Virus che impedisce di aggiornare l'antivirus

**a2design** · 10-03-2009, 20:43

Ciao ragazzi, ho un virus che non mi fa collegare ai siti di antivirus e Microsoft. Quindi non riesco ad aggiornare antivirus, sistema operativo, explorer etc. Ho seguito passo-passo i consigli della GUIDA RIMOZIONE MALWARE , tranne per il punto [3] Scansione online (dato che non riesco a collegarmi al sito di Kaspersky).

Vi riporto sotto i risultati:

------------------------------
Scansione con ATF-Cleaner eseguita
------------------------------

**a2design** · 10-03-2009, 20:45

------------------------------
Scansione con NOT32
------------------------------
Scan Log
Version of virus signature database: 3231 (20080701)
Date: 10/03/2009 Time: 15.55.01
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Boot\BCD - error opening [4]
C:\Boot\BCD.LOG - error opening [4]
C:\Program Files\Adobe\Adobe Dreamweaver CS3\configuration\Snippets\Comments\_folderinfo.tx t » MIME - file is not an archive
C:\Program Files\EasyPHP 3.0\apache\error\contact.html.var » MIME » part000.htm » MIME » part000.htm » MIME » part000.htm » MIME » part000.htm » MIME » part000.htm » MIME » part000.htm » MIME » part000.htm » MIME » part000.htm » MIME » part000.htm » MIME » part000.htm » MIME - too many archives embedded
C:\Program Files\Internet Explorer\kxvarxma.dll - error opening [4]
C:\Program Files\Movie Maker\kxvarxma.dll - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fb fff0f9eab8c71a8aa76f74577853e3_610f62b5-57fe-4695-9f0f-c2c4aac4e53d - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSStmp.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Windows.edb - error opening [4]
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\s tore.lock - error opening [4]
C:\Users\Alessio\ntuser.dat - error opening [4]
C:\Users\Alessio\ntuser.dat.LOG1 - error opening [4]
C:\Users\Alessio\ntuser.dat.LOG2 - error opening [4]
C:\Users\Alessio\AppData\Local\Microsoft\Windows\U srClass.dat - error opening [4]
C:\Users\Alessio\AppData\Local\Microsoft\Windows\U srClass.dat.LOG1 - error opening [4]
C:\Users\Alessio\AppData\Local\Microsoft\Windows\U srClass.dat.LOG2 - error opening [4]
C:\Users\Alessio\AppData\Local\Microsoft\Windows Defender\FileTracker\{71E36D64-600B-443A-B215-6E3A7A0E0EDD} - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fbfff0f9eab 8c71a8aa76f74577853e3_610f62b5-57fe-4695-9f0f-c2c4aac4e53d - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\M SS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\M SStmp.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\t mp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\W indows.edb - error opening [4]
C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\store.lock - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG2 - error opening [4]
C:\Windows\System32\04B32.tmp - error opening [4]
C:\Windows\System32\06EE8.tmp - error opening [4]
C:\Windows\System32\070EA.tmp - error opening [4]
C:\Windows\System32\07148.tmp - error opening [4]
C:\Windows\System32\076C4.tmp - error opening [4]
C:\Windows\System32\076E3.tmp - error opening [4]
C:\Windows\System32\077BE.tmp - error opening [4]
C:\Windows\System32\07C31.tmp - error opening [4]
C:\Windows\System32\085A5.tmp - error opening [4]
C:\Windows\System32\08757.tmp - error opening [4]
C:\Windows\System32\087E4.tmp - error opening [4]
C:\Windows\System32\088CE.tmp - error opening [4]
C:\Windows\System32\089D7.tmp - error opening [4]
C:\Windows\System32\08AFF.tmp - error opening [4]
C:\Windows\System32\08B4D.tmp - error opening [4]
C:\Windows\System32\08C66.tmp - error opening [4]
C:\Windows\System32\08D02.tmp - error opening [4]
C:\Windows\System32\08D03.tmp - error opening [4]
C:\Windows\System32\08D60.tmp - error opening [4]
C:\Windows\System32\08DBD.tmp - error opening [4]
C:\Windows\System32\0906C.tmp - error opening [4]
C:\Windows\System32\090BA.tmp - error opening [4]
