Condividi:        

Problema in windows, possibile virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problema in windows, possibile virus

Postdi Ciao3 » 18/03/11 20:03

Ciao a tutti,
è da qualche giorno che ho dei problemi in windows, credo derivati da qualche virus. In pratica ho difficoltà ad aprire quasi tutti i programmi e mi vengono fuori scritte come "non c'è abbastanza disponibilità per elaborare il comando" oppure "applicazione non correttamente inizializzata" ecc. anche i giochi come Fifa che hanno sempre funzionato danno scritte di errore dicendo che non c'è abbastanza memoria per eseguirli

vi posto il log di HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.37.54, on 18/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\savedump.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system32\spoolsv.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\System32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\windows\system32\taskmgr.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wscntfy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programmi\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programmi\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Programmi\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (file missing)
O3 - Toolbar: &Vocal Reader - {E00DD475-1DF2-4881-8CFE-65951AFFA46C} - C:\Programmi\VocalReader\VRForIEBand.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Programmi\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Recycler.NT.exe] C:\Recycler.NT\Recycler.NT.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Programmi\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6115 bytes


ho eseguito anche combofix ma alla sua esecuzione al riavvio di windows continuava a dare messaggi di errore tipo "xxxxx.dll non è un immagine valida" e non credo abbia concluso perfettamente le operazioni
ComboFix 11-03-14.01 - cdc 18/03/2011 17.45.50.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1022.416 [GMT 1:00]
Eseguito da: C:\Documents and Settings\cdc\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {0013F714-0000-0000-3094-807C7F000000}
AV: AntiVir Desktop *Enabled/Outdated* {0012F714-0000-0000-3094-807C7F000000}
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!


((((((((((((((((((((((((( Files Creati Da 2011-02-18 al 2011-03-18 )))))))))))))))))))))))))))))))))))


Nessun nuovo file creato in questo arco di tempo


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-18 14:31:09 . 2004-08-19 12:00:00 11376 ----a-w- C:\WINDOWS\system32\drivers\secdrv.sys
2011-03-17 10:52:26 . 2006-05-23 07:30:47 77056 ----a-w- C:\WINDOWS\system32\drivers\viasraid.sys


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKLM\~\startupfolder\C:^Documents and Settings^cdc^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14:13 1695232 ------w- C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50:42 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-01 22:56:50 98304 ----a-w- C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-09-26 17:14:06 3660848 ----a-w- C:\Programmi\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-04-03 19:23:58 3558648 ----a-w- C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 21:56:58 204288 ----a-w- C:\Programmi\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Veoh Networks\\Veoh\\VeohClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"5223:TCP"= 5223:TCP:Services
"3209:TCP"= 3209:TCP:Services

R0 12040302;12040302 Boot Guard Driver;C:\WINDOWS\system32\drivers\12040302.sys [23/12/2009 10.59.25 37392]
R0 12433062;12433062 Boot Guard Driver;C:\WINDOWS\system32\drivers\12433062.sys [22/12/2009 20.49.33 37392]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [17/03/2010 0.34.11 28552]
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [23/05/2006 8.30.47 77056]
R1 12040301;12040301;C:\WINDOWS\system32\drivers\12040301.sys [23/12/2009 10.59.25 128016]
R1 12433061;12433061;C:\WINDOWS\system32\drivers\12433061.sys [22/12/2009 20.49.33 128016]
R1 setup_9.0.0.722_22.12.2009_20-56drv;setup_9.0.0.722_22.12.2009_20-56drv;C:\WINDOWS\system32\drivers\1204030.sys [23/12/2009 10.59.25 315408]
R2 CS_INST_DRV;CS_INST_DRV;C:\WINDOWS\system32\drivers\csinstdrv.sys [30/08/2006 20.42.24 4096]
R3 ADM851X;IDF Alice Gate 2 plus USB;C:\WINDOWS\system32\drivers\ADM851X.SYS [15/11/2007 12.38.35 22144]
S1 SASDIFSV;SASDIFSV; [x]
S1 SASKUTIL;SASKUTIL; [x]
S2 gupdate;Servizio di Google Update (gupdate); [x]
S2 StudioPro;StudioPro webcam;C:\WINDOWS\system32\drivers\StudioPro.sys [20/02/2009 14.22.30 120320]
S3 esihdrv;esihdrv; [x]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);C:\WINDOWS\system32\drivers\vrtaucbl.sys [20/02/2009 14.22.30 38784]
S3 PAC207;NX-Vega;C:\WINDOWS\system32\drivers\pfc027.sys [10/10/2010 10.53.45 154112]
S3 SASENUM;SASENUM; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

Contenuto della cartella 'Scheduled Tasks'

2011-03-17 C:\windows\Tasks\User_Feed_Synchronization-{3390E6FA-1599-4C77-A43B-41532E596559}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58:32 . 2009-03-08 02:31:54]


------- Scansione supplementare -------

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 127.0.0.1:9666
TCP: {B4CC7376-7DCD-4ECC-A8F6-E8E08DC19341} = 85.37.17.41 85.38.28.83
DPF: Microsoft XML Parser for Java
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - C:\Documents and Settings\cdc\Dati applicazioni\Mozilla\Firefox\Profiles\1bvey7nt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false


------- Associazioni dei file -------



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 18:16:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...
Ciao3
Utente Junior
 
Post: 40
Iscritto il: 31/07/09 15:05

Sponsor
 

Re: Problema in windows, possibile virus

Postdi nikita75 » 18/03/11 20:38

O4 - HKCU\..\Run: [Recycler.NT.exe] C:\Recycler.NT\Recycler.NT.exe

questo e' un file sospetto. devi controllarlo :mmmh:

http://forum.aiutamici.com/yaf_postsm39 ... Virus.aspx

attendi sugggerimenti dal forum
"La teoria è quando si sa tutto e niente funziona. La pratica è quando tutto funziona e nessuno sa il perché. Noi abbiamo messo insieme la teoria e la pratica: non c'è niente che funzioni e nessuno sa il perché" Albert Einstein
Immagine
Avatar utente
nikita75
Utente Senior
 
Post: 5401
Iscritto il: 31/07/09 13:36
Località: Alberobello (Bari )

Re: Problema in windows, possibile virus

Postdi Ciao3 » 18/03/11 20:58

come faccio a controllarlo? Non riesco neanche a trovarlo in C:\
Ciao3
Utente Junior
 
Post: 40
Iscritto il: 31/07/09 15:05


Torna a Sicurezza e Privacy


Topic correlati a "Problema in windows, possibile virus":

Problema con il mouse
Autore: crisge73
Forum: Discussioni
Risposte: 9

Chi c’è in linea

Visitano il forum: Nessuno e 62 ospiti