proszę o sprawdzenie loga

[breidak]

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 23:24:05, on 2008-01-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
E:\c\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: load=c:\progra~1\Slownik\watch.exe
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [RecSche] c:\program files\LifeView FlyVideo\RecSche.exe /Startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/InstFred.ocx
O16 - DPF: {4E60ADAF-99BE-4F86-A959-3546C78A0E38} (PLCam Control) - http://m35_kamera1.mech.pk.edu.pl/classes/PLCam.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188209208302
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/AcDcToday.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/InstBanr.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/AcPreview.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



Otwieram "mój komputer" i nie mogę otworzyć żadnego dysku. Wyskakuje wyszukiwanie pliku a nie zawartość danego dysku. Mogę tylko zrobić to za pomocą prawego przycisku i otwórz. Za pomoc dziękuję.

Własnie zauwazyłem, że moja główna strona INTERIA, ma w górnym pasku przeglądrki opis "INTERIA.PL - Las Vegas w śród portali - Hacked by Godzilla". Czy ta końcówka jest ok? bo jakoś sobie nie przypominam, żeby była.

[Dzi@dek]

Tak na dzień dobry jeszcze log z combofix.
http://www.programosy.pl/program,combofix.html

[breidak]

Log z Combo

Kod: Zaznacz wszystko

ComboFix 08-01-09.2 - Guzowscy 2008-01-08 23:52:07.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.39 [GMT 1:00]Running from: C:\Documents and Settings\Guzowscy\Pulpit\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\MS32DLL.dll.vbs
C:\WINDOWS\MS32DLL.dll.vbs
D:\Autorun.inf
D:\MS32DLL.dll.vbs
E:\Autorun.inf
E:\MS32DLL.dll.vbs
F:\Autorun.inf
F:\MS32DLL.dll.vbs

.
(((((((((((((((((((((((((   Files Created from 2007-12-09 to 2008-01-09  )))))))))))))))))))))))))))))))
.

2008-01-08 23:50 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-01-08 23:04 . 2007-08-27 10:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-01-08 20:22 . 2008-01-08 20:22   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 20:22 . 2008-01-08 20:22   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-01-08 18:11 . 2008-01-08 18:24   <DIR>   d--------   C:\Program Files\SkanerOnline
2008-01-08 15:34 . 2007-06-05 10:56   44,928   --a------   C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-28 23:58 . 2007-12-28 23:58   <DIR>   d--------   C:\Program Files\Unitronics
2007-12-28 23:58 . 2007-12-28 23:58   <DIR>   d--------   C:\Program Files\Common Files\Unitronics
2007-12-28 23:58 . 2000-10-02 12:27   125,712   --a------   C:\WINDOWS\system32\VB6DE.DLL
2007-12-28 23:58 . 1998-04-24 00:00   123,664   --a------   C:\WINDOWS\system32\MSJINT35.DLL
2007-12-28 23:58 . 2006-10-18 15:29   102,400   --a------   C:\WINDOWS\system32\wdapi811.dll
2007-12-28 23:58 . 2000-10-02 12:24   102,160   --a------   C:\WINDOWS\system32\VB6JP.DLL
2007-12-28 23:58 . 1998-06-18 00:00   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL
2007-12-28 23:58 . 1998-05-15 00:00   73,184   --a------   C:\WINDOWS\system32\DAO2535.TLB
2007-12-28 23:58 . 1998-04-24 00:00   24,848   --a------   C:\WINDOWS\system32\MSJTER35.DLL
2007-12-10 22:10 . 2008-01-07 23:39   <DIR>   d--------   C:\Program Files\English Translator 3

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 22:54   ---------   d-----w   C:\Documents and Settings\Guzowscy\Dane aplikacji\Skype
2008-01-08 15:01   ---------   d-----w   C:\Program Files\WinSCP3
2008-01-08 15:01   ---------   d-----w   C:\Program Files\Winamp Toolbar
2008-01-08 15:01   ---------   d-----w   C:\Program Files\Winamp
2008-01-08 14:53   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-12-28 22:57   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-01 08:56   ---------   d-----w   C:\Documents and Settings\Guzowscy\Dane aplikacji\Talkback
2007-11-30 23:37   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2007-11-22 14:22   ---------   d-----w   C:\Program Files\VideoLAN
2007-11-22 14:22   ---------   d-----w   C:\Documents and Settings\Guzowscy\Dane aplikacji\vlc
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:44   1,291,264   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28   222,720   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-09-30 20:35   55,280   ----a-w   C:\Documents and Settings\Guzowscy\Dane aplikacji\GDIPFONTCACHEV1.DAT
2004-10-01 13:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06   1135968   --a------   C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 09:26 86016]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45 23120680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-10-25 11:56 61440]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\mouse32a.exe" [2007-08-30 12:15 360448]
"RecSche"="c:\program files\LifeView FlyVideo\RecSche.exe" [2002-12-11 17:00 172032]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

