trojan

**Posty:** 105 · przez **Autograf** 03 Maj 2008, 18:10

błagam niech ktoś mi wytłumaczy jak ostatniemu głupkowi jak mam usunąć trojana za pomocą avasta? albo za pomocą spybota?narazie mam go w kwarantannie ale co dalej?
http://www.upimg.eu/show.php?p=8644

**Posty:** 7838 · przez **Lukesh** 03 Maj 2008, 18:11

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
:arrow:

Zrob skan on-line www.ewido.com
:arrow:

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

zastosuj:
SDFix

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

:arrow:

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
:arrow:

na sam koniec wstaw logi z HJ: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[ Dodano: Dzisiaj o 18:11 ]
Btw. Screeny wstawiamy na www.up.programosy.pl :!:

**Posty:** 105 · przez **Autograf** 03 Maj 2008, 18:53

cos takiego wyskakuje

**Posty:** 7838 · przez **Lukesh** 03 Maj 2008, 18:58

Zacznij wiec od tego:

Lukesh napisał(a):Arrow Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html

**Posty:** 8001 · przez **Okocza** 03 Maj 2008, 20:01

Lukesh napisał(a):ComboFix

może nie pójść na Viscie - daj log z hijack

jeśli pójdzie Combofix to najpierw uruchom Combofixa a dopiero potem hijack'a

**Posty:** 7838 · przez **Lukesh** 03 Maj 2008, 20:26

A skad wiesz, ze to Vista? Bo w prawym, dolnym rogu widze XPeka, wiec wszystko powinno ruszyc

. Pierwszy blad - wina wirusa.

**Posty:** 105 · przez **Autograf** 04 Maj 2008, 13:29

to jest vista, sorry, zapomniałam wspomniec, faktycznie combofix nie chodzi

**Posty:** 8001 · przez **Okocza** 04 Maj 2008, 13:31

Lukesh napisał(a):A skad wiesz, ze to Vista?

po 1 to wygląd okien wskazuje na viste - nawet theme do xp z visty wyglada inaczej, a teraz jeszcze kolega potwierdzil

Autograf napisał(a):faktycznie combofix nie chodzi

to

okocza napisał(a):daj log z hijack

**Posty:** 105 · przez **Autograf** 04 Maj 2008, 13:35

a to log z HJ:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:32:00, on 2008-05-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CacheBoost\trayicon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Regina\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CacheBoost] C:\Program Files\CacheBoost\trayicon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Regina\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SoundMax] "E:\Audio\32bit\SM_Panel\Sys\SMax4.exe" /tray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24516228-E723-49C9-9B99-8CEA377BE53B}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{24516228-E723-49C9-9B99-8CEA377BE53B}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak India - C:\Program Files\CacheBoost\cbsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

--
End of file - 9943 bytes

pomocy!

**Posty:** 8001 · przez **Okocza** 04 Maj 2008, 13:40

spróbuj dss'a, bo tu nic nie widać...

http://www.techsupportforum.com/sectools/Deckard/dss.exe

**Posty:** 105 · przez **Autograf** 04 Maj 2008, 13:53

Deckard's System Scanner v20071014.68
Run by Regina on 2008-05-04 13:42:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
31: 2008-05-03 15:53:34 UTC - RP108 - Installed Norton AntiBot.
30: 2008-05-03 15:47:45 UTC - RP107 - Installed Norton AntiBot.
29: 2008-05-03 15:12:38 UTC - RP106 - Windows Update
28: 2008-05-03 12:15:31 UTC - RP105 - Removed Norton AntiBot.
27: 2008-04-24 16:09:53 UTC - RP104 - Installed LiveUpdate

-- First Restore Point --
1: 2008-03-22 16:57:59 UTC - RP65 - Windows Update

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1022 MiB (1024 MiB recommended).

