ComboFix 08-11-11.01 - Marcolino 2008-11-12 19.07.22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1391 [GMT 1:00]
Eseguito da: c:\documents and settings\Marcolino\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!.
ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\update.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-10-12 al 2008-11-12 )))))))))))))))))))))))))))))))))))
.
2008-11-09 03:51 . 2008-11-09 03:51 22 --a------ c:\windows\RsConfig.ini
2008-11-09 03:16 . 2008-11-12 19:07 <DIR> dr------- C:\RavBin
2008-11-09 03:16 . 2008-11-11 17:50 153 --a------ c:\windows\system32\BsMain.ini
2008-11-09 03:16 . 2008-11-09 03:18 124 -r-hs---- C:\rising.ini
2008-11-09 03:15 . 2008-11-09 03:15 <DIR> d-------- c:\programmi\Rising
2008-11-09 03:15 . 2008-11-09 03:13 237,168 --a------ c:\windows\system32\bsmain.exe
2008-11-09 03:15 . 2008-11-09 03:27 164,976 --a------ c:\windows\system32\drivers\HookSys.sys
2008-11-09 03:15 . 2008-11-09 03:13 113,264 --a------ c:\windows\system32\RavExt.dll
2008-11-09 03:15 . 2008-11-09 03:27 63,088 --a------ c:\windows\system32\drivers\HookNtos.sys
2008-11-09 03:15 . 2008-11-09 03:27 39,024 --a------ c:\windows\system32\drivers\HOOKREG.sys
2008-11-09 03:15 . 2008-11-09 03:13 30,704 --a------ c:\windows\system32\drivers\HookHelp.sys
2008-11-09 03:15 . 2008-11-09 03:13 13,808 --a------ c:\windows\system32\drivers\HookCont.sys
2008-11-09 03:15 . 2008-11-09 03:13 10,736 --a------ c:\windows\system32\drivers\RsNTGdi.sys
2008-11-09 03:15 . 2008-11-11 17:50 90 --a------ c:\windows\Rav.inf
2008-11-09 03:14 . 2008-11-09 03:14 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Rising
2008-11-09 03:14 . 2008-11-12 18:31 96 --a------ c:\windows\Rav.ini
2008-11-07 19:46 . 2008-11-07 19:46 <DIR> d-------- c:\documents and settings\Marcolino\Dati applicazioni\Ahead
2008-11-04 01:17 . 2008-11-09 19:32 <DIR> d-------- C:\VEXPLITE
2008-10-29 18:48 . 2008-10-29 18:49 <DIR> d-------- c:\documents and settings\Marcolino\Dati applicazioni\vlc
2008-10-29 18:47 . 2008-10-29 18:47 <DIR> d-------- c:\programmi\VideoLAN
2008-10-22 20:51 . 2008-11-04 01:04 12 --a------ c:\windows\system32\mapisvc.inf
2008-10-22 20:35 . 2008-11-04 01:09 <DIR> d-------- c:\programmi\ESET
2008-10-22 19:26 . 2008-10-22 19:26 <DIR> d-------- c:\documents and settings\Marcolino\LocalLow
2008-10-22 19:26 . 2008-10-22 19:26 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2008-10-21 23:44 . 2008-10-21 23:44 <DIR> d-------- c:\programmi\Trend Micro
2008-10-21 16:25 . 2008-10-21 16:25 258,048 --a------ c:\windows\zzzip.exe
2008-10-21 16:25 . 2008-10-21 16:25 261 --a------ c:\windows\msdres.bin
2008-10-20 18:24 . 2008-10-22 16:01 283 --a------ c:\windows\comm.bin
2008-10-20 18:23 . 2008-10-25 14:01 <DIR> d-------- C:\QUARANTENA_VIRIT
2008-10-20 17:07 . 2008-10-21 06:45 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Propellerhead Software
2008-10-20 17:07 . 2008-10-20 17:07 368,640 --a------ c:\windows\system32\ReWire.dll
2008-10-20 17:07 . 2008-10-20 17:07 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2008-10-20 17:06 . 2008-10-21 06:45 <DIR> d-------- c:\documents and settings\Marcolino\Dati applicazioni\Propellerhead Software
2008-10-15 18:13 . 2007-08-14 13:54 185,856 --a------ c:\windows\system32\drivers\kore2usb.sys
2008-10-15 18:13 . 2007-08-14 13:55 25,600 --a------ c:\windows\system32\drivers\kore2avs.sys
2008-10-12 20:31 . 2008-10-12 20:31 <DIR> d-------- c:\programmi\File comuni\digidesign
2008-10-12 10:00 . 2008-10-12 10:00 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\SlySoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 16:33 --------- d-----w c:\programmi\eMule
2008-11-06 17:17 40,960 ----a-w c:\windows\system32\drivers\VIRAGTLT.SYS
2008-10-22 18:26 --------- d-----w c:\programmi\TVUPlayer
2008-10-21 17:15 --------- d-----w c:\programmi\Windows Media Connect 2
2008-10-15 16:52 --------- d-----w c:\programmi\File comuni\Native Instruments
2008-10-12 17:16 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\Apple Computer
2008-10-12 09:15 --------- d-----w c:\programmi\SlySoft
2008-10-12 09:08 --------- d-----w c:\programmi\File comuni\InstallShield
2008-10-10 19:56 --------- d-----w c:\programmi\iTunes
2008-10-10 19:56 --------- d-----w c:\programmi\iPod
2008-10-10 19:56 --------- d-----w c:\programmi\Bonjour
2008-10-10 19:56 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-10 19:55 --------- d-----w c:\programmi\QuickTime
2008-10-10 19:55 --------- d-----w c:\programmi\File comuni\Apple
2008-10-10 19:55 --------- d-----w c:\programmi\Apple Software Update
2008-10-10 19:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-10-10 19:54 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple
2008-10-09 21:08 --------- d-----w c:\programmi\Elaborate Bytes
2008-10-09 20:53 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\Elaborate Bytes
2008-10-09 20:47 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\Softvision
