Pendrive Kingston Datatraveler-Otwórz za pomocą - Forum IDG.pl

Witam, mam wielki problem... Do tego czasu pendrive działał normalnie gdy nie wyskoczył jakiś wirus... Od tej pory gdy próbuje włączyć Pendrive'a wyskakuje mi okienko Otwórz za pomocą...
Oto Logi z combofixa i hijackthis'a

Combofix-

Cytuj

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-23 18:04:20 39408]
"Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 16:07:34 11391592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-07-12 04:00:32 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-07-12 04:00:28 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-07-12 04:00:29 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 06:49:22 16377344]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 08:38:47 209153]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-09-24 04:29:28 2971608]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 06:20:42 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2009-07-01 16:37:06 37888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 03:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 11:08:30 935288]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 19:24:46 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 03:17:36 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2009-06-09 21:45:00 15360]

C:\Documents and Settings\arn\Menu Start\Programy\Autostart\
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-22 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Counter-Strike\\hl.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 pctgntdi;pctgntdi;C:\WINDOWS\system32\drivers\pctgntdi.sys [2009-10-16 18:25:14 229304]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-10-16 18:16:01 108289]
R2 PCTAppEvent;PCTAppEvent Driver;C:\WINDOWS\system32\drivers\PCTAppEvent.sys [2009-10-16 18:25:15 87656]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;C:\WINDOWS\system32\drivers\pctNdis-DNS.sys [2009-10-16 18:25:04 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys [2009-10-16 18:25:04 70280]
R3 pctNDIS;PC Tools Driver;C:\WINDOWS\system32\drivers\pctNdis.sys [2009-10-16 18:25:04 46592]
R3 pctplfw;pctplfw;C:\WINDOWS\system32\drivers\pctplfw.sys [2009-10-16 18:25:01 115088]
S0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [2009-10-20 15:11:33 721904]
S2 dlgx1;dlgx1;C:\WINDOWS\system32\dlg.exe [2009-10-23 18:22:50 256000]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?]

HiJackThis-

Cytuj

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:37, on 2010-01-17
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\dlg.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\arn\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WindowsTaskMessenger] C:\Windows\mswintask.exe
O4 - HKLM\..\Run: [dxdiagboost] C:\DOCUME~1\arn\USTAWI~1\Temp\IXP000.TMP\sv4logs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E4E9DDE-50BB-4B09-BD29-8FFE617772C6}: NameServer = 10.10.50.1,192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7E4E9DDE-50BB-4B09-BD29-8FFE617772C6}: NameServer = 10.10.50.1,192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7E4E9DDE-50BB-4B09-BD29-8FFE617772C6}: NameServer = 10.10.50.1,192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: dlgx1 - Unknown owner - C:\WINDOWS\system32\dlg.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 7450 bytes

Bardzo prosze o pomoc!! Dzieki!

Forum IDG.pl - miejsce dyskusji o IT: Pendrive Kingston Datatraveler-Otwórz za pomocą - Forum IDG.pl - miejsce dyskusji o IT

Zasady forum eksperckiego

Pendrive Kingston Datatraveler-Otwórz za pomocą Kingston Datatraveler-Otwórz za pomocą Oceń temat:

#1 Vooojtas

#2 repylek

Prześlij ten temat:

Podobne tematy

1 Użytkowników czyta ten temat
0 użytkowników, 1 gości, 0 anonimowych użytkowników

Usuń post

Podobne aktualności

Reklama

Skin i Język

Statystyki wykonywania