R2 Cap7134;LifeView FlyVideo WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-06-19 17:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84c4d1a0-5be2-11dc-b54c-000c6ee1204f}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 23:57:28
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 23:59:43
ComboFix-quarantined-files.txt  2008-01-09 22:59:13
.
2007-12-12 07:35:24   --- E O F --- 


[Dzi@dek]

Wklej do notatnika:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84c4d1a0-5be2-11dc-b54c-000c6ee1204f}]

Plik - zapisz jako - FIX.REG
Klikasz dwukrotnie w powstały plik i potwierdzasz dodanie do rejestru.

W hijackthis usuń wpis

O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs

Reszta wygląda na OK.

[breidak]

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 23:09:51, on 2008-01-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Browser Mouse\mouse32a.exe
C:\program files\LifeView FlyVideo\RecSche.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LifeView FlyVideo\HDTVPCI.EXE
C:\Program Files\Internet Explorer\iexplore.exe
E:\c\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [RecSche] c:\program files\LifeView FlyVideo\RecSche.exe /Startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/InstFred.ocx
O16 - DPF: {4E60ADAF-99BE-4F86-A959-3546C78A0E38} (PLCam Control) - http://m35_kamera1.mech.pk.edu.pl/classes/PLCam.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188209208302
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/AcDcToday.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE56372C-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/InstBanr.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%20LT%202002%20Plk/AcPreview.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



Witam, problem dlaje jest. tego
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs

nie ma w logu co pokazuję wyżej. Dalej nie mogę otweirać folderów na dysku, wyrzuca mi wyszukiwarkę.

[Dzi@dek]

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuć zawartość pliku Report.txt + log z combofixa

[breidak]

Kod: Zaznacz wszystko


SDFix: Version 1.125

Run by Guzowscy on 2008-01-10 at 23:35

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 23:39:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Thu 25 Oct 2007           848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 27 Aug 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun  1 Jul 2007       741,376 A.SH. --- "C:\Documents and Settings\Guzowscy\Pulpit\Foto\SIV16.tmp"
Sat 25 Aug 2007     1,372,160 A.SH. --- "C:\Documents and Settings\Guzowscy\Pulpit\Foto\SIVD.tmp"
Wed 12 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT7.tmp"
Wed 12 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\243d2aaf5ff8e39b62f16b2a566918fb\BIT5.tmp"
Wed 12 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT9.tmp"
Wed 12 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\853e0b70ea7110340ec607fe469d0b7d\BIT6.tmp"
Wed 12 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT8.tmp"
Mon 27 Aug 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c636f36b2a084e07ecb5cf11b488b148\BIT28.tmp"
Wed 12 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITA.tmp"
Mon 27 Aug 2007       156,804 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f9a86bbc0294618e780cd186dcfdb1b9\BIT26.tmp"

Finished!


powyżej kod z sfx. pytanie czy combo mam robić w trybie awaryjnym?

[ Dodano: Dzisiaj o 23:59 ]

Kod: Zaznacz wszystko

ComboFix 08-01-09.2 - Guzowscy 2008-01-10 23:51:04.2 - NTFSx86
Running from: C:\Documents and Settings\Guzowscy\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-12-10 to 2008-01-10  )))))))))))))))))))))))))))))))
.

