MegaLab.it


http://www.megalab.it/forum/

virus msn messenger

./viewtopic.php?f=33&t=51714&start=0

Pagina 1 di 1

virus msn messenger

MessaggioInviato: gio mar 19, 2009 1:18 am
da margi75_
Ciao, il mio ragazzo ha preso un virus con messenger, ho provato ad usare msnfix ma si blocca allo scan,vi posto il report di kaspersky spero nel vostro aiuto.Grazie Marica

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 19, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 18, 2009 21:12:00
Records in database: 1930281
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\

Scan statistics:
Files scanned: 129908
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:53:00


File name / Threat name / Threats count
C:\Users\roberto\Desktop\FXSTELLER.exe.back Infected: Backdoor.Win32.IRCBot.iaw 1
C:\Windows\fxsteller.exe Infected: Backdoor.Win32.IRCBot.iaw 1

The selected area was scanned.

Re: virus msn messenger

MessaggioInviato: gio mar 19, 2009 1:36 am
da margi75_
dimenticavo..ho fatto la scansione con msnvirusremoval, mi trova un virus ma dice che è impossibile rimuoverlo.. C:\Windows\FXSTELLER.exe ...Impossibile rimuovere.

Re: virus msn messenger

MessaggioInviato: gio mar 19, 2009 7:08 am
da ste_95
Leggi qui:
http://www.MegaLab.it/2826/analisi-e-ri ... -messenger [^]

Re: virus msn messenger

MessaggioInviato: gio mar 19, 2009 9:36 am
da margi75_
si.. ho letto il post e anche provato ad usare tutti e due i programmi per la rimozione ma uno non mi trova nulla , msnfix mi si blocca e non termina la scansione. ho provato qualsiasi programmino consigliato.. ma niente .. aiutoooo

Re: virus msn messenger

MessaggioInviato: gio mar 19, 2009 11:21 am
da crazy.cat
Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Ora incolla queste righe nel box bianco che si è aperto:

Codice: Seleziona tutto
Files to delete:
C:\Users\roberto\Desktop\FXSTELLER.exe.back   
C:\Windows\fxsteller.exe


Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Re: virus msn messenger

MessaggioInviato: gio mar 19, 2009 11:29 am
da margi75_
grazie mille stasera quando arrivo a casa provo e ti faccio sapere.

Re: virus msn messenger

MessaggioInviato: gio mar 19, 2009 8:47 pm
da margi75_
eccolo qui
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6000)
Thu Mar 19 06:07:21 2009

Beginning to process script file:

File "C:\Users\roberto\Desktop\FXSTELLER.exe.back" deleted successfully.
File "C:\Windows\fxsteller.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: virus msn messenger

MessaggioInviato: mar mar 31, 2009 4:58 pm
da sloth91
a me è venuto fuori dverso, cosa vuol dire?


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: could not open file "C:\Users\roberto\Desktop\FXSTELLER.exe.back"
Deletion of file "C:\Users\roberto\Desktop\FXSTELLER.exe.back" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File "C:\Windows\fxsteller.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: virus msn messenger

MessaggioInviato: mar mar 31, 2009 5:01 pm
da Amantide
sloth91 ha scritto:a me è venuto fuori dverso, cosa vuol dire?


Vuol dire che non hai lo stesso virus di margi75_

Che problemi hai con il pc?

Re: virus msn messenger

MessaggioInviato: mar mar 31, 2009 8:45 pm
da sloth91
nn lo so bene, ho beccato lo stesso virus, il quale inviava a tutti i contatti un link
ho provato a disinstallare msn, ma è impossibile quindi ho cancellato tutto il cancellabile
ora non posso più reinstallarlo, avast mi segna alcuni virus, ma mcafee niente
nn so bene cosa fare, qualche consiglio?
i virus che mi segna avast sono:
fxsteller.exe
lsasser.exe
trz1c.tmp
trz1d.tmp

Re: virus msn messenger

MessaggioInviato: mar mar 31, 2009 9:04 pm
da Amantide
Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]

Re: virus msn messenger

MessaggioInviato: gio apr 02, 2009 5:26 pm
da sloth91
mi dice che si possono creare dei problemi a causa di mcafee e avast. cosa faccio? continuo ugualmente?

Re: virus msn messenger

MessaggioInviato: gio apr 02, 2009 5:54 pm
da Amantide
sloth91 ha scritto:mi dice che si possono creare dei problemi a causa di mcafee e avast. cosa faccio? continuo ugualmente?

Si, continua ugualmente.