-- HijackThis (run as Regina.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:48:38, on 2008-05-04
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CacheBoost\trayicon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Regina\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Regina\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Regina Kupczyk.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CacheBoost] C:\Program Files\CacheBoost\trayicon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Regina\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SoundMax] "E:\Audio\32bit\SM_Panel\Sys\SMax4.exe" /tray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/SmileyCentralFWBInitialSetup1.0.1.0.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24516228-E723-49C9-9B99-8CEA377BE53B}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{24516228-E723-49C9-9B99-8CEA377BE53B}: NameServer = 194.204.159.1 217.98.63.164
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak India - C:\Program Files\CacheBoost\cbsrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe

--
End of file - 9957 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 NCHSSVAD (SoundTap Recorder) - c:\windows\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CacheBoost Service (CacheBoost Performance Optimizer and Tuner Service) - c:\program files\cacheboost\cbsrv.exe <Not Verified; Systweak India; Systweak CacheBoost>
R2 ProtexisLicensing - "c:\program files\common files\protexis\license service\psiservice.exe" <Not Verified; ; PSIService>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft 6to4
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Karta Microsoft 6to4 #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft ISATAP
Device ID: ROOT\*ISATAP\0004
Manufacturer: Microsoft
Name: isatap.{24516228-E723-49C9-9B99-8CEA377BE53B}
PNP Device ID: ROOT\*ISATAP\0004
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft ISATAP
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: isatap.{24516228-E723-49C9-9B99-8CEA377BE53B}
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft ISATAP
Device ID: ROOT\*ISATAP\0008
Manufacturer: Microsoft
Name: isatap.{24516228-E723-49C9-9B99-8CEA377BE53B}
PNP Device ID: ROOT\*ISATAP\0008
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft ISATAP
Device ID: ROOT\*ISATAP\0018
Manufacturer: Microsoft
Name: isatap.{24516228-E723-49C9-9B99-8CEA377BE53B}
PNP Device ID: ROOT\*ISATAP\0018
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft ISATAP
Device ID: ROOT\*ISATAP\0020
Manufacturer: Microsoft
Name: isatap.{24516228-E723-49C9-9B99-8CEA377BE53B}
PNP Device ID: ROOT\*ISATAP\0020
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft ISATAP
Device ID: ROOT\*ISATAP\0021
Manufacturer: Microsoft
Name: isatap.{24516228-E723-49C9-9B99-8CEA377BE53B}
PNP Device ID: ROOT\*ISATAP\0021
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft ISATAP
Device ID: ROOT\*ISATAP\0025
Manufacturer: Microsoft
Name: isatap.{24516228-E723-49C9-9B99-8CEA377BE53B}
PNP Device ID: ROOT\*ISATAP\0025
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft ISATAP
Device ID: ROOT\*ISATAP\0027
Manufacturer: Microsoft
Name: isatap.{24516228-E723-49C9-9B99-8CEA377BE53B}
PNP Device ID: ROOT\*ISATAP\0027
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Karta Microsoft ISATAP
Device ID: ROOT\*ISATAP\0028
Manufacturer: Microsoft
Name: isatap.{24516228-E723-49C9-9B99-8CEA377BE53B}
PNP Device ID: ROOT\*ISATAP\0028
Service: tunnel

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: STORAGE DEVICE
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_9602#000000009602&0#
Manufacturer: Generic
Name: STORAGE DEVICE
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_9602#000000009602&0#
Service: WUDFRd

-- Scheduled Tasks -------------------------------------------------------------

2008-05-04 13:37:31 440 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{77371E49-EFDC-4048-B31D-17F67CA9D038}.job

