Sprawdzenie loga z ComboFix
Witam.
Prosze o sprawdzenie loga z ComboFixa
Komputer z firmy, System jak i wszystkie programy są oryginalne.
ComboFix 08-01-10.2 - Marcin_firma 2008-01-10 8:11:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.493 [GMT 1:00]
Running from: C:\Documents and Settings\Marcin_firma\Pulpit\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.
2008-01-10 08:11 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 08:00 . 2008-01-10 08:00 d-------- C:\Program Files\Trend Micro
2007-12-18 08:04 . 2007-12-18 08:04 d-------- C:\Program Files\Macromedia
2007-12-18 08:04 . 2007-12-18 08:04 d-------- C:\Program Files\Common Files\Vbox
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 06:56 --------- d-----w C:\Documents and Settings\Marcin_firma\Dane aplikacji\Skype
2008-01-10 06:55 --------- d-----w C:\Documents and Settings\Marcin_firma\Dane aplikacji\OpenOffice.org2
2007-12-18 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29 723,968 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-10 07:39 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 07:25 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-12 14:11 25448488]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2005-08-30 19:51 1708032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 20:10 344064]
"ULiRaid"="C:\Program Files\ULI5287\ULiRaid.exe" [2005-02-15 10:43 401408]
"Skrót do strony właściwości High Definition Audio"="HDAudPropShortcut.exe" [2004-08-12 16:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 08:38 2749440 C:\WINDOWS\ALCWZRD.EXE]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 10:38 866816]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 15:39 147456]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 13:30 86016]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 09:55 32768]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12 483328]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2007-01-24 09:11 28672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:44 15360]
C:\Documents and Settings\Marcin_firma\Menu Start\Programy\AutostartOpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 19:42:22]
Watch.lnk - C:\WINDOWS\twain_32\A4S2_600\watch.exe [2005-10-05 00:09:46]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-11-02 07:53 77824 C:\WINDOWS\SOUNDMAN.EXE
R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-02-05 00:00]
R3 A4S2600;A4S2600;C:\WINDOWS\system32\drivers\A4S2600.sys [1998-05-07 11:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19238424-bb3d-11db-a947-0011d8b93114}]
\Shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62159206-62d7-11dc-a9fb-0011d8b93114}]
\Shell\Auto\command - H:\Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6783239a-076c-11dc-a997-0011d8b93114}]
\Shell\AutoRun\command - H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d61e1cfb-8c4f-11dc-aa26-0011d8b93114}]
\Shell\Auto\command - H:\Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6dbb76b-653d-11dc-a9fc-0011d8b93114}]
\Shell\Auto\command - H:\Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6dbb76c-653d-11dc-a9fc-0011d8b93114}]
\Shell\Auto\command - H:\Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 08:12:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-10 8:13:13
.
2008-01-10 06:43:37 --- E O F ---
Pozdrawiam
Paweł
Odpowiedzi: 1
Na pendrive podłaczanym do tego komputer syf był (albo jest nadal)
Wytnij klucz HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2
Prawidłowe wpisy odtworzą się same.
Plik C:\WINDOWS\system32\drivers\A4S2600.sys jest od skanera jakiegoś ??
Strona 1 / 1
[quote=Żółty] Plik C:\WINDOWS\system32\drivers\A4S2600.sys jest od skanera jakiegoś ??[/quote] Raczej tak, do komputera jest podłączony skaner z oprogramowaniem do niego (Mustek ScanExpress 12000P) oraz drukarka laserowa.