2008-01-10 23:33 . 2008-01-10 23:34   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-01-08 23:50 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2008-01-08 23:04 . 2008-01-09 23:59   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-01-08 23:04 . 2007-08-27 10:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-01-08 23:04 . 2007-08-27 12:10   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-01-08 20:22 . 2008-01-08 20:22   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-01-08 20:22 . 2008-01-08 20:22   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-01-08 18:11 . 2008-01-08 18:24   <DIR>   d--------   C:\Program Files\SkanerOnline
2008-01-08 15:34 . 2007-06-05 10:56   44,928   --a------   C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-28 23:58 . 2007-12-28 23:58   <DIR>   d--------   C:\Program Files\Unitronics
2007-12-28 23:58 . 2007-12-28 23:58   <DIR>   d--------   C:\Program Files\Common Files\Unitronics
2007-12-28 23:58 . 2000-10-02 12:27   125,712   --a------   C:\WINDOWS\system32\VB6DE.DLL
2007-12-28 23:58 . 1998-04-24 00:00   123,664   --a------   C:\WINDOWS\system32\MSJINT35.DLL
2007-12-28 23:58 . 2006-10-18 15:29   102,400   --a------   C:\WINDOWS\system32\wdapi811.dll
2007-12-28 23:58 . 2000-10-02 12:24   102,160   --a------   C:\WINDOWS\system32\VB6JP.DLL
2007-12-28 23:58 . 1998-06-18 00:00   89,360   --a------   C:\WINDOWS\system32\VB5DB.DLL
2007-12-28 23:58 . 1998-05-15 00:00   73,184   --a------   C:\WINDOWS\system32\DAO2535.TLB
2007-12-28 23:58 . 1998-04-24 00:00   24,848   --a------   C:\WINDOWS\system32\MSJTER35.DLL
2007-12-10 22:10 . 2008-01-07 23:39   <DIR>   d--------   C:\Program Files\English Translator 3

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 22:50   ---------   d-----w   C:\Documents and Settings\Guzowscy\Dane aplikacji\Skype
2008-01-08 15:01   ---------   d-----w   C:\Program Files\WinSCP3
2008-01-08 15:01   ---------   d-----w   C:\Program Files\Winamp Toolbar
2008-01-08 15:01   ---------   d-----w   C:\Program Files\Winamp
2008-01-08 14:53   ---------   d-----w   C:\Program Files\Gadu-Gadu
2007-12-28 22:57   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-01 08:56   ---------   d-----w   C:\Documents and Settings\Guzowscy\Dane aplikacji\Talkback
2007-11-30 23:37   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2007-11-22 14:22   ---------   d-----w   C:\Program Files\VideoLAN
2007-11-22 14:22   ---------   d-----w   C:\Documents and Settings\Guzowscy\Dane aplikacji\vlc
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:29   723,968   ----a-w   C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44   1,291,264   ----a-w   C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28   222,720   ----a-w   C:\WINDOWS\system32\wmasf.dll
2007-09-30 20:35   55,280   ----a-w   C:\Documents and Settings\Guzowscy\Dane aplikacji\GDIPFONTCACHEV1.DAT
2004-10-01 13:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-01-09_23.58.58,17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-09 00:50:30   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-10 22:34:11   4,284,416   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-10 22:34:12   245,760   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-09 00:50:30   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-10 22:34:03   4,284,416   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-10 22:34:03   245,760   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
- 2006-08-17 12:30:06   723,968   -c--a-w   C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:29:33   723,968   -c--a-w   C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50   359,808   -c--a-w   C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55   360,064   -c--a-w   C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-04-20 11:51:50   359,808   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55   360,064   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-12-02 23:00:06   18,684,536   ----a-w   C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36   17,642,616   ----a-w   C:\WINDOWS\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06   1135968   --a------   C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 09:26 86016]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45 23120680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 19:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-10-25 11:56 61440]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\mouse32a.exe" [2007-08-30 12:15 360448]
"RecSche"="c:\program files\LifeView FlyVideo\RecSche.exe" [2002-12-11 17:00 172032]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

R2 Cap7134;LifeView FlyVideo WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-06-19 17:00]
R3 PhTVTune;LifeView FlyVideo WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-07-16 17:00]
R3 ZSMC303;A4 TECH PC Camera H;C:\WINDOWS\system32\Drivers\usbVM303.sys [2005-10-27 13:34]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 23:53:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 23:54:59
ComboFix-quarantined-files.txt  2008-01-10 22:54:49
ComboFix2.txt  2008-01-09 22:59:43
.
2008-01-09 23:43:53   --- E O F --- 


a o to log o który prosiłeś

[ Dodano: Dzisiaj o 0:23 ]
Poniżęj odpowiedź do problemu

http://www.forum.tweaks.pl/lofiversion/index.php?t14879.html


dzięki wielkie za pomoc

[ Dodano: Dzisiaj o 0:25 ]
nie wiem tylko jak do tego doszło? szukałem na innych forach i najczęściej jest tak, że ktoś bawi się w ustawieniach folderów albo najczęściej tak jak ja spotyka się z tym z zaskoczenia. Pozdrawiam

[wojtas]

w logach jest czysto