witam ostatnio zaczęły mi wyaskakiwać komunikaty że mój komputer został zainfekowany Trojanem-Spy.win32@mx i NetWorm-i.Virus@fp oraz że prędkość mojego internetu została zmniejszona oraz szybkość działania systemu.Nie mogę ich wywalić żadnym antywirusem oto logi. Proszę o pomoc
Co zrobić jeżeli odpalam combofixa i wyskakuje mi "Current date is 2007-11-19.This copy of comboFix has expired.Please download an updated copy.Sciagalem juz z roznych stron i ciagle to samo.
Oto log z Deckard’s System Scanner
PS:po przeskanowaniu i usunięciu plików VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone,już mi nie wyświetla komunikatów o wirusach.
Deckard's System Scanner v20071014.68
Run by PAWEŁ on 2007-11-19 19:17:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 1 Restore Point(s) --
1: 2007-11-19 18:17:33 UTC - RP251 - Deckard's System Scanner Restore Point
Backed up registry hives.
Performed disk cleanup.
[color=red]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]
[color=red]System Drive C: has 0.12 GiB (less than 15%) free.[/color]
-- HijackThis (run as PAWEŁ.exe) -----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:18:41, on 2007-11-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
D:\dss.exe
D:\HIJACK~1\PAWEŁ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\real player\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: (no name) - {38B05BAD-E1CE-4593-974A-1065C0FC9BCD} - C:\WINDOWS\system32\ddaya.dll (file missing)
O2 - BHO: {6131f725-80e9-bbdb-8674-0c82a713f3b6} - {6b3f317a-28c0-4768-bdbb-9e08527f1316} - C:\WINDOWS\system32\lnisjdch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - d:\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpIDerMail] "d:\DrWeb\spiderml.exe"
O4 - HKLM\..\Run: [DrWebScheduler] d:\DrWeb\DRWEBSCD.EXE
O4 - HKLM\..\Run: [SpIDerNT] d:\DrWeb\spidernt.exe /agent
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [a4565d70] rundll32.exe "C:\WINDOWS\system32\mbmgjnov.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Purple Lounge Poker - {701FD202-200A-4bd1-9380-BC8A722B43A5} - C:\Microgaming\Poker\PurpleloungeMPP\MPPoker.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{531002C5-EC48-475D-B980-88D9E06FA229}: NameServer = 80.51.69.2,194.204.159.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{531002C5-EC48-475D-B980-88D9E06FA229}: NameServer = 80.51.69.2,194.204.159.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{531002C5-EC48-475D-B980-88D9E06FA229}: NameServer = 80.51.69.2,194.204.159.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Unknown owner - d:\DrWeb\SpiderNT.exe (file missing)
-- HijackThis Fixed Entries (D:\HIJACK~1\backups\) -----------------------------
backup-20071119-145205-564 R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
backup-20071119-145540-402 O4 - HKCU\..\Run: [asrupdate.exe] C:\WINDOWS\system32\asrupdate.exe
backup-20071119-145540-623 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\SYSTEM32\uccjowfu.dll
backup-20071119-145540-798 O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
backup-20071119-145542-897 O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
backup-20071119-145542-974 O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
backup-20071119-145543-692 O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cfullpkr.exe (file missing)
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R0 MMRTKRNL - c:\windows\system32\drivers\mmrtkrnl.sys
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys
R1 drwebnet (SpIDer Guard boot hook driver for Windows NT) - c:\windows\system32\drivers\drwebnet.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 Vcs (Vcs support) - c:\windows\system32\drivers\vcs.sys
R3 actser - c:\windows\system32\drivers\actser.sys
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
S2 SPIDER (SpIDer FS Monitor for Windows NT) - d:\drweb\spider.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 ddsxeiservice (ddsxeiservice2) - d:\sxe injected\ddsxei.sys
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
S3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)
S3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys
S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe"
S2 spidernt (SpIDer Guard for Windows NT) - d:\drweb\spidernt.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 DomainService - c:\windows\system32\cfullpkr.exe /service (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: Kontroler Uniwersalnej magistrali szeregowej (USB)
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_80ED1043&REV_86\3&267A616A&0&84
Manufacturer:
Name: Kontroler Uniwersalnej magistrali szeregowej (USB)
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_80ED1043&REV_86\3&267A616A&0&84
Service:
-- Scheduled Tasks -------------------------------------------------------------
2007-11-19 19:10:40 428 --a------ C:\WINDOWS\Tasks\06. Przesiaknieci Dzwiekiem (Feat. Foster, Mercedresu).job
2007-11-19 16:00:02 258 --ah----- C:\WINDOWS\Tasks\ACE34E8F91FCFFDB.job
-- Files created between 2007-10-19 and 2007-11-19 -----------------------------
