mam problemy takie jak w temacie...
W opcjach folderow probuje zobaczyc ukryte pliki nic sie nie zmiania...
probowalem to w rejestrze przestawic ale samo sie odnawialo na stare
czesto odpala sie ddr.exe ostatnio mialem 307 procesow z czego ok 250 to ddr byl...
przy okazji odpala sie natarczywie IE i notatnik...
- Kod: Zaznacz wszystko
ComboFix 09-01-16.03 - CeLeS 2009-01-17 12:49:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.473 [GMT 1:00]
Uruchomiony z: c:\documents and settings\CeLeS\Moje dokumenty\Downloads\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\[u]0[/u]w.com
C:\1gk8ha.bat
C:\2u.com
C:\3rl3lqbq.bat
C:\abk.bat
C:\autorun.inf
C:\e.cmd
C:\h3.bat
C:\i.bat
C:\ij.bat
C:\iky.bat
C:\iqe68o.bat
C:\lky.exe
C:\m2nl.bat
C:\ncyrf.bat
C:\p1y2.cmd
C:\rcukd.cmd
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
c:\windows\system32\Cache
c:\windows\system32\ddr.exe
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\vamsoft.exe
C:\yannh.cmd
D:\[u]0[/u]8dgu.com
D:\[u]0[/u]w.com
D:\1gk8ha.bat
D:\2u.com
D:\3rl3lqbq.bat
D:\68.exe
D:\9.cmd
D:\abk.bat
D:\Autorun.inf
D:\b.exe
D:\bo1dhu.bat
D:\e.cmd
D:\h3.bat
D:\i.bat
D:\ij.bat
D:\iky.bat
D:\iqe68o.bat
D:\lky.exe
D:\m2nl.bat
D:\n6t1h.cmd
D:\ncyrf.bat
D:\nfdmg.com
D:\nq0cq.cmd
D:\otyh.cmd
D:\p1y2.cmd
D:\pnt.com
D:\rcukd.cmd
D:\vva0hc0p.cmd
D:\wjlfhtfm.cmd
D:\xih9.cmd
D:\yannh.cmd
D:\yew.bat
E:\[u]0[/u]8dgu.com
E:\[u]0[/u]u.cmd
E:\[u]0[/u]w.com
E:\1gk8ha.bat
E:\1u0o8bnq.cmd
E:\2u.com
E:\3rl3lqbq.bat
E:\68.exe
E:\9.cmd
E:\9yqusig.bat
E:\a1.bat
E:\abk.bat
E:\Autorun.inf
E:\b.exe
E:\b0j6j16.bat
E:\bo1dhu.bat
E:\e.cmd
E:\fe.bat
E:\h3.bat
E:\i.bat
E:\ij.bat
E:\iky.bat
E:\iqe68o.bat
E:\lky.exe
E:\m2nl.bat
E:\n6t1h.cmd
E:\ncyrf.bat
E:\nfdmg.com
E:\nq0cq.cmd
E:\otyh.cmd
E:\p1y2.cmd
E:\pnt.com
E:\rcukd.cmd
E:\vva0hc0p.cmd
E:\vxl.exe
E:\wjlfhtfm.cmd
E:\xih9.cmd
E:\xk2n.bat
E:\yannh.cmd
E:\yew.bat
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-17 do 2009-01-17 )))))))))))))))))))))))))))))))
.