2008-10-09 20:46 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-08 21:22 --------- d-----w c:\programmi\Burraconline
2008-10-08 15:53 --------- d-----w c:\programmi\CCleaner
2008-10-05 08:26 --------- d-----w c:\programmi\Java
2008-10-05 08:24 --------- d-----w c:\programmi\File comuni\Java
2008-10-04 18:09 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\TVU networks
2008-10-03 17:02 304,160 ----a-w C:\StiImg.dat
2008-10-03 17:00 --------- d-----w c:\programmi\Trust
2008-10-03 17:00 --------- d-----w c:\programmi\File comuni\PCCamera
2008-09-29 18:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2008-09-28 15:37 --------- d-----w c:\programmi\Messenger Plus! Live
2008-09-28 13:45 --------- d-----w c:\programmi\Windows Live
2008-09-28 13:38 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-09-28 13:36 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-09-25 21:40 --------- d-----w c:\programmi\SecondLife
2008-09-25 21:40 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\SecondLife
2008-09-23 20:27 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\FabFilter
2008-09-23 20:24 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\Ableton
2008-09-23 20:18 --------- d-----w c:\programmi\Nomad Factory
2008-09-23 18:53 --------- d-----w c:\programmi\Ableton
2008-09-23 18:48 --------- d-----w c:\programmi\Creative
2008-09-23 18:42 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\Nero
2008-09-23 18:39 --------- d-----w c:\programmi\File comuni\Nero
2008-09-23 18:38 --------- d-----w c:\programmi\Nero
2008-09-23 18:38 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2008-09-23 18:26 --------- d-----w c:\programmi\Microsoft Works
2008-09-23 18:26 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2008-09-23 18:25 --------- d-----w c:\programmi\Microsoft.NET
2008-09-23 17:55 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\ATI
2008-09-23 17:52 --------- d-----w c:\programmi\ATI Technologies
2008-09-23 17:48 94,208 ----a-w c:\windows\DUMP1b86.tmp
2008-09-23 17:45 --------- d-----w c:\programmi\Launch Manager
2008-09-23 17:44 --------- d-----w c:\programmi\Intel
2008-09-23 17:42 21,275 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-09-23 17:42 --------- d-----w c:\windows\system32\config\systemprofile\Dati applicazioni\Intel
2008-09-23 17:42 --------- d-----w c:\documents and settings\Marcolino\Dati applicazioni\Intel
2008-09-23 17:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Intel
2008-09-23 17:29 --------- d-----w c:\programmi\microsoft frontpage
2008-09-23 17:27 --------- d-----w c:\programmi\Servizi in linea
2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-30 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-28 667718]
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"EOUApp"="c:\programmi\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-06 458752]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"CTSysVol"="c:\programmi\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"RavTask"="c:\programmi\Rising\Rav\RavTask.exe" [2008-11-09 211568]
"SbUsb AudCtrl"="sbusbdll.dll" [2004-07-09 c:\windows\system32\sbusbdll.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "c:\windows\system32\RavExt.dll" [2008-11-09 113264]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
R0 RsNTGDI;RsNTGDI;c:\windows\system32\Drivers\RsNTGdi.sys [2008-11-09 10736]
R1 HookCont;HookCont;c:\windows\system32\drivers\HookCont.sys [2008-11-09 13808]
R1 HookNtos;HookNtos;c:\windows\system32\drivers\HookNtos.sys [2008-11-09 63088]
R1 HookReg;HookReg;c:\windows\system32\drivers\HookReg.sys [2008-11-09 39024]
R1 HookSys;HookSys;c:\windows\system32\drivers\HookSys.sys [2008-11-09 164976]
R2 RsCCenter;Rising Process Communication Center;c:\programmi\Rising\Rav\CCenter.exe [2008-11-09 162416]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys [2004-07-27 1643648]
S2 RsRavMon;Rising RealTime Monitor;c:\programmi\RISING\RAV\Ravmond.exe [2008-11-09 395888]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\Marcolino\Dati applicazioni\Mozilla\Firefox\Profiles\anzqp97f.default\
FF -: plugin - c:\documents and settings\Marcolino\Dati applicazioni\Mozilla\Firefox\Profiles\anzqp97f.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF -: plugin - c:\programmi\iTunes\Mozilla Plugins\npitunes.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-11-12 19:09:25
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-11-12 19.11.15
ComboFix-quarantined-files.txt 2008-11-12 18:10:53
Pre-Run: 59.524.157.440 byte disponibili
Post-Run: 59,780,947,968 byte disponibili
188
da soloralf » mar nov 11, 2008 11:06 pm 
![[boh]](http://www.megalab.it/forum/images/smilies/dntknw.gif "Boh")
![[B)]](http://www.megalab.it/forum/images/smilies/bash.gif "Martellate")
Esegui ![[acc2]](http://www.megalab.it/forum/images/smilies/Acc.gif "Oh cacchio!")
![[8D]](http://www.megalab.it/forum/images/smilies/punk.gif "Giusto")