
2010-04-18 17:43 . 2010-01-08 14:41 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-18 16:53 . 2010-04-18 16:53 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-04-18 16:51 . 2010-04-18 16:51 12160 ----a-w- c:\windows\system32\drivers\OLD99.tmp
2010-04-03 12:11 . 2010-01-15 20:49 -------- d-----w- c:\programmi\Safari
2010-04-01 12:38 . 2010-01-12 14:46 -------- d-----w- c:\programmi\150 Giochi del GameBoy Advance
2010-03-26 20:28 . 2010-01-15 20:50 74508 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-26 15:08 . 2009-08-01 14:14 -------- d-----w- c:\programmi\File comuni\Adobe
2010-03-19 09:56 . 2010-03-19 09:56 -------- d-----w- c:\programmi\DsNET Corp
2010-03-19 09:52 . 2010-03-19 09:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2010-03-19 09:50 . 2010-03-19 09:48 -------- d-----w- c:\programmi\File comuni\Ahead
2010-03-19 09:48 . 2010-03-19 09:48 -------- d-----w- c:\programmi\Nero
2010-03-19 09:48 . 2010-03-19 09:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-03-19 09:34 . 2009-08-01 13:25 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-03-19 09:33 . 2010-03-19 09:33 -------- d-----w- c:\programmi\Essentials Codec Pack
2010-03-18 13:58 . 2009-08-01 13:32 -------- d-----w- c:\programmi\Google
2010-03-18 08:43 . 2010-01-12 14:22 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-03-14 17:35 . 2010-03-14 17:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 17:35 . 2010-01-12 17:09 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 17:34 . 2010-01-12 17:09 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 14:46 . 2010-03-13 14:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-03-11 14:09 . 2010-03-11 14:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SSScanWizard
2010-03-11 14:09 . 2010-03-11 14:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SSScanAppDataDir
2010-03-11 14:09 . 2010-01-13 16:00 -------- d-----w- c:\programmi\File comuni\ArcSoft
2010-03-11 14:03 . 2010-02-01 11:32 -------- d-----w- c:\programmi\QuickTime
2010-03-11 13:59 . 2010-02-28 14:23 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2010-02-28 14:23 . 2010-02-15 08:48 -------- d-----w- c:\programmi\Canon
2010-02-28 14:23 . 2010-02-28 14:23 -------- d-----w- c:\programmi\ScanSoft
2010-02-28 14:22 . 2010-02-28 14:21 -------- d-----w- c:\programmi\ArcSoft
2010-03-08 08:59 . 2010-03-08 08:59 110592 ----a-w- c:\programmi\mozilla firefox\components\adproFfx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e13e395f-77a5-499b-897e-134c03375af7}"= "c:\programmi\roccoabazia\tbrocc.dll" [2010-03-25 2355296]

[HKEY_CLASSES_ROOT\clsid\{e13e395f-77a5-499b-897e-134c03375af7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e13e395f-77a5-499b-897e-134c03375af7}]
2010-03-25 12:31 2355296 ----a-w- c:\programmi\roccoabazia\tbrocc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e13e395f-77a5-499b-897e-134c03375af7}"= "c:\programmi\roccoabazia\tbrocc.dll" [2010-03-25 2355296]

[HKEY_CLASSES_ROOT\clsid\{e13e395f-77a5-499b-897e-134c03375af7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E13E395F-77A5-499B-897E-134C03375AF7}"= "c:\programmi\roccoabazia\tbrocc.dll" [2010-03-25 2355296]

[HKEY_CLASSES_ROOT\clsid\{e13e395f-77a5-499b-897e-134c03375af7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"AzMixerSel"="c:\programmi\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Omnipage"="c:\programmi\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-03-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
NETGEAR WG111v3 Smart Wizard.lnk - c:\programmi\NETGEAR\WG111v3\WG111v3.exe [2006-5-29 1527808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 17:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acer VCM.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 10:13 152872 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\Acer\\Acer VCM\\VC.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/01/2010 19.09.43 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/01/2010 19.09.52 242896]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [14/03/2010 19.35.28 308064]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [16/04/2010 16.29.52 303952]
R2 RS_Service;Raw Socket Service;c:\programmi\Acer\Acer VCM\RS_Service.exe [01/08/2009 16.17.26 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/08/2009 23.24.44 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/04/2010 16.29.47 20824]
S2 ONDA Autorun CDROM Monitor;ONDA Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\onda_mon.exe [19/03/2010 11.34.04 86016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01/08/2009 15.31.21 1684736]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\ONDAusbmdm6k.sys [19/03/2010 11.35.08 104960]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [19/03/2010 11.35.08 110080]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\ONDAusbnmea.sys [19/03/2010 11.35.08 104960]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\ONDAusbser6k.sys [19/03/2010 11.35.08 104960]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [01/08/2009 15.26.03 162816]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 15.11.54 224896]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w88l23257
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
------- Associazioni dei file -------
.
.txt=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 21:22
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2010-04-23 21:24:53
ComboFix-quarantined-files.txt 2010-04-23 19:24

Pre-Run: 126.702.465.024 byte disponibili
Post-Run: 126.987.132.928 byte disponibili

- - End Of File - - 8F263C2ECB80B26E9D3A21378AFDB700

[Luke57]

Ciao, combofix dovrebbe averti sistemato il problema. Ultima cosa: cerca questo file, attivando l'opzione visualizza file e cartelle nascosti. vedi qui come fare, se non lo sai:
http://www.wista.it/vista/visualizzare- ... vista-410/

Poi cerca questo file:
c:\windows\system32\DRIVERS\Rts516xIR.sys

se presente vai qui:
http://www.virustotal.com/it/

fai l'upload del file (premi sfoglia e carica il file). Esso sarà analizzato da diversi antivirus, posta il risultato dell'analisi.

[Moretta]

Ho cercato il file che mi hai chiesto (anche nei file e cartelle nascosti) ma nn c'è...

Il problema sembra essersi risolto con combofix..infatti il resident shield nn mi si attiva più... Ho provato prima a far una scansione con avg e mi ha trovato solo un virus (sempre win32\patched) ma stavolta situato in:

C:\System Volume Information\_restore{425127B9-9F1A-4F56-882F-6263CC2A1563}\RP8\A0004237.sys

PS: unico problemino (e non so se sia un problema) da quando ho fatto la scansione con combofix dopo aver riavviato e riattivato AVG..non mi compare più l'icona nella barra delle applicazioni..ma sembra essere attivo lo stesso..o mi sbaglio?

[Dariush al Gabr]

Vorrei ringraziare per l'ottimo consiglio: avevo lo stesso problema di moretta e l'ho risolto grazie al vostro suggerimento!
(almeno spero)

[Flash30005]

...PS: unico problemino (e non so se sia un problema) da quando ho fatto la scansione con combofix dopo aver riavviato e riattivato AVG..non mi compare più l'icona nella barra delle applicazioni..ma sembra essere attivo lo stesso..o mi sbaglio?

Molti Virus bloccano i loro "nemici": gli antivirus
quindi puoi disinstallare e reinstallare AVG per far comparire di nuovo l'icona
altrimenti dovresti mettere le mani nel registro
ma è preferibile la prima soluzione.

Ciao

[Moretta]

Seguirò il tuo consiglio..grazie mille x tutto l'aiuto