Virus?

aldoz · 05-05-2015, 18:27

Ciao ragazzi,
da un paio di settimane penso di essermi preso qualcosa di brutto..
Il mio sistema è Win7 Professional 64bit SP1.
Ecco i sintomi:

1) Continuo accesso dell' HD.. (da quel che sono riuscito a capire è il processo csrss.exe che continua a leggere I/O..
Oltretutto ne ho 2 di csrss.exe..

2) Quando apro i browser (o mozzilla o chrome) come prima pagina appare questa pagine:
hxxp://hao.360.cn/?src=lm&ls=n4a2f6f3a91
Ed e' assolutamente non rimovibile nel senso che non e' la pagina di avvio del browser.. e' di default quando apro sia mozzilla che chrome.

3) I video in streaming (tipo la diretta di skytg24) scattano e l'immagine si blocca dopo un po e continua solo l'audio costringendomi a ricaricare costantemente la pagina..

4) Il pc è sicuramente piu' lento di prima..

Ho provato a fare scansioni con Spybot search & destroy, Avast Home, Kaspersky total security e si, hanno beccato qualcosa e l'hanno cancellata ma il pc continua a funzionare male..

Ok ho provato anche a fare un log con hickjackthis:

Quote:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:15:26, on 05/05/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)

FIREFOX: 37.0.2 (x86 it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
C:\Users\Administrator\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://it.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://it.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?z1002
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://it.yahoo.com?fr=hp-avast&type=avastbcl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?z1002
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: VirtualKeyboardBrowserHelperObject - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Safe Money Plugin - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: Tastiera Virtuale - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
O9 - Extra button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files (x86)\Crawler\SSaver\CSSaver.exe
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{0527C21E-7D88-4C1D-8905-36F61EDFF4E5}: NameServer = 192.168.1.1,255.255.255.0,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD1D40D8-CE3A-45D6-9AA1-10AFE9975284}: NameServer = 83.224.70.94 83.224.66.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{0527C21E-7D88-4C1D-8905-36F61EDFF4E5}: NameServer = 192.168.1.1,255.255.255.0,192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0527C21E-7D88-4C1D-8905-36F61EDFF4E5}: NameServer = 192.168.1.1,255.255.255.0,192.168.1.1
O18 - Protocol: WSAllMyTubechrome - (no CLSID) - (no file)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Emsisoft Protection Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Servizio Kaspersky Anti-Virus 15.0.2 (AVP15.0.2) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe (file missing)
O23 - Service: iRacing.com Helper Service (iRacingService) - iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730 - C:\Program Files (x86)\iRacing\iRacingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9927 bytes

Grazie in anticipo a tutti!

halduemilauno · 07-05-2015, 09:51

adwcleaner.
Prova con quello.

aldoz · 07-05-2015, 12:34

Quote:

Originariamente inviato da halduemilauno

adwcleaner.
Prova con quello.

Ciao, innanzitutto grazie per il consiglio.
Ho fatto la scansione con adwcleaner e ha beccato e cancellato della robaccia ma purtroppo i sintomi che ho elencato continuano..

Ryddyck · 07-05-2015, 12:56

Usa la combinazione hitmanpro e adwarecleaner, mentre scansiona gira tra i temporanei dei vari accounts ed elimina ciò che non conosci. Dai uno sguardo pure ai programmi in avvio/esecuzione automatica (Win+R, msconfig-> scheda "servizi" e "avvio").

halduemilauno · 07-05-2015, 13:13

Quote:

Originariamente inviato da aldoz

Ciao, innanzitutto grazie per il consiglio.
Ho fatto la scansione con adwcleaner e ha beccato e cancellato della robaccia ma purtroppo i sintomi che ho elencato continuano..

Per quanto riguarda il browser vai nelle proprietà, destinazione ed elimina tutto quello che è scritto dopo le ".
Come prima prova.

Apix_1024 · 07-05-2015, 13:20

fai anche una bella girata di combofix

ed una di wise registry cleaner.

EthanHunt · 28-06-2016, 09:57

Ragazzi anch'io ho preso questo virus ma non riesco a toglierlo!Ho provato con molti programmi ma ricompare sempre!

07-05-2015, 09:51	#2
halduemilauno Senior Member Iscritto dal: Feb 2002 Città: Discovery Messaggi: 34710	adwcleaner. Prova con quello. __________________ Good afternoon, gentlemen, I'm a H.A.L. computer. Ultima modifica di halduemilauno : 07-05-2015 alle 09:53.

07-05-2015, 13:20	#6
Apix_1024 Senior Member Iscritto dal: Mar 2004 Città: Fidenza Messaggi: 7252	fai anche una bella girata di combofix ed una di wise registry cleaner. __________________ \|\|Ryzen 1700\|\|Asus Rog Strix X370-F Gaming\|\|Corsair Vengeance LPX 3200/16Gb\|\|My VGA\|\|SilverStone SST-ST85F-PT\|\|Samsung C34F791 34"\|\|G29+TH8A\|\|Lego™ Fans Club\|\|Tu che ne sai di pc\|\|PassioneF1\|\|Diablo3\|\| Mi Note 10\|\|Steam\|\|Dai del gaaas\|\|

07-05-2015, 12:56	#4
Ryddyck Senior Member Iscritto dal: Apr 2015 Messaggi: 10200	Usa la combinazione hitmanpro e adwarecleaner, mentre scansiona gira tra i temporanei dei vari accounts ed elimina ciò che non conosci. Dai uno sguardo pure ai programmi in avvio/esecuzione automatica (Win+R, msconfig-> scheda "servizi" e "avvio").

28-06-2016, 09:57	#7
EthanHunt Senior Member Iscritto dal: Apr 2003 Messaggi: 459	Ragazzi anch'io ho preso questo virus ma non riesco a toglierlo!Ho provato con molti programmi ma ricompare sempre!

Strumenti
Mostra una versione stampabile Invia questa pagina per email