www.MegaLab.it

[aleferik]

[Amantide]

ho fatto explorer.exe e sono tronate le icone!!! vittoria!!!

Hai quasi indovinato , però il mio nome si scrive Viktoryia e non Vittoria.

Bene bene bene... però per favore limitati ad aggiornare il tuo ultimo post per scrivere le cose che ti vengono in mente e non scriverne 5 di fila, che i miei colleghi non sono così tolleranti come io.


P.S. Se ti è apparso il nuovo log di Combofix postalo lo stesso qui, così vediamo se c'è dell'altro nel tuo pc.

[aleferik]

Ora ti devo salutare perché devo andare a lavoro!!! WWWMEGALABWWWWAMANTIDEWWWWW
ciao e alla prossima!!!!

[aleferik]

ComboFix 08-11-09.04 - admin 2008-11-10 15.09.23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.360 [GMT 1:00]
Eseguito da: c:\documents and settings\admin\Desktop\ComboFix.exe
Interruttori di comando utilizzati :: c:\documents and settings\admin\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

FILE ::
c:\windows\system32\deiusglc.gif
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\system32\deiusglc.gif
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VFILT


((((((((((((((((((((((((( Files Creati Da 2008-10-10 al 2008-11-10 )))))))))))))))))))))))))))))))))))
.

2008-11-10 14:38 . 2008-11-10 14:40 <DIR> d-------- C:\pincopallino
2008-11-09 08:52 . 2008-11-09 08:51 10,385 --a------ c:\windows\system32\elpcjbab.exe
2008-11-07 14:53 . 2008-11-07 14:53 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-07 14:53 . 2008-11-07 14:53 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-07 14:53 . 2008-11-07 14:53 <DIR> d-------- c:\documents and settings\admin\Dati applicazioni\Malwarebytes
2008-11-07 14:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 14:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-06 18:17 . 2008-11-06 18:17 <DIR> d-------- c:\programmi\VS Revo Group
2008-11-06 12:18 . 2008-11-06 12:18 <DIR> d-------- c:\programmi\Windows Media Connect 2
2008-11-06 12:14 . 2008-11-06 12:16 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-10-27 09:52 . 2008-10-27 09:52 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-10-27 09:52 . 2008-10-27 09:52 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-10-27 09:50 . 2008-10-27 09:50 <DIR> d-------- c:\programmi\Kaspersky Lab
2008-10-27 09:50 . 2008-11-10 16:25 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2008-10-27 09:50 . 2008-11-10 15:20 3,157,536 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-10-27 09:50 . 2008-11-10 15:20 475,168 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-10-27 09:50 . 2008-11-10 15:20 26,796 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-10-27 09:50 . 2008-11-10 15:20 3,752 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-10-27 09:48 . 2008-10-27 09:48 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-10-24 16:17 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 11:27 . 2004-08-19 23:39 221,184 --a------ c:\windows\system32\wmpns.dll
2008-10-15 09:24 . 2008-10-15 09:24 <DIR> d-------- c:\windows\system32\it
2008-10-15 09:24 . 2008-10-15 09:24 <DIR> d-------- c:\windows\l2schemas
2008-10-15 01:25 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 01:24 . 2008-08-14 14:22 2,192,896 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 01:24 . 2008-08-14 14:22 2,148,864 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 01:24 . 2008-08-14 14:22 2,069,760 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 01:24 . 2008-08-14 14:22 2,027,520 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 01:24 . 2008-09-15 16:24 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 08:04 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-11-07 10:56 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-11-07 08:24 --------- d-----w c:\programmi\File comuni\Adobe
2008-11-06 17:22 --------- d-----w c:\programmi\MSWorks
2008-11-06 17:22 --------- d-----w c:\programmi\AutoCAD LT 2000i Ita
2008-09-16 07:23 --------- d-----w c:\programmi\Amyuni Document Converter
2008-09-16 07:22 1,073,152 ----a-w c:\windows\system32\cdintf210.dll
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:57 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:22 2,192,896 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:22 2,069,760 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-07-20 12:41 25,600 -c--a-w c:\documents and settings\admin\usbsermptxp.sys
2008-07-20 12:41 22,768 -c--a-w c:\documents and settings\admin\usbsermpt.sys
2007-01-08 17:04 69,832 -c--a-w c:\documents and settings\admin\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-12-04 11:02 92,064 -c--a-w c:\documents and settings\admin\mqdmmdm.sys
2006-12-04 11:02 9,232 -c--a-w c:\documents and settings\admin\mqdmmdfl.sys
2006-12-04 11:02 79,328 -c--a-w c:\documents and settings\admin\mqdmserd.sys
2006-12-04 11:02 66,656 -c--a-w c:\documents and settings\admin\mqdmbus.sys
2006-12-04 11:02 6,208 -c--a-w c:\documents and settings\admin\mqdmcmnt.sys
2006-12-04 11:02 5,936 -c--a-w c:\documents and settings\admin\mqdmwhnt.sys
2006-12-04 11:02 4,048 -c--a-w c:\documents and settings\admin\mqdmcr.sys
2005-02-12 09:50 618,688 -c--a-w c:\programmi\MSNToolbarSetup_it.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
"AtiPTA"="atiptaxx.exe" [2001-10-15 c:\windows\system32\atiptaxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Kodak EasyShare software.lnk - c:\programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R2 HPW5AECP;HPW5AECP;c:\windows\system32\drivers\HPW5AECP.SYS [2000-06-09 44032]
R2 SVKP;SVKP;c:\windows\System32\SVKP.sys [2004-11-04 2368]
R3 ati2mtaa;ati2mtaa;c:\windows\system32\DRIVERS\ati2mtaa.sys [2001-10-15 286592]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 ati2mpaa;ati2mpaa;c:\windows\system32\DRIVERS\ati2mpaa.sys [2001-08-31 281984]
S3 ATICDSDr;ATICDSDr;c:\docume~1\admin\IMPOST~1\Temp\ATICDSDr.sys [ ]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\tdi.sys [2008-04-13 19072]
S3 USBSTOR;Driver archiviazione di massa USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 hpt3xx;hpt3xx;c:\windows\system32\DRIVERS\hpt3xx.sys [2001-08-18 38144]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4091283-7f07-11dd-8282-0004231cc2b8}]
\Shell\AutoRun\command - b0j6j16.bat
\Shell\explore\Command - b0j6j16.bat
\Shell\open\Command - b0j6j16.bat
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-09 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe []

2008-11-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe []
.
- - - - ORFÃOS REMOVIDOS - - - -

HKU-Default-Run-ALUAlert - c:\programmi\Symantec\LiveUpdate\ALUNotify.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 16:25:36
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\WgaTray.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\MDM.EXE
.
**************************************************************************
.
Ora fine scansione: 2008-11-10 16:31:03 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-11-10 15:30:49

Pre-Run: 1.392.205.824 byte disponibili
Post-Run: 1,468,432,384 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

163 --- E O F --- 2008-11-07 09:02:48

[Amantide]

Devi eliminare anche questi file indicati in rosso:
c:\windows\system32\elpcjbab.exe

C:\b0j6j16.bat

Se non si elimina manualmente, usa FileAssassin.