Re: virus msn messenger

MessaggioInviato: gio apr 02, 2009 6:14 pm
da sloth91

ComboFix 09-04-01.01 - casa 2009-04-02 19.02.11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.511.236 [GMT 2:00]
Eseguito da: c:\documents and settings\casa\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090402-0] *On-access scanning enabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-02 al 2009-04-02 )))))))))))))))))))))))))))))))))))
.

2009-04-01 16:22 . 2009-04-01 16:22 151 --a------ c:\windows\PhotoSnapViewer.INI
2009-03-31 21:23 . 2009-03-31 21:23 <DIR> d-------- c:\programmi\msn fix
2009-03-31 17:42 . 2009-03-31 17:42 <DIR> d-------- c:\programmi\avenger
2009-03-30 13:49 . 2009-03-30 13:49 <DIR> d-------- c:\programmi\Alwil Software
2009-03-30 13:48 . 2009-03-30 13:48 32,613,912 --a------ c:\programmi\setupita.exe
2009-03-29 22:39 . 2009-03-29 22:39 <DIR> d-------- c:\programmi\AxBx
2009-03-29 22:38 . 2009-03-29 22:38 2,115,062 --a------ c:\programmi\cleanvirusmsn.zip
2009-03-28 18:48 . 2009-03-28 18:48 <DIR> d-------- C:\BackUpMSNCleaner
2009-03-28 18:47 . 2009-03-28 18:47 114,184 --a------ c:\programmi\MSNCleaner(www.PortalMes.com).zip
2009-03-27 22:57 . 2009-04-02 19:02 <DIR> d-------- C:\QUARANTINE
2009-03-17 19:34 . 2009-03-17 19:34 <DIR> d-------- c:\programmi\Windows Live Safety Center
2009-03-05 21:39 . 2009-03-05 21:39 <DIR> d-------- c:\programmi\File comuni\xing shared
2009-03-05 21:38 . 2009-03-05 21:38 <DIR> d-------- c:\programmi\File comuni\Real
2009-03-05 21:38 . 2009-03-07 12:18 <DIR> d-------- C:\Program Files
2009-03-05 21:34 . 2009-03-05 21:35 476,696 --a------ c:\programmi\RealPlayer11GOLD_it.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 15:12 --------- d-----w c:\programmi\eMule
2009-03-31 16:03 1,159,512 ----a-w c:\programmi\wlsetup-custom.exe
2009-03-30 19:18 --------- d-----w c:\programmi\Windows Live
2009-03-28 16:50 289,330 ----a-w c:\programmi\WLMSafe.plsc
2009-03-26 13:14 --------- d-----w c:\documents and settings\casa\Dati applicazioni\Azureus
2009-03-21 12:40 --------- d-----w c:\documents and settings\casa\Dati applicazioni\dvdcss
2009-03-19 21:37 --------- d-----w c:\documents and settings\casa\Dati applicazioni\Canon
2009-03-12 06:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-27 16:30 --------- d-----w c:\programmi\Vuze
2009-02-26 17:00 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-22 08:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-02-21 21:13 23,214 ----a-w c:\programmi\Display-Picture-Changer-1.2.plsc
2009-02-21 20:35 21,550 ----a-w c:\programmi\script_3600.zip
2009-02-21 17:11 3,936 ----a-w c:\programmi\Message-Gradiator-1.2-(FR).plsc
2009-02-21 17:10 8,335 ----a-w c:\programmi\NickChange-1.4.plsc
2009-02-21 17:08 5,039,440 ----a-w c:\programmi\MsgPlusLive-480.exe
2009-02-21 17:08 --------- d-----w c:\programmi\Messenger Plus! Live
2009-02-21 17:02 --------- d-----w c:\programmi\Microsoft
2009-02-21 17:01 --------- d-----w c:\programmi\Microsoft Office Outlook Connector
2009-02-21 17:00 --------- d-----w c:\programmi\Microsoft Sync Framework
2009-02-21 16:58 --------- d-----w c:\programmi\Microsoft SQL Server Compact Edition
2009-02-19 19:57 --------- d-----w c:\programmi\NetPumper
2009-02-17 16:27 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Azureus
2009-02-17 16:26 --------- d-----w c:\programmi\AskBarDis
2009-02-17 16:25 --------- d-----w c:\programmi\File comuni\i4j_jres
2009-02-17 16:23 9,875,904 ----a-w c:\programmi\Vuze_Installer.exe
2009-02-11 21:33 4,865,408 ----a-w c:\programmi\Silverlight.2.0.exe
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 19:01 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-14 14:25 27,579,997 ----a-w c:\programmi\SUPERsetup.zip
2009-01-10 18:44 608,744,450 ----a-w c:\programmi\WarRock20081102.exe
2009-01-09 19:55 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLec.DAT
2009-01-09 19:10 155,995 ----a-w c:\windows\java\Packages\V131RB5R.ZIP
2009-01-08 06:18 0 ----a-w c:\documents and settings\casa\Dati applicazioni\wklnhst.dat
2009-01-08 06:06 109,568 ------w c:\windows\system32\pxinsi64.exe
2009-01-08 06:06 108,544 ------w c:\windows\system32\pxcpyi64.exe
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll
.

