|
|||||||
|
|
|
 |
|
|
Strumenti |
14-07-2008, 12:43
|
#1 |
|
Senior Member
Iscritto dal: Jan 2004
Città: RM Mercatini: 150+
Messaggi: 3459
|
crlog_.tot.tmp: che cos'è?
Salve ragazzi, da un pò di tempo ho questo file crlog_.tot.tmp che mi si riforma, e non so cosa sia né da dove provenga.
Ho fatto partire combofix e questo è il log: Codice HTML:
ComboFix 08-07-13.9 - Niccolò 2008-07-14 12.30.10.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1040.18.1174 [GMT 2:00] Eseguito da: C:\Users\Niccolò\Desktop\ComboFix.exe Command switches used :: C:\Users\Niccolò\Desktop\CFScript.txt * Creato nuovo punto di ripristino * Resident AV is active FILE :: C:\crlog_.tot.tmp C:\DOCUME~1\FAMLIA~1\CONFIG~1\Temp\oflpydin.sys C:\install.dat C:\WINDOWS\avisplitter.INI C:\WINDOWS\msdownld.tmp C:\WINDOWS\system32\d3d9caps.dat . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\crlog_.tot.tmp C:\WINDOWS\avisplitter.INI . ((((((((((((((((((((((((( Files Creati Da 2008-06-14 al 2008-07-14 ))))))))))))))))))))))))))))))))))) . 2008-07-11 14:20 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll 2008-07-11 14:19 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll 2008-07-11 14:19 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll 2008-07-10 20:24 . 2008-06-12 04:51 2,048 --a------ C:\Windows\System32\tzres.dll 2008-07-09 08:40 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll 2008-07-09 08:40 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll 2008-07-09 08:40 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll 2008-07-09 08:40 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe 2008-07-09 08:40 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx 2008-07-09 08:40 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe 2008-07-09 08:40 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll 2008-07-08 13:55 . 2008-07-08 13:55 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies 2008-07-08 13:54 . 2008-07-08 13:54 <DIR> d-------- C:\Program Files\ATI 2008-07-08 13:53 . 2008-07-08 13:55 <DIR> d-------- C:\Program Files\ATI Technologies 2008-07-08 13:48 . 2008-01-27 01:09 615,424 --a------ C:\Windows\System32\themeui.dll 2008-07-08 13:48 . 2008-01-27 01:09 240,128 --a------ C:\Windows\System32\uxtheme.dll 2008-06-30 22:33 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-06-30 22:33 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-06-30 22:33 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-06-30 22:33 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll 2008-06-30 22:33 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll 2008-06-30 22:33 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys 2008-06-30 22:33 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-14 10:33 3,932,160 --sha-w C:\Users\Niccolò\NTUSER.DAT 2008-07-14 10:33 3,932,160 --sha-w C:\Users\Niccolò\NTUSER.DAT 2008-07-14 10:24 --------- d-----w C:\Program Files\Java 2008-07-14 10:21 --------- d-----w C:\Program Files\PowerArchiver 2008-07-11 12:21 --------- d-----w C:\ProgramData\Microsoft Help 2008-07-09 06:44 --------- d-----w C:\Program Files\Windows Mail 2008-07-06 00:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-03 21:32 --------- d-----w C:\Program Files\Opera 2008-06-29 11:11 --------- d-----w C:\Users\NICCOL~1\AppData\Roaming\uTorrent 2008-06-26 04:46 3,879,936 ----a-w C:\Windows\system32\drivers\atikmdag.sys 2008-06-26 02:06 43,520 ----a-w C:\Windows\System32\ati2edxx.dll 2008-06-26 02:06 421,888 ----a-w C:\Windows\System32\ATIDEMGX.dll 2008-06-26 02:06 327,680 ----a-w C:\Windows\System32\atipdlxx.dll 2008-06-26 02:06 258,048 ----a-w C:\Windows\System32\Oemdspif.dll 2008-06-26 02:06 159,744 ----a-w C:\Windows\System32\atitmmxx.dll 2008-06-26 02:05 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll 2008-06-26 02:04 700,416 ----a-w C:\Windows\System32\Ati2evxx.exe 2008-06-26 01:51 3,822,592 ----a-w C:\Windows\System32\atiumdag.dll 2008-06-26 01:42 9,678,848 ----a-w C:\Windows\System32\atioglxx.dll 2008-06-26 01:34 4,452,352 ----a-w C:\Windows\System32\atiumdva.dll 2008-06-26 01:22 50,688 ----a-w C:\Windows\System32\amdpcom32.dll 2008-06-26 01:22 45,568 ----a-w C:\Windows\System32\atiadlxx.dll 2008-06-26 01:09 53,248 ----a-w C:\Windows\system32\drivers\ati2erec.dll 2008-06-12 23:45 --------- d-----w C:\Program Files\QuickTime 