ComboFix.txt

Zarażone pendrive - jak wyleczyć?

ok wielkie dzięki ! ale jest jeszcze jedna prośba nastepny pendrive i nastepny wirus( UFO czy jakos tak ).Proszę o sprawdzenie loga i fixa do niego... Zaraz po tym zrobię gruntowny skan ale najpierw trza tego pendrive przelecieć :D


ComboFix 08-03-25.4 - lol 2008-03-26 17:35:46.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.692 [GMT 1:00]
Running from: D:\Crysis\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-26 16:09 . 2008-03-26 16:09 & lt; DIR & gt; d-------- C:\Program Files\RivaTuner v2.08
2008-03-23 20:18 . 2008-03-23 20:18 & lt; DIR & gt; d-------- C:\Documents and Settings\lol\Dane aplikacji\ESET
2008-03-23 20:10 . 2008-03-23 20:10 & lt; DIR & gt; d-------- C:\Program Files\ESET
2008-03-23 20:10 . 2008-03-23 20:10 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-03-23 19:41 . 2008-03-23 19:41 16,244 --a------ C:\WINDOWS\system32\rrt_is.wav
2008-03-23 19:41 . 2008-03-23 19:41 7,302 --a------ C:\WINDOWS\system32\rrt_vf.wav
2008-03-23 19:41 . 2008-03-23 19:41 7,148 --a------ C:\WINDOWS\system32\rrt_tv.wav
2008-03-23 19:41 . 2008-03-23 19:41 6,282 --a------ C:\WINDOWS\system32\rrt_tn.wav
2008-03-22 11:39 . 2008-03-22 11:39 & lt; DIR & gt; d-------- C:\WINDOWS\system32\Futuremark
2008-03-22 11:39 . 2008-03-22 11:39 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Futuremark Shared
2008-03-22 11:39 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-03-21 16:13 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-03-19 22:56 . 2008-03-19 22:56 & lt; DIR & gt; d-------- C:\Program Files\SystemRequirementsLab
2008-03-18 19:47 . 2008-03-18 19:47 & lt; DIR & gt; d-------- C:\Program Files\Google
2008-03-18 17:36 . 2008-03-18 17:36 & lt; DIR & gt; d-------- C:\Documents and Settings\lol\SystemRequirementsLab
2008-03-18 15:59 . 2008-03-18 15:59 & lt; DIR & gt; d--hs---- C:\WINDOWS\ftpcache
2008-03-17 21:20 . 2008-03-17 21:20 97,488 ---h----- C:\treeinfo.wc
2008-03-14 17:30 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-13 21:10 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-13 21:10 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-13 21:10 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-13 21:10 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-03-08 09:59 . 2005-06-14 11:36 77,824 -ra------ C:\WINDOWS\SET71.tmp
2008-03-08 09:58 . 2008-03-08 09:58 169 --a------ C:\WINDOWS\RtlRack.ini
2008-03-02 17:10 . 2008-03-02 17:10 & lt; DIR & gt; d-------- C:\rodki powierzchniowo czynne_files
2008-03-02 17:10 . 2008-03-02 17:10 41,823 --a------ C:\rodki powierzchniowo czynne.htm
2008-03-02 15:05 . 2008-03-21 11:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 15:05 . 2008-03-02 15:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-26 19:22 . 2008-02-26 19:22 2,155,208 --a------ C:\tcmd702a.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 08:19 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-23 16:59 --------- d-----w C:\Documents and Settings\lol\Dane aplikacji\uTorrent
2008-03-22 10:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 09:45 --------- d-----w C:\Documents and Settings\lol\Dane aplikacji\teamspeak2
2008-03-17 18:59 --------- d-----w C:\Program Files\Java
2008-03-17 17:17 --------- d-----w C:\Program Files\Chicken Invaders 3
2008-03-08 22:45 --------- d-----w C:\Documents and Settings\lol\Dane aplikacji\THQ
2008-02-24 20:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-02-19 20:46 1,955,016 ----a-w C:\PPVIEWER.EXE
2008-02-14 17:42 --------- d-----w C:\Program Files\Common Files\DirectX
2008-02-10 21:21 --------- d-----w C:\Program Files\AMT
2008-02-08 13:06 --------- d-----w C:\Program Files\GameSpy
2008-02-08 13:03 22,328 ----a-w C:\Documents and Settings\lol\Dane aplikacji\PnkBstrK.sys
2008-02-06 21:24 2,838,440 ----a-w C:\Shockwave_Installer_Slim.exe
2008-02-06 09:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-06 09:41 --------- d-----w C:\Documents and Settings\lol\Dane aplikacji\Microsoft Web Folders
2008-02-04 20:29 --------- d-----w C:\Program Files\VOX BOX 2.02
2008-02-02 18:46 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-02 18:45 --------- d-----w C:\Program Files\Ahead
2008-02-02 17:43 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-02 17:43 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-02 17:43 --------- d-----w C:\Program Files\OpenAL
2008-02-01 19:54 --------- d-----w C:\Program Files\Tasker
2008-02-01 19:37 --------- d-----w C:\Program Files\Ocean Technology
2008-02-01 19:37 --------- d-----w C:\Documents and Settings\lol\Dane aplikacji\InstallShield
2008-01-27 21:21 --------- d-----w C:\Program Files\Gadu-Gadu
.