Re: virus msn messenger

MessaggioInviato: gio apr 02, 2009 6:17 pm
da Amantide
Manca un pezzo del log, ma comunque dalla prima occhiata sembra essere pulito.

Per caso hai rimosso i file segnalati da Avast?

Re: virus msn messenger

MessaggioInviato: gio apr 02, 2009 6:29 pm
da sloth91
li ho messi nel cestino di avast, per il pezzo mancante non so, io sono andato a vedere la tv e quando sono tornato il pc si stava riavviando
comunque eccolo qua integrale

ComboFix 09-04-01.01 - casa 2009-04-02 19.02.11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.511.236 [GMT 2:00]
Eseguito da: c:\documents and settings\casa\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090402-0] *On-access scanning enabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-03-02 al 2009-04-02 )))))))))))))))))))))))))))))))))))
.

2009-04-01 16:22 . 2009-04-01 16:22 151 --a------ c:\windows\PhotoSnapViewer.INI
2009-03-31 21:23 . 2009-03-31 21:23 <DIR> d-------- c:\programmi\msn fix
2009-03-31 17:42 . 2009-03-31 17:42 <DIR> d-------- c:\programmi\avenger
2009-03-30 13:49 . 2009-03-30 13:49 <DIR> d-------- c:\programmi\Alwil Software
2009-03-30 13:48 . 2009-03-30 13:48 32,613,912 --a------ c:\programmi\setupita.exe
2009-03-29 22:39 . 2009-03-29 22:39 <DIR> d-------- c:\programmi\AxBx
2009-03-29 22:38 . 2009-03-29 22:38 2,115,062 --a------ c:\programmi\cleanvirusmsn.zip
2009-03-28 18:48 . 2009-03-28 18:48 <DIR> d-------- C:\BackUpMSNCleaner
2009-03-28 18:47 . 2009-03-28 18:47 114,184 --a------ c:\programmi\MSNCleaner(www.PortalMes.com).zip
2009-03-27 22:57 . 2009-04-02 19:02 <DIR> d-------- C:\QUARANTINE
2009-03-17 19:34 . 2009-03-17 19:34 <DIR> d-------- c:\programmi\Windows Live Safety Center
2009-03-05 21:39 . 2009-03-05 21:39 <DIR> d-------- c:\programmi\File comuni\xing shared
2009-03-05 21:38 . 2009-03-05 21:38 <DIR> d-------- c:\programmi\File comuni\Real
2009-03-05 21:38 . 2009-03-07 12:18 <DIR> d-------- C:\Program Files
2009-03-05 21:34 . 2009-03-05 21:35 476,696 --a------ c:\programmi\RealPlayer11GOLD_it.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 15:12 --------- d-----w c:\programmi\eMule
2009-03-31 16:03 1,159,512 ----a-w c:\programmi\wlsetup-custom.exe
2009-03-30 19:18 --------- d-----w c:\programmi\Windows Live
2009-03-28 16:50 289,330 ----a-w c:\programmi\WLMSafe.plsc
2009-03-26 13:14 --------- d-----w c:\documents and settings\casa\Dati applicazioni\Azureus
2009-03-21 12:40 --------- d-----w c:\documents and settings\casa\Dati applicazioni\dvdcss
2009-03-19 21:37 --------- d-----w c:\documents and settings\casa\Dati applicazioni\Canon
2009-03-12 06:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-02-27 16:30 --------- d-----w c:\programmi\Vuze
2009-02-26 17:00 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-22 08:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2009-02-21 21:13 23,214 ----a-w c:\programmi\Display-Picture-Changer-1.2.plsc
2009-02-21 20:35 21,550 ----a-w c:\programmi\script_3600.zip
2009-02-21 17:11 3,936 ----a-w c:\programmi\Message-Gradiator-1.2-(FR).plsc
2009-02-21 17:10 8,335 ----a-w c:\programmi\NickChange-1.4.plsc
2009-02-21 17:08 5,039,440 ----a-w c:\programmi\MsgPlusLive-480.exe
2009-02-21 17:08 --------- d-----w c:\programmi\Messenger Plus! Live
2009-02-21 17:02 --------- d-----w c:\programmi\Microsoft
2009-02-21 17:01 --------- d-----w c:\programmi\Microsoft Office Outlook Connector
2009-02-21 17:00 --------- d-----w c:\programmi\Microsoft Sync Framework
2009-02-21 16:58 --------- d-----w c:\programmi\Microsoft SQL Server Compact Edition
2009-02-19 19:57 --------- d-----w c:\programmi\NetPumper
2009-02-17 16:27 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Azureus
2009-02-17 16:26 --------- d-----w c:\programmi\AskBarDis
2009-02-17 16:25 --------- d-----w c:\programmi\File comuni\i4j_jres
2009-02-17 16:23 9,875,904 ----a-w c:\programmi\Vuze_Installer.exe
2009-02-11 21:33 4,865,408 ----a-w c:\programmi\Silverlight.2.0.exe
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 19:01 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-14 14:25 27,579,997 ----a-w c:\programmi\SUPERsetup.zip
2009-01-10 18:44 608,744,450 ----a-w c:\programmi\WarRock20081102.exe
2009-01-09 19:55 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLec.DAT
2009-01-09 19:10 155,995 ----a-w c:\windows\java\Packages\V131RB5R.ZIP
2009-01-08 06:18 0 ----a-w c:\documents and settings\casa\Dati applicazioni\wklnhst.dat
2009-01-08 06:06 109,568 ------w c:\windows\system32\pxinsi64.exe
2009-01-08 06:06 108,544 ------w c:\windows\system32\pxcpyi64.exe
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w c:\windows\system32\VistaUltm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 19:40 333192 --a------ c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"E08IXLRD_17591984"="c:\programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE" [2007-06-12 351000]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 30192]
"RaidTool"="c:\programmi\VIA\RAID\raid_tool.exe" [2005-07-19 1056768]
"ShStatEXE"="c:\programmi\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 111952]
"McAfeeUpdaterUI"="c:\programmi\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 57344]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-09 155648]
"OpwareSE2"="c:\programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-03-05 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2009-01-09 212992]
NkbMonitor.exe.lnk - c:\programmi\Nikon\PictureProject\NkbMonitor.exe [2009-01-09 118784]
WinZip Quick Pick.lnk - c:\programmi\WinZip\WZQKPICK.EXE [2009-01-08 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\i-tunes\\2008-01-19-1854-42\\Nuova cartella\\iTunes.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33963:TCP"= 33963:TCP:33963
"45718:UDP"= 45718:UDP:45718