2008-06-09 22:22 --------- d-----w C:\Users\NICCOL~1\AppData\Roaming\Audacity 2008-06-07 13:52 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-06-06 11:03 --------- d-----w C:\Program Files\Common Files\GTK 2008-06-06 10:23 --------- d-----w C:\Users\NICCOL~1\AppData\Roaming\.purple 2008-06-06 09:37 --------- d-----w C:\Users\NICCOL~1\AppData\Roaming\gtk-2.0 2008-06-05 19:10 --------- d-----w C:\Program Files\Adunanza 2008-06-05 15:49 --------- d-----w C:\ProgramData\eMule AdunanzA 2008-06-03 13:04 --------- d-----w C:\Program Files\Google 2008-06-03 12:20 --------- d-----w C:\Users\NICCOL~1\AppData\Roaming\Thunderbird 2008-05-28 19:11 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-05-23 00:04 --------- d-----w C:\Program Files\StuffPlug3 2008-05-04 10:28 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-04-20 14:15 691,545 ----a-w C:\Windows\unins000.exe 2008-04-12 08:04 174 --sha-w C:\Program Files\desktop.ini 2007-10-02 11:20 22,328 ----a-w C:\Users\NICCOL~1\AppData\Roaming\PnkBstrK.sys 2007-11-14 12:02 2,073,121 --sh--r C:\Windows\System32\avgemcu.exe . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* i valori vuoti & legittimi/default non sono visualizzati. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-05-26 02:08 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Habu"="C:\Program Files\Razer\Habu\razerhid.exe" [2007-05-11 11:58 176128] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-04-23 14:57 1443072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1195851666-242174495-470605716-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{52788103-5457-4EC8-B567-2BF744A4C4ED}C:\\program files\\adunanza\\emule_adnza.exe"= UDP:C:\program files\adunanza\emule_adnza.exe:eMule "UDP Query User{1AC8B718-798F-4F14-A3BC-BB00EA5CE5C2}C:\\program files\\adunanza\\emule_adnza.exe"= TCP:C:\program files\adunanza\emule_adnza.exe:eMule "{F51B5E3A-C222-4186-A00F-6E0039AE00D2}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{AA54342C-96A5-4AF4-AC78-DD7C4486E943}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{4CE9F9A4-0CAF-4C76-A20F-A3883AC62B84}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{1BC16928-9C18-41B1-9C0F-53843C3F119D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{D67DEDC4-3BBF-40F2-85FF-3C7E42C1C417}C:\\program files\\steam\\steamapps\\mad_griffith\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\mad_griffith\half-life 2 deathmatch\hl2.exe:hl2 "UDP Query User{50DE8980-EE0A-4713-A307-7442CA46B16D}C:\\program files\\steam\\steamapps\\mad_griffith\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\mad_griffith\half-life 2 deathmatch\hl2.exe:hl2 "TCP Query User{F66A484B-BA60-4245-A2C1-980038C1F8BF}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{DB5BCD6E-8198-4A72-8776-A562BAA5524B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{FD29A9F0-6164-48E8-9957-4B1EA1F0E529}C:\\program files\\steam\\steamapps\\common\\enemy territory quake wars demo\\etqw.exe"= UDP:C:\program files\steam\steamapps\common\enemy territory quake wars demo\etqw.exe:Enemy Territory: QUAKE Wars "UDP Query User{191BB6C4-DEAC-49B2-A293-2A2E96B03340}C:\\program files\\steam\\steamapps\\common\\enemy territory quake wars demo\\etqw.exe"= TCP:C:\program files\steam\steamapps\common\enemy territory quake wars demo\etqw.exe:Enemy Territory: QUAKE Wars "{DB2434C3-120F-41FD-A35C-BA5C961B9E77}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{7589847A-A826-422D-A779-D15B34C0B9C1}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{34299EDB-DC70-4175-BFE1-01D9C16BA7CF}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "{00B1D435-5212-471E-8124-78ADAF6EECCC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{EDA0310A-0432-472C-B640-6704C77EC02D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{C42191D9-3643-4DEC-9254-955015897E34}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{3A992036-7DD7-4D33-B1FF-9D1343C8FD67}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{8EA23F2E-232E-47D5-9BDF-E838720C5E73}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{AAA1ACAF-0925-4C28-BFFB-9723CEDB686A}"= UDP:C:\Users\Niccolò\Desktop\utorrent.exe:µTorrent "{4A7D244B-4BE7-4458-AAB3-1BB8269D2600}"= TCP:C:\Users\Niccolò\Desktop\utorrent.exe:µTorrent "TCP Query