2009-01-17 12:27 . 2009-01-17 12:27 <DIR> d-------- c:\program files\Trend Micro
2009-01-16 23:33 . 2009-01-17 12:08 95,744 -r-hs---- c:\windows\system32\nmdfgds2.dll
2009-01-16 22:45 . 2009-01-16 23:46 110,003 -r-hs---- C:\x2csvg.exe
2009-01-16 20:30 . 2009-01-17 12:27 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll
2009-01-16 20:29 . 2004-08-03 23:44 70,144 --a------ c:\windows\AhnRpta.exe
2009-01-16 20:21 . 2009-01-17 12:27 110,003 -r-hs---- c:\windows\system32\olhrwef.exe
2009-01-16 20:21 . 2009-01-17 12:13 95,744 --------- c:\windows\system32\nmdfgds0.dll
2009-01-11 18:29 . 2009-01-11 18:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-11 18:29 . 2009-01-16 23:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-01-10 21:50 . 2009-01-10 21:50 <DIR> d-------- c:\program files\Vista Drive Icon
2009-01-09 19:10 . 2009-01-09 19:15 <DIR> d-------- c:\documents and settings\Gość.CELES-NEXT\Dane aplikacji\Winamp
2009-01-07 21:59 . 2009-01-07 21:59 <DIR> d--h----- c:\windows\PIF
2009-01-06 19:06 . 2009-01-14 22:43 <DIR> d-------- c:\documents and settings\CeLeS\Dane aplikacji\mIRC
2009-01-05 21:52 . 2009-01-07 16:37 <DIR> d-------- c:\program files\SnadBoy's Revelation v2
2008-12-29 19:08 . 2008-12-29 19:08 <DIR> d-------- c:\windows\IIS Temporary Compressed Files
2008-12-29 19:04 . 2008-12-29 19:04 <DIR> d-------- c:\windows\system32\Logfiles
2008-12-24 11:54 . 2008-12-24 11:54 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-12-23 19:19 . 2008-12-23 19:30 36 --a------ c:\windows\wcx_ftp.ini
2008-12-23 17:47 . 2008-12-23 17:47 109,248 --a------ c:\windows\system32\mswinsck.ocx
2008-12-23 17:47 . 2008-12-23 17:48 103,744 --a------ c:\windows\system32\MSCOMM32.OCX
2008-12-23 08:56 . 2008-12-23 08:56 <DIR> d---s---- c:\documents and settings\CeLeS\UserData
2008-12-23 08:55 . 2008-12-23 08:55 <DIR> d-------- c:\program files\VersalSoft
2008-12-23 08:55 . 2008-12-23 08:55 <DIR> d-------- c:\program files\Universal
2008-12-23 08:50 . 2008-12-23 08:50 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 12:06 . 2008-12-21 16:44 <DIR> d-------- c:\program files\Hotspot Shield
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 11:49 78,848 ----a-w c:\windows\system32\afmain5.dll
2009-01-17 11:39 78,848 ----a-w c:\windows\system32\afmain8.dll
2009-01-17 10:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Tlen.pl
2009-01-16 22:06 85,504 --sh--r c:\windows\system32\vbsdfe0.dll
2009-01-14 21:41 --------- d-----w c:\program files\mIRC
2009-01-13 18:24 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\HLSW
2009-01-05 17:47 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\teamspeak2
2008-12-28 12:12 --------- d--h--w c:\documents and settings\CeLeS\Dane aplikacji\ijjigame
2008-12-28 08:55 85,504 --sh--r c:\windows\system32\vbsdfe1.dll
2008-12-18 10:04 --------- d-----w c:\program files\Nero
2008-12-14 15:20 --------- d-----w c:\program files\Windows Sidebar
2008-12-14 15:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 18:49 --------- d-----w c:\program files\NAPI-PROJEKT
2008-12-06 16:21 104,421 --sh--r C:\6fnlpetp.exe
2008-12-02 17:43 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\NPLUTO Corporation
2008-12-02 14:59 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Hamachi
2008-12-02 05:34 --------- d-----w c:\program files\Damian Pasternak
2008-11-28 22:16 --------- d-----w c:\program files\RivaTuner v2.20
2008-11-28 16:25 105,411 --sh--r C:\o1.com
2008-11-25 17:54 --------- d-----w c:\program files\Real Alternative
2008-11-25 17:29 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-25 17:25 --------- d-----w c:\program files\OpenSource Flash Video Splitter
2008-11-25 17:23 --------- d-----w c:\program files\Combined Community Codec Pack
2008-11-25 09:41 --------- d-----w c:\documents and settings\Gość.CELES-NEXT\Dane aplikacji\Logitech
2008-11-24 18:37 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\IJJIGame
2008-11-24 17:31 --------- d-----w c:\program files\Creative
2008-11-23 20:44 --------- d-----w c:\program files\FLVPlayer4Free
2008-11-23 20:40 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles
2008-11-23 20:33 --------- d-----w c:\program files\Common Files\SWF Studio
2008-11-23 20:08 --------- d-----w c:\program files\XP Codec Pack
2008-11-23 19:53 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-23 19:29 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-23 19:29 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-11-23 19:29 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-23 19:27 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Logitech
2008-11-23 19:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\LogiShrd
2008-11-23 19:23 --------- d-----w c:\program files\Java
2008-11-23 19:17 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero
2008-11-23 19:00 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-23 18:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Sony Corporation
2008-11-23 18:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Notepad++
2008-11-23 18:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Media Player Classic
2008-11-23 18:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Logitech
2008-11-23 18:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Leadertech
2008-11-23 18:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\InstallShield