-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 13:31:33 0 d-------- C:\Program Files\Trend Micro
2008-05-03 19:07:41 0 d-------- C:\327882R2FWJFW
2008-05-03 19:02:41 0 d-------- C:\Program Files\SkanerOnline
2008-05-03 17:48:19 0 d-------- C:\Program Files\Symantec
2008-05-03 17:32:23 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-30 16:21:39 0 d-------- C:\Program Files\Monte Cristo Multimedia
2008-04-30 16:03:52 0 d-------- C:\Windows\Your Memory! Część 2
2008-04-30 16:03:52 0 d-------- C:\Program Files\Your Memory! Część 2
2008-04-30 15:59:40 0 d-------- C:\Windows\Your Memory! Część 1
2008-04-30 15:59:40 0 d-------- C:\Program Files\Your Memory! Część 1
2008-04-30 14:46:23 2560 --a------ C:\Windows\_MSRSTRT.EXE
2008-04-26 15:25:58 0 d-------- C:\Program Files\Kangurek Kao Runda 2 (demo)
2008-04-24 18:10:04 0 d-------- C:\Program Files\LiveUpdate
2008-04-24 18:09:18 0 d-------- C:\Users\All Users\BVRP Software
2008-04-24 18:09:18 0 d-------- C:\Program Files\mobile PhoneTools
2008-04-21 19:31:03 0 d-------- C:\Program Files\The Adventure Company
2008-04-20 12:13:36 0 d-------- C:\Users\All Users\Flood Light Games
2008-04-20 12:09:12 0 d-------- C:\Program Files\Agatha Christie Peril at End House
2008-04-19 17:11:11 0 d-------- C:\Program Files\CacheBoost
2008-04-19 17:07:04 1040 --a------ C:\Windows\unins000.dat
2008-04-18 18:22:20 0 d-------- C:\Users\All Users\PlayfulAge
2008-04-18 18:21:49 0 d-------- C:\Windows\Pizza Chef
2008-04-18 18:21:49 0 d-------- C:\Program Files\Pizza Chef
2008-04-18 18:13:20 0 d-------- C:\Users\All Users\Totem Quest
2008-04-18 17:32:08 0 d-------- C:\Program Files\Totem Quest
2008-04-17 18:30:43 0 d-------- C:\Users\All Users\Adobe
2008-04-17 18:30:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-17 18:29:13 0 d-------- C:\Windows\Cache
2008-04-17 17:19:57 0 d-------- C:\Program Files\Mortimer Beckett and the Secrets of Spooky Manor
2008-04-13 15:39:00 0 d-------- C:\Program Files\The Da Vinci Code
2008-04-12 15:34:20 545 --a------ C:\Windows\UC.PIF
2008-04-12 15:34:20 545 --a------ C:\Windows\RAR.PIF
2008-04-12 15:34:20 545 --a------ C:\Windows\PKZIP.PIF
2008-04-12 15:34:20 545 --a------ C:\Windows\PKUNZIP.PIF
2008-04-12 15:34:20 545 --a------ C:\Windows\NOCLOSE.PIF
2008-04-12 15:34:20 545 --a------ C:\Windows\LHA.PIF
2008-04-12 15:34:20 545 --a------ C:\Windows\ARJ.PIF
2008-04-12 15:34:20 0 d-------- C:\totalcmd
2008-04-10 16:31:08 0 d-------- C:\Windows\Moje Gimnazjum Profil Matematyczno-Przyrodniczy
2008-04-10 16:31:08 0 d-------- C:\Program Files\Moje Gimnazjum Profil Matematyczno-Przyrodniczy
2008-04-10 16:28:24 0 d-------- C:\Users\All Users\ConeXware
2008-04-10 16:28:03 0 d-------- C:\Program Files\PowerArchiver
2008-04-10 16:24:07 0 d-------- C:\Users\All Users\Downloaded Installations
2008-04-08 13:37:20 0 d-------- C:\Program Files\Ballance
2008-04-05 14:27:21 0 d-------- C:\Kung Fu Kim
2008-04-04 18:44:17 0 d-------- C:\Program Files\Gimnazjum klasa 1 - Fizyka
2008-04-04 18:39:45 0 d-------- C:\Program Files\uTorrent