2007-11-19 15:30:40 0 d-------- C:\VundoFix Backups
2007-11-19 14:51:20 0 d-------- C:\Program Files\MSXML 4.0
2007-11-19 14:49:46 85056 --a------ C:\WINDOWS\system32\mbmgjnov.dll
2007-11-19 14:47:52 83008 --a------ C:\WINDOWS\system32\lnisjdch.dll
2007-11-19 14:47:50 71232 --a------ C:\WINDOWS\system32\vpywgitb.exe
2007-11-19 14:46:16 0 d--hs---- C:\FOUND.000
2007-11-18 20:52:47 0 dr-h----- C:\Documents and Settings\suchy\Recent
2007-11-18 16:48:36 0 d-------- C:\WINDOWS\pss
2007-11-18 14:53:44 3190 --a------ C:\WINDOWS\mozver.dat
2007-11-18 11:48:27 71232 --a------ C:\WINDOWS\system32\slqtedjv.exe
2007-11-17 13:30:03 0 d-------- C:\Documents and Settings\suchy\Application Data\Spyware Terminator
2007-11-17 13:01:39 0 d-------- C:\Documents and Settings\Iwona\Application Data
2007-11-17 13:01:39 0 d-------- C:\Documents and Settings\Iwona\Application Data\Spyware Terminator
2007-11-17 12:29:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-11-17 12:29:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Spyware Terminator
2007-11-17 12:27:19 0 d-------- C:\Documents and Settings\PAWEŁ.SUCHY\Application Data
2007-11-16 22:38:05 0 dr------- C:\Documents and Settings\All Users\Application Data
2007-11-16 22:38:05 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2007-11-16 22:25:58 81842 --a------ C:\WINDOWS\system32\jqiuhxnd.dll
2007-11-16 22:19:37 81984 --a------ C:\WINDOWS\system32\lflncaxb.dll
2007-11-16 20:14:56 0 d-------- C:\WINDOWS\?racle
2007-11-16 20:14:52 0 d-------- C:\Program Files\Outerinfo
2007-11-15 08:33:03 0 d-------- C:\Program Files\Common Files\NSV
2007-11-09 13:24:04 0 d-------- C:\Program Files\Paint.NET
2007-11-02 22:57:54 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-02 22:57:34 0 d-------- C:\Program Files\Common Files\Real
2007-11-02 22:51:09 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-02 22:48:44 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-30 14:37:07 0 d-------- C:\Program Files\MidAtlanticPoker
2007-10-25 12:53:27 0 d-------- C:\WINDOWS\system32\FlashAX
2007-10-25 12:23:35 0 d-------- C:\Program Files\Everest Poker
2007-10-24 14:39:30 0 d--hs---- C:\FOUND.023
2007-10-19 20:49:47 0 d-------- C:\Program Files\NextPoker
-- Find3M Report ---------------------------------------------------------------
2007-11-18 17:28:38 0 d-------- C:\Documents and Settings\PAWEŁ.SUCHY\Dane aplikacji\AdobeUM
2007-11-18 13:00:20 0 d-------- C:\Documents and Settings\PAWEŁ.SUCHY\Dane aplikacji\Lavasoft
2007-11-11 12:39:08 0 d-------- C:\Documents and Settings\PAWEŁ.SUCHY\Dane aplikacji\ACD Systems
2007-11-07 18:34:54 0 d-------- C:\Documents and Settings\PAWEŁ.SUCHY\Dane aplikacji\Winamp
2007-11-02 23:09:24 114688 --a------ C:\WINDOWS\system32\wmatimer.dll
2007-10-12 17:37:56 0 d-------- C:\Program Files\FxFoto
2007-10-12 17:28:36 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-09-30 20:25:28 0 d-------- C:\Documents and Settings\PAWEŁ.SUCHY\Dane aplikacji\vlc
2007-09-30 17:34:30 0 d-------- C:\Program Files\VideoLAN
2007-09-24 19:49:22 0 d-------- C:\Program Files\PacificPoker4
2007-09-24 19:28:54 0 d-------- C:\Program Files\HollywoodPoker
2007-09-21 16:44:24 0 d-------- C:\Documents and Settings\PAWEŁ.SUCHY\Dane aplikacji\Hamachi
2007-08-22 19:27:44 32 --a------ C:\WINDOWS\system87sG.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38B05BAD-E1CE-4593-974A-1065C0FC9BCD}]
C:\WINDOWS\system32\ddaya.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6b3f317a-28c0-4768-bdbb-9e08527f1316}]
2007-11-19 14:47 83008 --a------ C:\WINDOWS\system32\lnisjdch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 18:15]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"Resume copy"="copyfstq.exe" [2007-01-09 20:03 C:\WINDOWS\copyfstq.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"SpIDerMail"="d:\DrWeb\spiderml.exe" []
"DrWebScheduler"="d:\DrWeb\DRWEBSCD.EXE" []
"SpIDerNT"="d:\DrWeb\spidernt.exe" []
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-02 22:57]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2007-10-10 06:28]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 14:47]
"Realtime Audio Engine"="mmrtkrnl.exe" [2005-01-20 12:02 C:\WINDOWS\system32\MMRTKRNL.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]
"a4565d70"="C:\WINDOWS\system32\mbmgjnov.dll" [2007-11-19 14:49]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-04 22:26]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaya.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PAWEŁ.SUCHY^Menu Start^Programy^Autostart^Registration .LNK]
path=C:\Documents and Settings\PAWEŁ.SUCHY\Menu Start\Programy\Autostart\Registration .LNK
backup=C:\WINDOWS\pss\Registration .LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
D:\Ad-Aware 2007\Ad-Watch2007.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
-- Hosts -----------------------------------------------------------------------
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
60 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-11-19 19:19:20 ------------sciagnalem tego combofixa co polecales i znowy mi wyskakuje "Current date is 2007-11-20.itd