Problem z wejściem na pendrive

Ostatnio miałem problem z jakimś trojanem. Zeskanowałem kompa avastem, no i go usunął, ale okazało się, że nie moge wejść z mojego komputera na wybraną partycję. Troche poczytałem w necie i uporałem sie z tym problemem programem Disinfector. Niestety teraz jak wkładam pendriva to się pyta o program jakim mam go otworzyć, właczam Disinfectora i moge wejść. Problem pojawia sie znowu gdy go wyciagne i ponownie włoże. Dołaczam logi HJT i comboscan.

Logfile of HijackThis v1.99.1

Scan saved at 23:15:22, on 2008-03-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

c:\windows\system32\svchost.exe

C:\Documents and Settings\Paweł.DOM\Pulpit\MOJE\Walka\HTJ,SR,CS,SFF,FWO\comboscan.exe

C:\DOCUME~1\PAWE~1.DOM\Pulpit\MOJE\Walka\PAWE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

ComboScan v20070306.20 run by Paweł on 2008-03-29 at 23:15:21

Computer is in Normal Mode.


– HijackThis (run as Paweł.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 23:15:22, on 2008-03-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

c:\windows\system32\svchost.exe

C:\Documents and Settings\Paweł.DOM\Pulpit\MOJE\Walka\HTJ,SR,CS,SFF,FWO\comboscan.exe

C:\DOCUME~1\PAWE~1.DOM\Pulpit\MOJE\Walka\PAWE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.5.0\bin\npjpi150.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

– Files created between 2008-02-29 and 2008-03-29 -----------------------------

2008-03-29 23:10:58 46080 --a------ C:\WINDOWS\system32\fsmgmt.dll

2008-03-20 14:07:56 0 d-------- C:\Program Files\BearShare Applications

2008-03-03 17:47:06 0 d-------- C:\Program Files\Canon

2008-03-03 17:41:18 0 d-------- C:\Program Files\Common Files\Canon

2008-03-03 17:27:13 5632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-03-03 17:27:11 159232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-03-03 17:27:10 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-03-01 18:32:05 0 d-------- C:\Program Files\Kangurek Kao - Tajemnica wulkanu

– Find3M Report ---------------------------------------------------------------

2008-03-29 22:47:31 479962 --a------ C:\WINDOWS\system32\perfh015.dat

2008-03-29 22:47:31 87142 --a------ C:\WINDOWS\system32\perfc015.dat

2008-03-20 19:38:21 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\BearShare

2008-03-14 11:47:28 0 d-------- C:\Program Files\Astonsoft

2008-03-14 11:43:17 0 d-------- C:\Program Files\Ahead

2008-03-08 22:22:31 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\ZoomBrowser EX

2008-03-08 22:21:05 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\CameraWindowDC

2008-03-08 22:19:28 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\CANON INC

2008-03-08 01:36:48 0 d-------- C:\Program Files\Common Files\Macrovision Shared

2008-03-08 01:34:21 0 d-------- C:\Program Files\Common Files\Adobe

2008-03-08 01:12:36 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\Adobe

2008-03-03 17:45:47 0 d–h----- C:\Program Files\InstallShield Installation Information

2008-03-03 17:45:24 0 d-------- C:\Program Files\QuickTime

2008-02-23 00:32:41 0 d-------- C:\Program Files\FM Modifier 2.2

2008-02-04 23:47:03 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\Azureus

2008-01-30 23:18:40 0 d-------- C:\Documents and Settings\Paweł.DOM\Dane aplikacji\Talkback

– Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe”

“MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background"

“LogitechSoftwareUpdate”="“C:\Program Files\Logitech\Video\ManifestEngine.exe” boot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe”

“NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup”

“WinampAgent”="“C:\Program Files\Winamp\winampa.exe”"

“QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

“Installed”=“1”

“NoChange”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

“Installed”=“1”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“ADVCHK”

“hkey”=“HKLM”

“command”=“C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“ccApp”

“hkey”=“HKLM”

“command”="“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”"

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“ctfmon”

“hkey”=“HKCU”

“command”=“C:\WINDOWS\System32\ctfmon.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“hpotdd01”

“hkey”=“HKLM”

“command”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“gg”

“hkey”=“HKCU”

“command”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray"

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GaduGadu]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“GaduGadu”

“hkey”=“HKLM”

“command”=“c:\windows\GaduGadu.scr”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“GoogleDesktop”

“hkey”=“HKLM”

“command”="“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup"

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“HPWuSchd”

“hkey”=“HKLM”

“command”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“hpztsb08”

“hkey”=“HKLM”

“command”=“C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“KazaaLite”

“hkey”=“HKLM”

“command”="“C:\Program Files\Kazaa Lite K++\kpp.exe” “C:\Program Files\Kazaa Lite K++\KazaaLite.kpp” /SYSTRAY"

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“ManifestEngine”

“hkey”=“HKCU”

“command”="“C:\Program Files\Logitech\Video\ManifestEngine.exe” boot"

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“ISStart”

“hkey”=“HKLM”

“command”=“C:\Program Files\Logitech\Video\ISStart.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“LogiTray”

“hkey”=“HKLM”

“command”=“C:\Program Files\Logitech\Video\LogiTray.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“LVCOMSX”

“hkey”=“HKLM”

“command”=“C:\WINDOWS\System32\LVCOMSX.EXE”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“MMTray”

“hkey”=“HKLM”

“command”=“MMTray.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“msmsgs”

“hkey”=“HKCU”

“command”="“C:\Program Files\Messenger\msmsgs.exe” /background"

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“NeroCheck”

“hkey”=“HKLM”

“command”=“C:\WINDOWS\system32\NeroCheck.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“NeroCheck”

“hkey”=“HKLM”

“command”=“C:\WINDOWS\system32\NeroCheck.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“NvCpl”

“hkey”=“HKLM”

“command”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“NVMCTRAY”

“hkey”=“HKCU”

“command”=“RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“qttask”

“hkey”=“HKLM”

“command”="“C:\Program Files\QuickTime\qttask.exe” -atboottime"

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“jusched”

“hkey”=“HKLM”

“command”=“C:\Program Files\Java\j2re1.5.0\bin\jusched.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“GoogleToolbarNotifier”

“hkey”=“HKCU”

“command”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“Amoumain”

“hkey”=“HKLM”

“command”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Automation]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“hkey”=“HKLM”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XoftSpy]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“XoftSpy”

“hkey”=“HKLM”

“inimapping”=“0”

“command”=“C:\Program Files\XoftSpy\XoftSpy.exe -s”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

“key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

“item”=“ypager”

“hkey”=“HKCU”

“command”=“C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet”

“inimapping”=“0”

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“XCOMM”=dword:00000002

“VSSERV”=dword:00000002

“bdss”=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

“appinit_dlls”=“sockspy.dll”

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE”

“NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit”

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE”

“NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit”

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

“SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll”

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{e06d297c-9cdd-11db-9484-00508d5380f4}]

Shell\AutoRun\command cayfq2.cmd

Shell\explore\Command cayfq2.cmd

Shell\open\Command cayfq2.cmd

– End of ComboScan: finished at 2008-03-29 at 23:15:43 ------------------------

Sprawdź, czy masz na pendrive plik autorun.inf, jeśli tak, usuń go.

fix

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

    C:\WINDOWS\SYSTEM32\fsmgmt.dll

Plik -> zapisz jako -> CFScript.txt

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.