-- Find3M Report ---------------------------------------------------------------

2008-05-04 13:39:49 0 d-------- C:\Users\Regina\AppData\Roaming\DNA
2008-05-03 17:54:52 0 d-------- C:\Users\Regina\AppData\Roaming\Symantec
2008-05-03 14:11:49 0 d-------- C:\Program Files\Winamp
2008-05-03 13:10:42 0 d-------- C:\Program Files\ActivationManager
2008-05-03 13:06:07 0 d-------- C:\Users\Regina \AppData\Roaming\BitTorrent
2008-04-30 16:21:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 15:02:49 0 d-------- C:\Users\Regina\AppData\Roaming\uTorrent
2008-04-20 12:13:36 0 d-------- C:\Users\Regina\AppData\Roaming\Flood Light Games
2008-04-17 18:39:31 0 d-------- C:\Users\Regina\AppData\Roaming\Adobe
2008-04-17 18:30:42 0 d-------- C:\Program Files\Common Files
2008-04-12 15:36:49 0 d-------- C:\Users\Regina\AppData\Roaming\GHISLER
2008-04-10 18:00:15 0 d-------- C:\Program Files\Windows Mail
2008-04-09 14:55:01 159017 --a------ C:\Windows\hpoins19.dat
2008-04-04 18:12:49 0 d-------- C:\Program Files\BitTorrent
2008-04-03 18:55:28 0 d-------- C:\Users\Regina\AppData\Roaming\Winamp
2008-04-02 19:09:08 0 d-------- C:\Program Files\Paragon Software
2008-04-02 18:43:57 0 d-------- C:\Program Files\Mortimer and the Enchanted Castle
2008-04-02 17:58:24 0 d-------- C:\Program Files\Gimnazjum 4 - Fizyka
2008-04-01 15:59:30 0 d-------- C:\Program Files\Avalon
2008-03-30 17:07:26 535330 --a------ C:\Windows\system32\perfh015.dat
2008-03-30 17:07:26 86210 --a------ C:\Windows\system32\perfc015.dat
2008-03-30 15:36:20 0 d-------- C:\Program Files\PITy
2008-03-30 14:06:24 0 --a------ C:\Windows\nsreg.dat
2008-03-30 14:06:11 0 d-------- C:\Users\Regina\AppData\Roaming\Mozilla
2008-03-30 14:03:54 0 d-------- C:\Users\Regina\AppData\Roaming\BESTplayer
2008-03-29 20:15:28 0 d-------- C:\Program Files\Stardock
2008-03-29 16:32:29 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-29 16:32:19 0 d-------- C:\Users\Regina\AppData\Roaming\DAEMON Tools
2008-03-29 16:07:36 229057 --a------ C:\Windows\Alcohol_Toolbar_Uninstaller_8467.exe <Not Verified; Alcohol Soft; Alcohol Soft>
2008-03-29 16:07:36 0 d-------- C:\Program Files\Alcohol Toolbar
2008-03-29 16:07:27 0 d-------- C:\Program Files\Alcohol Soft
2008-03-29 16:00:11 0 d-------- C:\Program Files\SlySoft
2008-03-29 14:08:54 0 d-------- C:\Users\Regina\AppData\Roaming\Image Zone Express
2008-03-28 17:46:29 724992 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-28 17:46:03 0 d-------- C:\Program Files\PopCap Games
2008-03-28 14:29:22 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-28 14:29:17 0 d-------- C:\Program Files\Ballance 1LevelDemo
2008-03-19 19:22:58 0 d-------- C:\Users\Regina\AppData\Roaming\Ashampoo
2008-03-19 19:22:33 0 d-------- C:\Program Files\Ashampoo
2008-03-19 18:48:54 0 d-------- C:\Users\Regina\AppData\Roaming\Serif
2008-03-19 14:13:29 0 d-------- C:\Program Files\Serif
2008-03-19 14:11:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-14 22:54:17 0 d-------- C:\Users\Regina\AppData\Roaming\Creative
2008-03-14 22:40:51 0 d-------- C:\Program Files\Creative
2008-03-14 22:40:46 0 d--h----- C:\Program Files\Creative Installation Information
2008-03-14 22:40:04 0 d-------- C:\Program Files\Common Files\Creative
2008-03-04 16:28:07 0 d-------- C:\Program Files\QuickTime
2008-03-04 16:26:19 0 d-------- C:\Program Files\Apple Software Update
2008-02-16 21:02:26 23580 --a------ C:\Users\Regina\AppData\Roaming\UserTile.png
2008-02-15 20:13:04 60273 --a------ C:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-01 04:10]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 23:28]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 23:28]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 23:28]
"AdslTaskBar"="stmctrl.dll" [2007-02-06 17:47 C:\Windows\System32\stmctrl.dll]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 17:31]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 01:17]
"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21]
"CacheBoost"="C:\Program Files\CacheBoost\trayicon.exe" [2003-06-24 20:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 13:31]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-02 12:38]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15]
"BitTorrent DNA"="C:\Users\Regina\Program Files\DNA\btdna.exe" [2008-02-18 14:06]
"SoundMax"="E:\Audio\32bit\SM_Panel\Sys\SMax4.exe" []
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 12:03]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b4e84f0-9f2c-11dc-833e-806e6f6e6963}]
AutoRun\command- E:\CyberMycha.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16de1da1-9f2d-11dc-a518-001bfc9f5019}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d2c4c69-fd99-11dc-b619-f4fc3002f837}]
AutoRun\command- M:\startup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-05-04 13:50:14 ------------