C:\Windows\System32\090C9.tmp - error opening [4]
C:\Windows\System32\09108.tmp - error opening [4]
C:\Windows\System32\09109.tmp - error opening [4]
C:\Windows\System32\09127.tmp - error opening [4]
C:\Windows\System32\09194.tmp - error opening [4]
C:\Windows\System32\091B3.tmp - error opening [4]
C:\Windows\System32\09221.tmp - error opening [4]
C:\Windows\System32\092EB.tmp - error opening [4]
C:\Windows\System32\09339.tmp - error opening [4]
C:\Windows\System32\09349.tmp - error opening [4]
C:\Windows\System32\09397.tmp - error opening [4]
C:\Windows\System32\09443.tmp - error opening [4]
C:\Windows\System32\094BF.tmp - error opening [4]
C:\Windows\System32\0950D.tmp - error opening [4]
C:\Windows\System32\09626.tmp - error opening [4]
C:\Windows\System32\09655.tmp - error opening [4]
C:\Windows\System32\09720.tmp - error opening [4]
C:\Windows\System32\0975E.tmp - error opening [4]
C:\Windows\System32\0978D.tmp - error opening [4]
C:\Windows\System32\097AC.tmp - error opening [4]
C:\Windows\System32\09839.tmp - error opening [4]
C:\Windows\System32\098A6.tmp - error opening [4]
C:\Windows\System32\098F4.tmp - error opening [4]
C:\Windows\System32\09913.tmp - error opening [4]
C:\Windows\System32\09962.tmp - error opening [4]
C:\Windows\System32\099AF.tmp - error opening [4]
C:\Windows\System32\099B0.tmp - error opening [4]
C:\Windows\System32\099DE.tmp - error opening [4]
C:\Windows\System32\099DF.tmp - error opening [4]
C:\Windows\System32\09A0D.tmp - error opening [4]
C:\Windows\System32\09AA9.tmp - error opening [4]
C:\Windows\System32\09AD7.tmp - error opening [4]
C:\Windows\System32\09AE7.tmp - error opening [4]
C:\Windows\System32\09B45.tmp - error opening [4]
C:\Windows\System32\09BD1.tmp - error opening [4]
C:\Windows\System32\09BE1.tmp - error opening [4]
C:\Windows\System32\09C4E.tmp - error opening [4]
C:\Windows\System32\09CAB.tmp - error opening [4]
C:\Windows\System32\09CF9.tmp - error opening [4]
C:\Windows\System32\09D28.tmp - error opening [4]
C:\Windows\System32\09D47.tmp - error opening [4]
C:\Windows\System32\09D57.tmp - error opening [4]
C:\Windows\System32\09D86.tmp - error opening [4]
C:\Windows\System32\09DC4.tmp - error opening [4]
C:\Windows\System32\09DD4.tmp - error opening [4]
C:\Windows\System32\09E51.tmp - error opening [4]
C:\Windows\System32\09E7F.tmp - error opening [4]
C:\Windows\System32\09EBE.tmp - error opening [4]
C:\Windows\System32\09EED.tmp - error opening [4]
C:\Windows\System32\09F1B.tmp - error opening [4]
C:\Windows\System32\09F69.tmp - error opening [4]
C:\Windows\System32\09F89.tmp - error opening [4]
C:\Windows\System32\09FD7.tmp - error opening [4]
C:\Windows\System32\0A063.tmp - error opening [4]
C:\Windows\System32\0A073.tmp - error opening [4]
C:\Windows\System32\0A0E0.tmp - error opening [4]
C:\Windows\System32\0A0EF.tmp - error opening [4]
C:\Windows\System32\0A18B.tmp - error opening [4]
C:\Windows\System32\0A1E9.tmp - error opening [4]
C:\Windows\System32\0A275.tmp - error opening [4]
C:\Windows\System32\0A285.tmp - error opening [4]
C:\Windows\System32\0A295.tmp - error opening [4]
C:\Windows\System32\0A2B4.tmp - error opening [4]
C:\Windows\System32\0A2C3.tmp - error opening [4]
C:\Windows\System32\0A2D3.tmp - error opening [4]
C:\Windows\System32\0A2F2.tmp - error opening [4]
C:\Windows\System32\0A2F3.tmp - error opening [4]
C:\Windows\System32\0A340.tmp - error opening [4]
C:\Windows\System32\0A35F.tmp - error opening [4]
C:\Windows\System32\0A36F.tmp - error opening [4]
C:\Windows\System32\0A524.tmp - error opening [4]
C:\Windows\System32\0A5C0.tmp - error opening [4]
C:\Windows\System32\0A5EF.tmp - error opening [4]
C:\Windows\System32\0A66B.tmp - error opening [4]
C:\Windows\System32\0A6F8.tmp - error opening [4]
C:\Windows\System32\0A746.tmp - error opening [4]
C:\Windows\System32\0A811.tmp - error opening [4]