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-30 114768]
R2 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [2009-02-17 464264]
R2 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [2009-02-17 234888]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-30 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-21 55152]
R2 SeaPort;SeaPort;c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Family Safety;"c:\programmi\Windows Live\Family Safety\fsssvc.exe" --> c:\programmi\Windows Live\Family Safety\fsssvc.exe [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-08 30192]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/ig?hl=it
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Backward Links - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Translate Page into English - c:\programmi\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 19:08:42
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RaidTool = c:\programmi\VIA\RAID\raid_tool.exe?????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\programmi\McAfee\Common Framework\Mctray.exe
c:\programmi\McAfee\Common Framework\FrameworkService.exe
c:\programmi\McAfee\VirusScan Enterprise\Mcshield.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\programmi\McAfee\Common Framework\naPrdMgr.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\windows\system32\wdfmgr.exe
c:\programmi\Alwil Software\Avast4\ashMaiSv.exe
c:\programmi\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-02 19:11:44 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-02 17:11:35

Pre-Run: 2.372.882.432 byte disponibili
Post-Run: 3,552,169,984 byte disponibili

203 --- E O F --- 2009-03-30 11:35:09

Re: virus msn messenger

MessaggioInviato: ven apr 03, 2009 2:15 pm
da Amantide
Ok, questa volta il log è intero.

A questo punto direi che Avast è riuscito a rimuovere tutto, nel log non si vede nulla di sospetto.

Re: virus msn messenger

MessaggioInviato: ven apr 03, 2009 10:30 pm
da sloth91
ok, grazie
però sai mica come faccio ora a utilizzare msn 9.0? se provo a riscaricarlo mi dice che è gia presente (io ho cancellato tutti i file tranne quelli .dll)

Re: virus msn messenger

MessaggioInviato: sab apr 04, 2009 6:32 am
da ste_95
Prova a dare uan passata con Zap Messenger e poi a reinstallare la 2009.
Tutti gli orari sono UTC + 1 ora [ ora legale ]
Pagina 1 di 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/