log z dss

edit!: robiony był teraz skan avatem to wykrył dla odmiany pasożyta, dałam go do kwarantanny...

**Posty:** 18165 · przez **wojtas** 04 Maj 2008, 18:16

wklej do notatnika:

Folder::
C:\Program Files\ActivationManager

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16de1da1-9f2d-11dc-a518-001bfc9f5019}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum oraz podaj lokalizacje wirusów gdzie avast Ci wykrywa... na screenie jest pokazana czesc lokalizacji..

**Posty:** 105 · przez **Autograf** 05 Maj 2008, 15:44

wojtas, ale ja mam viste i combofix nie chodzi, jak próbuję go uruchomić to komputer pika i ikona znika z pulpitu!

**Posty:** 18165 · przez **wojtas** 05 Maj 2008, 16:55

Ściągnij OTMoveIt W okienko po lewej Paste List of Files/Folders to be Moved wklej

C:\Program Files\ActivationManager

Następnie naciskamy - MoveIt!. Pliki zostały przeniesione. Wynik operacji zobaczymy w prawym oknie Results.
Po całej operacji należy zresetować komputer

a te 2 pierwsze wirusy musisz sam wejsc i poporstu skasowac do kosza....

Jeśli nie będą widoczne, to najpierw usuń atrybuty ochronne:
>>Start>>Panel Sterowania>>Opcje Folderów>>Widok>>usuń zaznaczenie przy "Ukryj chronione pliki systemowe">
>zaznacz przy "Pokaż ukryte pliki">>Zastosuj>>OK.

**Posty:** 105 · przez **Autograf** 05 Maj 2008, 17:18

mam usunąć te zakazone pliki z folderu appdata? czy najpierw usunąć je z kwaranntanny?

**Posty:** 18165 · przez **wojtas** 05 Maj 2008, 17:59

z appdata

**Posty:** 105 · przez **Autograf** 05 Maj 2008, 18:10

wychodzi mi caly czas ze musze miec uprawnienia do wykonania tej operacji a jestem na jedynym koncie administratora!
czy killbox ttutaj cos poradzi?

**Posty:** 18165 · przez **wojtas** 05 Maj 2008, 18:29

to daj dokładne sciezki do tych plikow z appdata

**Posty:** 105 · przez **Autograf** 06 Maj 2008, 14:05

na screenie do góry są chyba dokładne...
ok, ten pierwszy ze screena(sam Cache)dałam do kosza, ale drugi(temp) nie idzie, a tym razem ze plik jest owtarty w innym programie...to użyć tego killboxa? sorry ze tak marudzę , ale sie nie znam...

**Posty:** 18165 · przez **wojtas** 06 Maj 2008, 14:55

tak uzyj killboxa z opcja delete on reboot

trojan

trojan

Kto jest na forum