((((((((((((((((((((((((((((( snapshot_2008-03-23_20.33.05,29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-26 16:32:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_588.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" DAEMON Tools " = " C:\Program Files\DAEMON Tools\daemon.exe " [2007-08-16 12:24 167368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" avast! " = " C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe " [2007-12-04 14:00 79224]
" iKeyWorks " = " C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe " [2006-04-09 18:31 61440]
" NvCplDaemon " = " C:\WINDOWS\system32\NvCpl.dll " [2007-12-05 01:41 8523776]
" nwiz " = " nwiz.exe " [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
" Gainward " = " C:\Program Files\VDOTool\TBPanel.exe " [2007-06-26 14:58 2165272]
" SunJavaUpdateSched " = " C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe " [2007-09-25 01:11 132496]
" Adobe Reader Speed Launcher " = " C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe " [2007-10-10 19:51 39792]
" NvMediaCenter " = " C:\WINDOWS\system32\NvMcTray.dll " [2007-12-05 01:41 81920]
" NeroFilterCheck " = " C:\WINDOWS\system32\NeroCheck.exe " [2001-07-09 11:50 155648]
" SoundMan " = " SOUNDMAN.EXE " [2005-06-14 11:36 77824 C:\WINDOWS\soundman.exe]
" RRT-Auto " = " D:\Crysis\RRT\RRT.exe " [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
" PnkBstrA " =2 (0x2)
" FLEXnet Licensing Service " =3 (0x3)
" Bonjour Service " =2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
" AntiVirusOverride " =dword:00000001
" FirewallOverride " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
" EnableFirewall " = 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" C:\\Program Files\\Bonjour\\mDNSResponder.exe " =
" C:\\Program Files\\uTorrent\\uTorrent.exe " =
" D:\\program files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe " =
" D:\\program files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe " =

R0 ABIT-IO;ABIT-IO;C:\WINDOWS\system32\Drivers\ABIT-IO.sys [2004-09-09 18:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{221d94c8-ca47-11dc-b3b9-00508d7d7d88}]
\Shell\AutoRun\command - I:\v.com
\Shell\explore\Command - I:\v.com
\Shell\open\Command - I:\v.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27e803b3-d646-11dc-b3e4-00508d7d7d88}]
\Shell\AutoRun\command - I:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaf0d43f-c85d-11dc-b3b0-00508d7d7d88}]
\Shell\AutoRun\command - xnynrnh.exe
\Shell\explore\Command - xnynrnh.exe
\Shell\open\Command - xnynrnh.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 17:37:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-26 17:37:48
ComboFix-quarantined-files.txt 2008-03-26 16:37:39
ComboFix2.txt 2008-03-23 19:33:33
ComboFix3.txt 2008-03-23 18:15:23
ComboFix4.txt 2008-03-18 13:19:06


Pobierz plik - link do postu