User{12B421F3-16C2-498C-816F-B18D94BFBD1F}C:\\users\\niccolò\\desktop\\hfs.exe"= UDP:C:\users\niccolò\desktop\hfs.exe:hfs.exe "UDP Query User{B2B8AEDF-D8F9-45FC-90CA-D23A67331647}C:\\users\\niccolò\\desktop\\hfs.exe"= TCP:C:\users\niccolò\desktop\hfs.exe:hfs.exe "TCP Query User{3DD8197B-125A-4D3E-BB76-AB383E0E0C2D}C:\\users\\niccolò\\downloads\\scaricati\\hfs.exe"= UDP:C:\users\niccolò\downloads\scaricati\hfs.exe:hfs.exe "UDP Query User{4919CA89-77FB-47C3-B98D-5CCAF66727D1}C:\\users\\niccolò\\downloads\\scaricati\\hfs.exe"= TCP:C:\users\niccolò\downloads\scaricati\hfs.exe:hfs.exe "TCP Query User{FDD7E022-9DA5-4000-86BF-6F80D50F5319}C:\\program files\\steam\\steamapps\\common\\outrun2006 coast 2 coast\\or2006c2c.exe"= UDP:C:\program files\steam\steamapps\common\outrun2006 coast 2 coast\or2006c2c.exe:OR2006C2C "UDP Query User{4ECDCD2E-F3AC-4EF5-9A8C-0DD89717AC70}C:\\program files\\steam\\steamapps\\common\\outrun2006 coast 2 coast\\or2006c2c.exe"= TCP:C:\program files\steam\steamapps\common\outrun2006 coast 2 coast\or2006c2c.exe:OR2006C2C "TCP Query User{D2AB5145-A500-4475-937E-AD339DE3AE74}C:\\program files\\steam\\steamapps\\mad_griffith\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\mad_griffith\source sdk base\hl2.exe:hl2 "UDP Query User{A7146831-3F9D-41F0-A21E-1153E4A439F4}C:\\program files\\steam\\steamapps\\mad_griffith\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\mad_griffith\source sdk base\hl2.exe:hl2 "TCP Query User{612A1A66-CB36-4974-86CF-BD9A5D0368CB}C:\\users\\niccolò\\desktop\\utorrent-1.8-alpha-7928.upx.exe"= UDP:C:\users\niccolò\desktop\utorrent-1.8-alpha-7928.upx.exe:utorrent-1.8-alpha-7928.upx.exe "UDP Query User{11E0E6AB-A637-420C-A719-06A125555B26}C:\\users\\niccolò\\desktop\\utorrent-1.8-alpha-7928.upx.exe"= TCP:C:\users\niccolò\desktop\utorrent-1.8-alpha-7928.upx.exe:utorrent-1.8-alpha-7928.upx.exe "TCP Query User{58FC4FAB-D0E8-47A9-BE20-15C1F901E113}C:\\users\\niccolò\\downloads\\scaricati\\utorrent-1.8-alpha-7928.upx.exe"= UDP:C:\users\niccolò\downloads\scaricati\utorrent-1.8-alpha-7928.upx.exe:utorrent-1.8-alpha-7928.upx.exe "UDP Query User{60EAD793-1BBC-46DA-B498-E04D4F1BA81B}C:\\users\\niccolò\\downloads\\scaricati\\utorrent-1.8-alpha-7928.upx.exe"= TCP:C:\users\niccolò\downloads\scaricati\utorrent-1.8-alpha-7928.upx.exe:utorrent-1.8-alpha-7928.upx.exe "TCP Query User{B3F8E84E-FE99-427F-96A7-B77C3861E6FD}C:\\users\\niccolò\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\niccolò\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe "UDP Query User{27F78B02-7D5E-40FF-9528-72BEB5FFB455}C:\\users\\niccolò\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\niccolò\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe "TCP Query User{6DF17C49-52FF-46CA-AA86-CCD0B4E13ABC}C:\\users\\niccolò\\desktop\\emule\\emule.exe"= UDP:C:\users\niccolò\desktop\emule\emule.exe:emule.exe "UDP Query User{F2537C1D-5F4D-4C0E-A55B-6719A026E0EF}C:\\users\\niccolò\\desktop\\emule\\emule.exe"= TCP:C:\users\niccolò\desktop\emule\emule.exe:emule.exe "{89370ACD-83E5-459E-9D6B-6F1213B0FB52}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1A304188-625D-4736-8BFF-7B1DD4BEFB84}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 16:41] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-26 06:46] R3 cmudaxp;ASUS Xonar D2X Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys [2008-01-30 15:25] R3 HabuFltr;Habu Mouse;C:\Windows\system32\drivers\habu.sys [2006-10-23 12:09] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-02 19:06] S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 11:23] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fb37636-2fc4-11dd-864b-001bfcfb7f34}] \shell\AutoRun\command - F:\ClickMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{609bbcac-70da-11dc-8670-001bfcfb7f34}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad7f02c3-b455-11dc-ae58-001bfcfb7f34}] \shell\AutoRun\command - E:\ClickMe.exe *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-14 12:33:41 Windows 6.0.6001 Service Pack 1 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . Ora fine scansione: 2008-07-14 12:34:59 ComboFix-quarantined-files.txt 2008-07-14 10:34:55 5 Directory 169,002,246,144 byte disponibili 12 Directory 168,970,522,624 byte disponibili 194 --- E O F --- 2008-07-11 12:22:41 |
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 18:54.
