Proszę o sprawdzenie loga z góry dziekuje:]

[zagata]

ComboFix 09-02-17.02 - ola 2009-02-18 21:24:17.1 - NTFSx86
Uruchomiony z: c:\documents and settings\ola\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-18 do 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-18 19:33 . 2009-02-18 19:33 <DIR> d-------- c:\program files\Alcohol Soft
2009-02-18 19:33 . 2004-04-30 09:37 160,640 --a------ c:\windows\system32\drivers\a347bus.sys
2009-02-18 19:33 . 2004-04-30 09:33 5,248 --a------ c:\windows\system32\drivers\a347scsi.sys
2009-02-18 19:31 . 2009-02-18 19:31 <DIR> d-------- c:\program files\Common Files\Ahead
2009-02-18 19:31 . 2009-02-18 19:31 <DIR> d-------- c:\program files\Ahead
2009-02-18 19:31 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-02-18 19:31 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-02-18 19:31 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-02-18 19:31 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-02-18 19:31 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-02-18 19:31 . 2001-07-09 10:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-02-18 19:31 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2009-02-18 19:31 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-02-18 19:31 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2009-02-18 19:30 . 2009-02-18 19:30 <DIR> d-------- c:\program files\Yahoo!
2009-02-18 19:28 . 2009-02-18 19:28 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-02-18 19:27 . 2001-03-08 18:30 24,064 --------- c:\windows\system32\msxml3a.dll
2009-02-18 19:26 . 2009-02-18 19:27 <DIR> d-------- c:\program files\CyberLink
2009-02-18 19:26 . 2003-03-18 20:14 499,712 --------- c:\windows\system32\msvcp71.dll
2009-02-18 18:42 . 2009-02-18 18:42 <DIR> d-------- c:\program files\Google
2009-02-18 18:41 . 2009-02-18 18:41 <DIR> d-------- c:\program files\IrfanView
2009-02-18 18:38 . 2009-02-18 18:38 <DIR> d-------- c:\documents and settings\ola\Dane aplikacji\skypePM
2009-02-18 18:38 . 2009-02-18 18:38 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-02-18 18:36 . 2009-02-18 18:36 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-02-18 18:31 . 2009-02-18 18:31 <DIR> dr------- c:\program files\Skype
2009-02-18 18:31 . 2009-02-18 18:31 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-18 18:31 . 2009-02-18 21:19 <DIR> d-------- c:\documents and settings\ola\Dane aplikacji\Skype
2009-02-18 18:31 . 2009-02-18 18:31 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-18 18:29 . 2009-02-18 18:31 <DIR> d-------- c:\documents and settings\ola\Dane aplikacji\Nowe Gadu-Gadu
2009-02-18 18:28 . 2009-02-18 18:29 <DIR> d-------- c:\program files\Nowe Gadu-Gadu
2009-02-18 18:21 . 2009-02-18 18:21 <DIR> d-------- c:\program files\MarBit
2009-02-18 18:00 . 2009-02-18 18:00 0 --a------ c:\windows\nsreg.dat
2009-02-18 16:59 . 2009-02-18 17:09 <DIR> d-------- c:\program files\SkanerOnline
2009-02-18 16:54 . 2009-02-18 21:25 <DIR> d--h----- c:\documents and settings\kasia\Ustawienia lokalne
2009-02-18 16:54 . 2009-02-17 09:48 <DIR> d-------- c:\documents and settings\kasia\Ulubione
2009-02-18 16:54 . 2009-02-17 08:55 <DIR> d--h----- c:\documents and settings\kasia\Szablony
2009-02-18 16:54 . 2009-02-17 09:48 <DIR> d-------- c:\documents and settings\kasia\Pulpit
2009-02-18 16:54 . 2009-02-17 09:48 <DIR> d-------- c:\documents and settings\kasia\Moje dokumenty
2009-02-18 16:54 . 2009-02-17 09:48 <DIR> dr------- c:\documents and settings\kasia\Menu Start
2009-02-18 16:54 . 2009-02-17 09:48 <DIR> dr-h----- c:\documents and settings\kasia\Dane aplikacji
2009-02-18 16:54 . 2009-02-18 16:54 <DIR> d-------- c:\documents and settings\kasia
2009-02-18 16:45 . 2009-02-18 17:10 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-18 16:45 . 2009-02-18 16:58 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-02-18 03:42 . 2006-10-05 19:26 24,072 --a------ c:\windows\system32\uxtuneup.dll
2009-02-18 03:41 . 2009-02-18 17:10 <DIR> d-------- c:\program files\TuneUp Utilities 2006
2009-02-18 03:41 . 2009-02-18 03:41 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-18 03:41 . 2009-02-18 03:41 <DIR> d-------- c:\documents and settings\ola\Dane aplikacji\TuneUp Software
2009-02-18 03:41 . 2009-02-18 03:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2009-02-18 03:38 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2009-02-18 03:38 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2009-02-18 03:37 . 2009-02-18 03:37 <DIR> d-------- c:\program files\ESET
2009-02-18 03:37 . 2009-02-18 03:37 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ESET

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 18:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 08:14 --------- d-----w c:\program files\muvee Technologies
2009-02-17 08:14 --------- d-----w c:\program files\Common Files\muvee Technologies
2009-02-17 08:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\muvee Technologies
2009-02-17 08:12 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-17 08:10 --------- d-----w c:\program files\VDOTool
2009-02-17 08:08 --------- d-----w c:\program files\Realtek
2009-02-17 08:07 315,392 ----a-w c:\windows\HideWin.exe
2009-02-17 08:07 --------- d-----w c:\program files\AMD
2009-02-17 08:05 --------- d-----w c:\documents and settings\ola\Dane aplikacji\InstallShield
2009-02-17 07:58 --------- d-----w c:\program files\microsoft frontpage
2009-02-17 07:56 --------- d-----w c:\program files\Usługi online
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-01-21 16:11 473,600 ----a-w c:\windows\system32\SkanerOnline.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-16 9302632]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\VDOTool\TBPanel.exe" [2008-01-29 2157096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-01-08 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]


--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - A347SCSI
*Deregistered* - a347bus
*Deregistered* - a347scsi
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - eamon
*Deregistered* - easdrv
*Deregistered* - ekrn
*Deregistered* - epfwtdir
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RichVideo
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - TBPanel
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - Update
*Deregistered* - UxTuneUp
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:09]
.
.
------- Skan uzupełniający -------
.
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\ola\Dane aplikacji\Mozilla\Firefox\Profiles\7w83w18k.default\
FF - prefs.js: browser.startup.homepage - onet.pl
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 21:25:11
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


c:\documents and settings\ola\Dane aplikacji\Skype\lajpusia\main.db-journal 41552 bytes

skanowanie pomyślnie ukończone
ukryte pliki: 1

**************************************************************************
.
Czas ukończenia: 2009-02-18 21:25:57
ComboFix-quarantined-files.txt 2009-02-18 20:25:55

Przed: 37 320 364 032 bajtów wolnych
Po: 37,330,763,776 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

258

[wojtas]

zmień nazwe tematu ,prosze opisac problem oraz prosze objąć log w tagi