C:\Windows\System32\0A830.tmp - error opening [4]
C:\Windows\System32\0A832.tmp - error opening [4]
C:\Windows\System32\0A90A.tmp - error opening [4]
C:\Windows\System32\0A90B.tmp - error opening [4]
C:\Windows\System32\0A929.tmp - error opening [4]
C:\Windows\System32\0A977.tmp - error opening [4]
C:\Windows\System32\0AB2C.tmp - error opening [4]
C:\Windows\System32\0AB2D.tmp - error opening [4]
C:\Windows\System32\0AB8A.tmp - error opening [4]
C:\Windows\System32\0ABE7.tmp - error opening [4]
C:\Windows\System32\0AC26.tmp - error opening [4]
C:\Windows\System32\0ACF1.tmp - error opening [4]
C:\Windows\System32\0AD00.tmp - error opening [4]
C:\Windows\System32\0AD01.tmp - error opening [4]
C:\Windows\System32\0AD1F.tmp - error opening [4]
C:\Windows\System32\0AD9C.tmp - error opening [4]
C:\Windows\System32\0ADBB.tmp - error opening [4]
C:\Windows\System32\0ADDB.tmp - error opening [4]
C:\Windows\System32\0AEF3.tmp - error opening [4]
C:\Windows\System32\0AF03.tmp - error opening [4]
C:\Windows\System32\0AF22.tmp - error opening [4]
C:\Windows\System32\0AF51.tmp - error opening [4]
C:\Windows\System32\0AF9F.tmp - error opening [4]
C:\Windows\System32\0AFBE.tmp - error opening [4]
C:\Windows\System32\0BA49.tmp - error opening [4]
C:\Windows\System32\0BAC9.tmp - error opening [4]
C:\Windows\System32\0BB43.tmp - error opening [4]
C:\Windows\System32\0BB81.tmp - error opening [4]
C:\Windows\System32\0BC0D.tmp - error opening [4]
C:\Windows\System32\0BC8A.tmp - error opening [4]
C:\Windows\System32\0BCC9.tmp - error opening [4]
C:\Windows\System32\0BD26.tmp - error opening [4]
C:\Windows\System32\0BFA6.tmp - error opening [4]
C:\Windows\System32\0C023.tmp - error opening [4]
C:\Windows\System32\0C071.tmp - error opening [4]
C:\Windows\System32\0C080.tmp - error opening [4]
C:\Windows\System32\0C0FD.tmp - error opening [4]
C:\Windows\System32\0C16A.tmp - error opening [4]
C:\Windows\System32\0C17A.tmp - error opening [4]
C:\Windows\System32\0C36D.tmp - error opening [4]
C:\Windows\System32\0C669.tmp - error opening [4]
C:\Windows\System32\0C7A1.tmp - error opening [4]
C:\Windows\System32\0C7E0.tmp - error opening [4]
C:\Windows\System32\0C9A4.tmp - error opening [4]
C:\Windows\System32\0CB59.tmp - error opening [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\config\COMPONENTS - error opening [4]
C:\Windows\System32\config\COMPONENTS.LOG1 - error opening [4]
C:\Windows\System32\config\COMPONENTS.LOG2 - error opening [4]
C:\Windows\System32\config\DEFAULT - error opening [4]
C:\Windows\System32\config\DEFAULT.LOG1 - error opening [4]
C:\Windows\System32\config\DEFAULT.LOG2 - error opening [4]
C:\Windows\System32\config\SAM - error opening [4]
C:\Windows\System32\config\SAM.LOG1 - error opening [4]
C:\Windows\System32\config\SAM.LOG2 - error opening [4]
C:\Windows\System32\config\SECURITY - error opening [4]
C:\Windows\System32\config\SECURITY.LOG1 - error opening [4]
C:\Windows\System32\config\SECURITY.LOG2 - error opening [4]
C:\Windows\System32\config\SOFTWARE - error opening [4]
C:\Windows\System32\config\SOFTWARE.LOG1 - error opening [4]
C:\Windows\System32\config\SOFTWARE.LOG2 - error opening [4]
C:\Windows\System32\config\SYSTEM - error opening [4]
C:\Windows\System32\config\SYSTEM.LOG1 - error opening [4]
C:\Windows\System32\config\SYSTEM.LOG2 - error opening [4]
C:\Windows\System32\config\RegBack\COMPONENTS - error opening [4]
C:\Windows\System32\config\RegBack\DEFAULT - error opening [4]
C:\Windows\System32\config\RegBack\SAM - error opening [4]
C:\Windows\System32\config\RegBack\SECURITY - error opening [4]
C:\Windows\System32\config\RegBack\SOFTWARE - error opening [4]
C:\Windows\System32\config\RegBack\SYSTEM - error opening [4]
E:\ - error opening [4]
Number of scanned objects: 308741
Number of threats found: 0
Time of completion: 16.48.57 Total scanning time: 3236 sec (00:53:56)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

