Condividi:        

virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

virus

Postdi blasco_blasco » 28/04/07 13:18

ciao a tutti il pc mi si spenge e si blocca!
di seguito metto il txt di hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13.49.56, on 28/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\BitTorrent\bittorrent.exe
C:\Programmi\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Fabrizio\Desktop\Antivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O1 - Hosts: 207.210.117.53 http://www.winmx.com
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O3 - Toolbar: Multi Media Italy Toolbar - {2e6f36ce-1217-4ba1-982f-24560c0eb677} - C:\Programmi\Multi_Media_Italy\tbMul1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [EEventManager] C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Programmi\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\mxwpddlf.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Programmi\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software - C:\Programmi\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\msngr.exe




non riesco a togliere O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll

ho provato con LSPFix e con killbox ma non lo toglie!
grazie a tutti
blasco_blasco
Utente Junior
 
Post: 38
Iscritto il: 28/07/06 13:48

Sponsor
 

Postdi Luke57 » 28/04/07 14:06

Ciao, Apri hijackthis, disconnesso da internet e con le applicazioni chiuse, premi "do a system scan only", cerchi e spunti le voci seguenti:
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\mxwpddlf.dll",realset
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tqqycrbpinv.dll
O23 - Service: Windows Server Management Services (WSMSPSVC) - Unknown owner - C:\WINDOWS\msngr.exe

premi fix checked

2)Lanci Lspfix:
se sulla sinistra, insieme ad altre voci, ti appare la seguente:
tqqycrbpinv.dll
la sposti sulla parte destra del programma e la rimuovi, premendo finish
Non fare altre manovre con le altre voci.

Poi scarica AVENGER e decomprimilo sul desktop (estrai i file nel desktop)
http://swandog46.geekstogo.com/avenger.zip

- con un doppio click avvia il file avenger.exe
- Seleziona "Input Script Manually"
- Clicca sulla lente di ingrandimento

- Nella finestra che si aprirà "View/edit script"
- copia / incolla (Ctrl+V) quanto segue (in neretto):


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\WSMSPSVC

files to delete:
c:\windows\system32\tqqycrbpinv.dll
C:\WINDOWS\msngr.exe
C:\WINDOWS\system32\mxwpddlf.dll


Clicca sul tasto Done
- Poi sull'icona del semaforo
- Rispondi Yes due volte
Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)
Posta il log che verrà creato in C:\Avenger e nuovo log di hijackthis
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi edo_aol » 28/04/07 14:06

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE fixerei questo se fossi al tuo posto non conosco un driver cosi...poi incomincia a levare F-prot e mettere uno buono come avast.avg.kaspersky.nod32 e fai na scansione in modalita provvisoria
Avatar utente
edo_aol
Utente Senior
 
Post: 415
Iscritto il: 13/04/07 14:26

Postdi Luke57 » 28/04/07 15:13

edo_aol ha scritto:C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE fixerei questo se fossi al tuo posto non conosco un driver cosi...poi incomincia a levare F-prot e mettere uno buono come avast.avg.kaspersky.nod32 e fai na scansione in modalita provvisoria

Ciao, maremma, ma una piccola ricerca prima di dare avventati consigli..sto' settore del forum rischia di cadere nel ridicolo, un utente cerca aiuto e gli arrivano consigli che dire strampalati è poco...
Non ce l'ho con te, ma quello è un file della stampante Epson. Meno che fissando la voce con hijackthis non succede niente di irreparabile, però sarebbe gradita maggiore attenzione nei suggerimenti.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "virus":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 102 ospiti