Formatowanie nośników pamięci pod usb


(Poczta 1980) #1

Problem wygląda następująco,po podłączeniu pendr. pokazuje się komunikat że trzeba formatować po wykonaniu polecenia wszystko jest ok aż do następnego podpięcia gdzie problem ponawia się,kumpel miał podobny problem ale nie mam z nim kontaktu i nie wiem jak to rozwiązał. Oto log z combofix jeśli to coś da

ComboFix 08-08-16.01 - michał 2008-08-17 12:20:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.378 [GMT 2:00]

Running from: C:\Documents and Settings\michał\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft\SystemCertificates\My

C:\Documents and Settings\michał\Dane aplikacji\Microsoft\SystemCertificates\My

C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft\SystemCertificates\My

C:\WINDOWS\system32\amvo0.dll

C:\WINDOWS\system32\setup.ini

.

((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))

.

2008-08-16 12:18 . 2008-08-16 12:18

2008-08-16 12:18 . 2008-08-16 12:18

2008-08-15 14:09 . 2008-08-15 14:09

2008-08-15 14:07 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe

2008-08-08 16:28 . 2008-08-16 12:03

2008-08-05 21:09 . 2008-08-05 21:09

2008-08-05 20:51 . 2008-08-05 20:52

2008-08-03 11:47 . 2008-08-03 11:51

2008-07-26 00:16 . 2008-07-26 00:17

2008-07-21 10:56 . 2008-07-21 10:56

2008-07-21 10:56 . 2008-07-21 21:43

2008-07-21 10:53 . 2008-07-21 10:53

2008-07-20 12:11 . 2008-07-20 12:30

2008-07-19 18:34 . 2008-07-19 18:34

2008-07-19 08:27 . 2008-07-19 08:27

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-17 10:19 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-08-17 09:19 --------- d-----w C:\Program Files\PC Tools AntiVirus

2008-08-17 09:17 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\uTorrent

2008-08-17 09:17 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\uTorrent

2008-08-16 07:29 5,632 --sha-w C:\Program Files\Thumbs.db

2008-08-10 13:00 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Nokia

2008-08-10 13:00 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Nokia

2008-08-08 21:16 --------- d-----w C:\Program Files\SpeedFan

2008-07-19 15:19 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\XnView

2008-07-19 15:19 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\XnView

2008-07-18 20:18 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\BESTplayer

2008-07-18 20:18 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\BESTplayer

2008-07-14 10:58 --------- d-----w C:\Program Files\RM Converter

2008-07-14 10:00 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\FastStone

2008-07-14 10:00 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\FastStone

2008-07-14 07:25 --------- d-----w C:\Program Files\IrfanView

2008-07-09 16:30 --------- d-----w C:\Program Files\Gadu-Gadu

2008-07-07 10:56 --------- d-----w C:\Program Files\Ontrack

2008-07-07 10:56 --------- d-----w C:\Program Files\InstallShield Installation Information

2008-07-07 10:55 --------- d-----w C:\Program Files\Digital Image Recovery

2008-07-07 10:52 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-06 18:11 --------- d-----w C:\Program Files\uTorrent

2008-07-01 13:03 --------- d-----w C:\Program Files\Any Video Converter

2008-06-30 10:03 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Any Video Converter

2008-06-30 10:03 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Any Video Converter

2008-06-28 16:40 --------- d-----w C:\Program Files\NCH Software

2008-06-28 16:28 --------- d-----w C:\Program Files\NCH Swift Sound

2008-06-28 16:28 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\NCH Swift Sound

2008-06-28 16:28 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\NCH Swift Sound

2008-06-28 16:28 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\NCH Swift Sound

2008-06-26 19:44 --------- d-----w C:\Program Files\PC Tools Firewall Plus

2008-06-26 19:37 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\PCToolsFirewallPlus

2008-06-26 19:37 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\PCToolsFirewallPlus

2008-06-26 19:35 --------- d-----w C:\Program Files\Common Files\PC Tools

2008-06-26 19:20 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Comodo

2008-06-26 19:20 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Comodo

2008-06-26 19:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\comodo

2008-06-25 16:19 --------- d-----w C:\Program Files\Yamicsoft

2008-06-25 15:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-06-25 15:26 --------- d-----w C:\Program Files\ffdshow

2008-06-24 20:51 --------- d-----w C:\Program Files\eMule

2008-06-23 15:36 --------- d-----w C:\Program Files\QuickTime Alternative

2008-06-23 15:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer

2008-06-22 18:33 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-06-22 18:33 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll

2008-06-21 12:02 --------- d-----w C:\Program Files\Lavalys

2008-06-20 23:13 --------- d-----w C:\Program Files\Ciel

2008-06-20 15:55 --------- d-----w C:\Program Files\Pazera_Free_FLV_to_AVI_Converter

2008-06-20 13:04 --------- d-----w C:\Program Files\eRightSoft

2008-06-17 16:38 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\PC Suite

2008-06-17 16:38 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\PC Suite

2008-06-17 16:37 --------- d-----w C:\Program Files\CDex_150

2008-06-17 16:28 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Nokia Multimedia Player

2008-06-17 16:28 --------- d-----w C:\Documents and Settings\michał\Dane aplikacji\Nokia Multimedia Player

2008-06-17 16:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

2008-06-17 16:18 --------- d-----w C:\Program Files\Nokia

2008-06-17 16:18 --------- d-----w C:\Program Files\Common Files\PCSuite

2008-06-17 16:18 --------- d-----w C:\Program Files\Common Files\Nokia

2008-06-17 16:17 --------- d-----w C:\Program Files\PC Connectivity Solution

2008-06-17 16:17 --------- d-----w C:\Program Files\DIFX

2008-06-17 16:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations

2005-05-03 18:45 161,862 ----a-w C:\Program Files\Dossier-web.ico

2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-03-05 09:37 1238928]

"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-03-28 14:37 2598808]

"AdslTaskBar"="stmctrl.dll" [2006-06-02 09:01 151552 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.yv12"= yv12vfw.dll

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\WINDOWS\system32\sessmgr.exe"=

"C:\Program Files\uTorrent\uTorrent.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-03-12 09:30]

R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-02-21 08:56]

R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-02-21 08:56]

R3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 05:26]

R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 12:51]

R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-07-05 13:50]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

  • ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\michał\Dane aplikacji\Mozilla\Firefox\Profiles\pzqhk6n4.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-17 12:22:22

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-17 12:24:01

ComboFix-quarantined-files.txt 2008-08-17 10:23:42

Pre-Run: 906,776,576 bajtów wolnych

Post-Run: 942,112,768 bajtów wolnych

162


(JNJN) #2

Czekaj, następnym razem logi wklejaj jak w linku - poczytaj.JNJN

viewtopic.php?f=16&t=253052


(Spandau) #3

Do wyleczenia pendriva lub karty pamięci użyj http://www.softpedia.com/get/Security/S ... Tool.shtml

Flash Disinfector http://www.searchengines.pl/index.php?s ... ntry369724

lub format

Log wygląda na czysty.

usuń folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!