**a2design** · 10-03-2009, 20:45

------------------------------
Scansione con Malwarebytes eseguita
------------------------------
Malwarebytes' Anti-Malware 1.34
Versione del database: 1749
Windows 6.0.6001 Service Pack 1

10/03/2009 19.06.26
mbam-log-2009-03-10 (19-06-26).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi scansionati: 219880
Tempo trascorso: 1 hour(s), 51 minute(s), 18 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

------------------------------
Scansione con HijackThis
------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.28.32, on 10/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornito da Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA ~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_238116a1\aestsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_238116a1\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 6942 bytes

------------------------------
Poi a volte la connessione a internet cade e non riesco a ricollegarmi. devo spengere e riaccender e il pc.
------------------------------

Firma problema:
Nome evento problema: APPCRASH
Nome applicazione: svchost.exe_RasMan
Versione applicazione: 6.0.6001.18000
Timestamp applicazione: 47918b89
Nome modulo con errori: StackHash_73ce
Versione modulo con errori: 6.0.6001.18000
Timestamp modulo con errori: 4791a7a6
Codice eccezione: c0000374
Offset eccezione: 000b015d
Versione SO: 6.0.6001.2.1.0.768.3
ID impostazioni locali: 1040
Informazioni aggiuntive 1: 73ce
Ulteriori informazioni 2: 8a999be06e99d715b3b44fa96c3a4b1c
Ulteriori informazioni 3: 73ce
Ulteriori informazioni 4: 8a999be06e99d715b3b44fa96c3a4b1c

------------------------------

Grazie mille

**Deifobe** · 11-03-2009, 08:13

ciao,

scarica SystemScan
disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.

nota: systemscan viene riconosciuto come infetto per il tipo di scansione effettuata (è un falso positivo). La procedura postata è sicura.

**a2design** · 12-03-2009, 23:28

Ok. Ecco il link.

http://www.savefile.com/files/2037742

Grazie mille

**Deifobe** · 13-03-2009, 11:05

Esegui Avenger e nella finestra che si apre copia/incolla:

