Problem wygląda następująco,po podłączeniu pendr. pokazuje się komunikat że trzeba formatować po wykonaniu polecenia wszystko jest ok aż do następnego podpięcia gdzie problem ponawia się,kumpel miał podobny problem ale nie mam z nim kontaktu i nie wiem jak to rozwiązał. Oto log z combofix jeśli to coś da
ComboFix 08-08-16.01 - michał 2008-08-17 12:20:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.378 [GMT 2:00]
Running from: C:\Documents and Settings\michał\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My
C:\Documents and Settings\michał\Dane aplikacji\Microsoft\SystemCertificates\My
C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\setup.ini
.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.
2008-08-16 12:18 . 2008-08-16 12:18
2008-08-16 12:18 . 2008-08-16 12:18
2008-08-15 14:09 . 2008-08-15 14:09
2008-08-15 14:07 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-08-08 16:28 . 2008-08-16 12:03
2008-08-05 21:09 . 2008-08-05 21:09
2008-08-05 20:51 . 2008-08-05 20:52
2008-08-03 11:47 . 2008-08-03 11:51
2008-07-26 00:16 . 2008-07-26 00:17
2008-07-21 10:56 . 2008-07-21 10:56
2008-07-21 10:56 . 2008-07-21 21:43
2008-07-21 10:53 . 2008-07-21 10:53
2008-07-20 12:11 . 2008-07-20 12:30
2008-07-19 18:34 . 2008-07-19 18:34
2008-07-19 08:27 . 2008-07-19 08:27
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 10:19 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-17 09:19 --------- d-----w C:\Program Files\PC Tools AntiVirus
2008-08-17 09:17 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\uTorrent
2008-08-17 09:17 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\uTorrent
2008-08-16 07:29 5,632 --sha-w C:\Program Files\Thumbs.db
2008-08-10 13:00 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Nokia
2008-08-10 13:00 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Nokia
2008-08-08 21:16 --------- d-----w C:\Program Files\SpeedFan
2008-07-19 15:19 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\XnView
2008-07-19 15:19 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\XnView
2008-07-18 20:18 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\BESTplayer
2008-07-18 20:18 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\BESTplayer
2008-07-14 10:58 --------- d-----w C:\Program Files\RM Converter
2008-07-14 10:00 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\FastStone
2008-07-14 10:00 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\FastStone
2008-07-14 07:25 --------- d-----w C:\Program Files\IrfanView
2008-07-09 16:30 --------- d-----w C:\Program Files\Gadu-Gadu
2008-07-07 10:56 --------- d-----w C:\Program Files\Ontrack
2008-07-07 10:56 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-07-07 10:55 --------- d-----w C:\Program Files\Digital Image Recovery
2008-07-07 10:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-06 18:11 --------- d-----w C:\Program Files\uTorrent
2008-07-01 13:03 --------- d-----w C:\Program Files\Any Video Converter
2008-06-30 10:03 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Any Video Converter
2008-06-30 10:03 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Any Video Converter
2008-06-28 16:40 --------- d-----w C:\Program Files\NCH Software
2008-06-28 16:28 --------- d-----w C:\Program Files\NCH Swift Sound
2008-06-28 16:28 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\NCH Swift Sound
2008-06-28 16:28 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\NCH Swift Sound
2008-06-28 16:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound
2008-06-26 19:44 --------- d-----w C:\Program Files\PC Tools Firewall Plus
2008-06-26 19:37 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\PCToolsFirewallPlus
2008-06-26 19:37 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\PCToolsFirewallPlus
2008-06-26 19:35 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-06-26 19:20 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Comodo
2008-06-26 19:20 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Comodo
2008-06-26 19:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\comodo
2008-06-25 16:19 --------- d-----w C:\Program Files\Yamicsoft
2008-06-25 15:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 15:26 --------- d-----w C:\Program Files\ffdshow
2008-06-24 20:51 --------- d-----w C:\Program Files\eMule
2008-06-23 15:36 --------- d-----w C:\Program Files\QuickTime Alternative
2008-06-23 15:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-22 18:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-22 18:33 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2008-06-21 12:02 --------- d-----w C:\Program Files\Lavalys
2008-06-20 23:13 --------- d-----w C:\Program Files\Ciel
2008-06-20 15:55 --------- d-----w C:\Program Files\Pazera_Free_FLV_to_AVI_Converter
2008-06-20 13:04 --------- d-----w C:\Program Files\eRightSoft
2008-06-17 16:38 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\PC Suite
2008-06-17 16:38 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\PC Suite
2008-06-17 16:37 --------- d-----w C:\Program Files\CDex_150
2008-06-17 16:28 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Nokia Multimedia Player
2008-06-17 16:28 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Nokia Multimedia Player
2008-06-17 16:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-06-17 16:18 --------- d-----w C:\Program Files\Nokia
2008-06-17 16:18 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-06-17 16:18 --------- d-----w C:\Program Files\Common Files\Nokia
2008-06-17 16:17 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-06-17 16:17 --------- d-----w C:\Program Files\DIFX
2008-06-17 16:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations
2005-05-03 18:45 161,862 ----a-w C:\Program Files\Dossier-web.ico
2006-05-03 09:06 163,328 --sh–r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh–r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh–w C:\WINDOWS\system32\Smab0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-01 10:21 153136]
“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PCTAVApp”=“C:\Program Files\PC Tools AntiVirus\PCTAV.exe” [2008-03-05 09:37 1238928]
“00PCTFW”=“C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” [2008-03-28 14:37 2598808]
“AdslTaskBar”=“stmctrl.dll” [2006-06-02 09:01 151552 C:\WINDOWS\system32\stmctrl.dll]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i420vfw.dll
“vidc.yv12”= yv12vfw.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
–a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
–a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
–a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“C:\WINDOWS\system32\sessmgr.exe”=
“C:\Program Files\uTorrent\uTorrent.exe”=
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 09:30]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-02-21 08:56]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-02-21 08:56]
R3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 05:26]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-07-05 13:50]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
-
-
-
- ORPHANS REMOVED - - - -
-
-
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\michał\Dane aplikacji\Mozilla\Firefox\Profiles\pzqhk6n4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 12:22:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-17 12:24:01
ComboFix-quarantined-files.txt 2008-08-17 10:23:42
Pre-Run: 906,776,576 bajtów wolnych
Post-Run: 942,112,768 bajtów wolnych
162