2008-11-23 18:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\FLVPlayer4Free
2008-11-23 18:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\DAEMON Tools
2008-11-23 18:49 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Ahead
2008-11-23 18:48 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Winamp
2008-11-23 18:48 --------- d-----w c:\documents and settings\CeLeS\Dane aplikacji\Ventrilo
2008-11-20 22:12 --------- d-----w c:\program files\Mal Updater
2008-11-19 15:00 4,224 ----a-w c:\windows\system32\drivers\NVStrap.sys
2008-11-17 17:01 --------- d-----w c:\program files\Hamachi
2008-11-10 22:33 108,271 --sh--r C:\whi.com
2008-11-09 03:02 110,013 --sh--r C:\sq.com
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-12-21 16:38 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Steam"="e:\program files\valve\steam\steam.exe" [2009-01-02 1410296]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2000-05-11 205312]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"GammaAdjuster"="c:\documents and settings\CeLeS\Moje dokumenty\Downloads\GammaAdjuster.exe" [2009-01-12 191488]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
"C-Media Mixer"="Mixer.exe" [2002-01-28 c:\windows\mixer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-05 784912]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2004-08-03 78848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 10:10 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.ac3filter"= ac3filter.acm
"aux"= ctwdm32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^CeLeS^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=c:\documents and settings\CeLeS\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
-r-hs---- 2009-01-17 12:27 110003 c:\windows\system32\olhrwef.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-11-23 19:51 133104 c:\documents and settings\CeLeS\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-03-09 15:29 7561216 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-03-09 15:29 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-03-09 15:29 1519616 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"e:\\Program Files\\HLSW\\hlsw.exe"=
"e:\\cs\\hl.exe"=
"e:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"e:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"e:\\cs\\hlds.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\aslan01\\counter-strike\\hl.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"e:\\Program Files\\DriftCity\\DriftCity.exe"=
"e:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"e:\\cs\\hltv.exe"=
"e:\\Program Files\\Valve\\Steam\\GameOverlayUI.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008-11-28 4224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028acf90-e40a-11dd-b10e-0050bf06b67d}]
\Shell\AutoRun\command - H:\abk.bat
\Shell\explore\Command - H:\abk.bat
\Shell\open\Command - H:\abk.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19fece80-c203-11dd-b0ac-0050bf06b67d}]
\Shell\AutoRun\command - H:\rcukd.cmd
\Shell\explore\Command - H:\rcukd.cmd
\Shell\open\Command - H:\rcukd.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{745ab6f0-d10a-11dd-b0d7-0050bf06b67d}]
\Shell\AutoRun\command - H:\iqe68o.bat
\Shell\explore\Command - H:\iqe68o.bat
\Shell\open\Command - H:\iqe68o.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ff63020-d029-11dd-b0d4-0050bf06b67d}]
\Shell\AutoRun\command - H:\2u.com
\Shell\explore\Command - H:\2u.com
\Shell\open\Command - H:\2u.com
.
Zawartość folderu 'Zaplanowane zadania'
2009-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1580818891-1957994488-1003.job
- c:\documents and settings\CeLeS\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2008-11-23 19:51]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKCU-Run-vamsoft - c:\windows\system32\vamsoft.exe
HKCU-Run-kamsoft - c:\windows\system32\kamsoft.exe
HKCU-Run-Icon Phile - c:\docume~1\CeLeS\USTAWI~1\Temp\Rar$EX22.998\Iphile.exe
MSConfigStartUp-Icon Phile - c:\docume~1\CeLeS\USTAWI~1\Temp\Rar$EX22.998\Iphile.exe
MSConfigStartUp-kamsoft - c:\windows\system32\kamsoft.exe
MSConfigStartUp-vamsoft - c:\windows\system32\vamsoft.exe
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 12:58:56
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(892)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\devldr32.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-01-17 13:02:48 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-01-17 12:02:45
Przed: 962 502 656 bajtów wolnych
Po: 1,015,287,808 bajtów wolnych
328
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:11, on 2009-01-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Documents and Settings\CeLeS\Moje dokumenty\Downloads\GammaAdjuster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
E:\Program Files\Valve\Steam\Steam.exe
e:\program files\valve\steam\steamapps\aslan01\counter-strike\hl.exe
E:\Program Files\Valve\Steam\GameOverlayUI.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\ddr.exe
C:\WINDOWS\system32\ddr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GammaAdjuster] C:\Documents and Settings\CeLeS\Moje dokumenty\Downloads\GammaAdjuster.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "e:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4566 bytes
nie chce robic formata wiec prosilbym o pomoc
pozdrawiam i z gory dziekuje ;*
oraz skasuj folder C:\