files to delete:
C:\Program Files\Internet Explorer\kxvarxma.dll
C:\Program Files\Movie Maker\kxvarxma.dll
C:\Windows\system32\kxvarxma.dll
C:\Windows\system32\09D87.tmp
C:\Windows\system32\07ACA.tmp
C:\Windows\system32\06E3C.tmp
C:\Windows\system32\0906C.tmp
C:\Windows\system32\0A2F3.tmp
C:\Windows\system32\076E3.tmp
C:\Windows\system32\09397.tmp
C:\Windows\system32\0A90B.tmp
C:\Windows\system32\09109.tmp
C:\Windows\system32\08B4D.tmp
C:\Windows\system32\09221.tmp
C:\Windows\system32\089D7.tmp
C:\Windows\system32\08D03.tmp
C:\Windows\system32\070EA.tmp
C:\Windows\system32\076C4.tmp
C:\Windows\system32\09443.tmp
C:\Windows\system32\09C4E.tmp
C:\Windows\system32\08C66.tmp
C:\Windows\system32\09720.tmp
C:\Windows\system32\09A0D.tmp
C:\Windows\system32\07C31.tmp
C:\Windows\system32\0AD1F.tmp
C:\Windows\system32\07148.tmp
C:\Windows\system32\09349.tmp
C:\Windows\system32\077BE.tmp
C:\Windows\system32\099DF.tmp
C:\Windows\system32\090C9.tmp
C:\Windows\system32\087E4.tmp
C:\Windows\system32\0BC8A.tmp
C:\Windows\system32\09D28.tmp
C:\Windows\system32\0A524.tmp
C:\Windows\system32\09194.tmp
C:\Windows\system32\092EB.tmp
C:\Windows\system32\088CE.tmp
C:\Windows\system32\09EBE.tmp
C:\Windows\system32\0A90A.tmp
C:\Windows\system32\08AFF.tmp
C:\Windows\system32\08757.tmp
C:\Windows\system32\08D60.tmp
C:\Windows\system32\0AD01.tmp
C:\Windows\system32\09108.tmp
C:\Windows\system32\0A5C0.tmp
C:\Windows\system32\0A66B.tmp
C:\Windows\system32\0C023.tmp
C:\Windows\system32\09127.tmp
C:\Windows\system32\091B3.tmp
C:\Windows\system32\09339.tmp
C:\Windows\system32\090BA.tmp
C:\Windows\system32\0A35F.tmp
C:\Windows\system32\08D02.tmp
C:\Windows\system32\0AC26.tmp
C:\Windows\system32\0A340.tmp
C:\Windows\system32\0BC0D.tmp
C:\Windows\system32\0B643.tmp
C:\Windows\system32\0A6F8.tmp
C:\Windows\system32\09F89.tmp
C:\Windows\system32\06EE8.tmp
C:\Windows\system32\0A36F.tmp
C:\Windows\system32\0AD00.tmp
C:\Windows\system32\0AFBE.tmp
C:\Windows\system32\09AE7.tmp
C:\Windows\system32\09E7F.tmp
C:\Windows\system32\0C16A.tmp
C:\Windows\system32\0A746.tmp
C:\Windows\system32\0CB59.tmp
C:\Windows\system32\0BD26.tmp
C:\Windows\system32\0AB2D.tmp
C:\Windows\system32\0B3D4.tmp
C:\Windows\system32\0AD9C.tmp
C:\Windows\system32\09BE1.tmp
C:\Windows\system32\0B24D.tmp
C:\Windows\system32\0BFA6.tmp
C:\Windows\system32\0ACF1.tmp
C:\Windows\system32\099B0.tmp
C:\Windows\system32\0978D.tmp
C:\Windows\system32\0D0C5.tmp
C:\Windows\system32\0C669.tmp
C:\Windows\system32\0B865.tmp
C:\Windows\system32\0ECBE.tmp
C:\Windows\system32\09962.tmp
C:\Windows\system32\0A811.tmp
C:\Windows\system32\0B460.tmp
C:\Windows\system32\09D47.tmp
C:\Windows\system32\0AEF3.tmp
C:\Windows\system32\08DBD.tmp
C:\Windows\system32\09839.tmp
C:\Windows\system32\0B672.tmp
C:\Windows\system32\0D0F4.tmp
C:\Windows\system32\0AB2C.tmp
C:\Windows\system32\0950D.tmp
C:\Windows\system32\0BA49.tmp
C:\Windows\system32\09CAB.tmp
C:\Windows\system32\094BF.tmp
C:\Windows\system32\0A1E9.tmp
C:\Windows\system32\0B6FF.tmp
C:\Windows\system32\0B22E.tmp
C:\Windows\system32\0A073.tmp
C:\Windows\system32\0A275.tmp
C:\Windows\system32\0A063.tmp
C:\Windows\system32\0BCC9.tmp
C:\Windows\system32\09DC4.tmp
C:\Windows\system32\09E51.tmp
C:\Windows\system32\099AF.tmp
C:\Windows\system32\0A2C3.tmp
C:\Windows\system32\0B3D3.tmp
C:\Windows\system32\09F1B.tmp
C:\Windows\system32\09DD4.tmp
C:\Windows\system32\0A0E0.tmp
C:\Windows\system32\098F4.tmp
C:\Windows\system32\085A5.tmp
C:\Windows\system32\099DE.tmp
C:\Windows\system32\09F69.tmp
C:\Windows\system32\0AF51.tmp
C:\Windows\system32\0A285.tmp
C:\Windows\system32\0975E.tmp
C:\Windows\system32\0B0E7.tmp
C:\Windows\system32\0AB8A.tmp
C:\Windows\system32\09655.tmp
C:\Windows\system32\0ADBB.tmp
C:\Windows\system32\0A977.tmp
C:\Windows\system32\0ABE7.tmp
C:\Windows\system32\0B089.tmp
C:\Windows\system32\0BB81.tmp
C:\Windows\system32\0C0FD.tmp
C:\Windows\system32\09913.tmp
C:\Windows\system32\0C36D.tmp
C:\Windows\system32\0F085.tmp
C:\Windows\system32\0A832.tmp
C:\Windows\system32\098A6.tmp
C:\Windows\system32\0AF9F.tmp
C:\Windows\system32\097AC.tmp
C:\Windows\system32\0BAC9.tmp
C:\Windows\system32\09626.tmp
C:\Windows\system32\0A2D3.tmp
C:\Windows\system32\09CF9.tmp
C:\Windows\system32\0A2F2.tmp
C:\Windows\system32\0B376.tmp
C:\Windows\system32\09EED.tmp
C:\Windows\system32\0B402.tmp
C:\Windows\system32\0BB43.tmp
C:\Windows\system32\0B7C9.tmp
C:\Windows\system32\0C17A.tmp
C:\Windows\system32\09FD7.tmp
C:\Windows\system32\0B54A.tmp
C:\Windows\system32\0C071.tmp
C:\Windows\system32\0B0D7.tmp
C:\Windows\system32\0C9A4.tmp
C:\Windows\system32\09AA9.tmp
C:\Windows\system32\0C7E0.tmp
C:\Windows\system32\0D5F3.tmp
C:\Windows\system32\0B663.tmp
C:\Windows\system32\0A929.tmp
C:\Windows\system32\0B2CA.tmp
C:\Windows\system32\0A5EF.tmp
C:\Windows\system32\0B337.tmp
C:\Windows\system32\0B95F.tmp
C:\Windows\system32\0B74D.tmp
C:\Windows\system32\0B154.tmp
C:\Windows\system32\0C7A1.tmp
C:\Windows\system32\0AF22.tmp
C:\Windows\system32\0ADDB.tmp
C:\Windows\system32\0A295.tmp
C:\Windows\system32\0B569.tmp
C:\Windows\system32\0E040.tmp
C:\Windows\system32\0A2B4.tmp
C:\Windows\system32\09AD7.tmp
C:\Windows\system32\0C080.tmp
C:\Windows\system32\0D039.tmp
C:\Windows\system32\0DD05.tmp
C:\Windows\system32\0A18B.tmp

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\eascepmjc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e ascepmjc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\e ascepmjc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\enum\r oot\legacy_eascepmjc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\enum\root\ legacy_eascepmjc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\enum\root\ legacy_eascepmjc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\e ascepmjc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\enum\root\ legacy_eascepmjc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\omxktour
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\o mxktour
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\o mxktour
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\enum\r oot\legacy_omxktour
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\enum\root\ legacy_omxktour
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\enum\root\ legacy_omxktour
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\o mxktour
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\enum\root\ legacy_omxktour
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\vvqyd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\vvqyd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v vqyd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\v vqyd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\enum\r oot\legacy_vvqyd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\enum\root\ legacy_vvqyd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\enum\root\ legacy_vvqyd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\v vqyd
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\enum\root\ legacy_vvqyd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ewufv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ewufv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ewufv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e wufv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\e wufv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\enum\r oot\legacy_ewufv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\enum\root\ legacy_ewufv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\enum\root\ legacy_ewufv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\e wufv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\enum\root\ legacy_ewufv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wdukux
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wdukux
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wdukux
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w dukux
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\w dukux
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\enum\r oot\legacy_wdukux
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\enum\root\ legacy_wdukux
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\enum\root\ legacy_wdukux
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\w dukux
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\enum\root\ legacy_wdukux
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\xnefg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\xnefg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\xnefg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x nefg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\x nefg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\enum\r oot\legacy_xnefg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\enum\root\ legacy_xnefg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\enum\root\ legacy_xnefg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\x nefg
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\enum\root\ legacy_xnefg

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato in c:\avenger.txt

posta un nuovo systemscan

edit: per far eseguire lo script, dovrai cliccare diverse volre ok a degli avvisi di avenger...
tu procedi sempre.. poi si eseguira'..

**a2design** · 13-03-2009, 17:11

Questo è il link del report di Avanger http://www.savefile.com/files/2039010

**Deifobe** · 13-03-2009, 18:16

ok. manca systemscan...

**a2design** · 13-03-2009, 19:25

Non riesco a fare lo scan (anche con l'antivirus disattivato)... me lo interrompe, ma ora FUNZIONA tutto!!! Ora sto riaggiornando il pc.

Grazie Deifobe, sei la migliore!

**Deifobe** · 13-03-2009, 19:51

come preferisci

ciao

Discussione: Virus che impedisce di aggiornare l'antivirus

Strumenti discussione

Ricerca discussione

Visualizza

Virus che impedisce di aggiornare l'antivirus

complimenti :)

Permessi di invio