Z góry wszytkim osobom ktore sa zainteresowane i mi pomoga Bardzo Dziękuje 
ComboFix 08-07-23.5 - Domownicy 2008-07-24 13:37:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1652 [GMT 2:00]
Running from: C:\Documents and Settings\Domownicy\Moje dokumenty\ComboFix.exe
Command switches used :: C:\Documents and Settings\Domownicy\Moje dokumenty\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\Temp\CTun.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.
2008-07-21 16:24 . 2008-07-21 16:24 <DIR> d-------- C:\Documents and Settings\Domownicy\Dane aplikacji\skypePM
2008-07-21 16:23 . 2008-07-21 20:31 <DIR> d-------- C:\Documents and Settings\Domownicy\Dane aplikacji\Skype
2008-07-21 16:03 . 2008-07-21 16:03 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-21 16:03 . 2008-07-21 16:03 <DIR> d-------- C:\Documents and Settings\Domownicy\Dane aplikacji\Lavasoft
2008-07-21 16:02 . 2008-07-21 16:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-21 15:25 . 2008-07-21 15:25 <DIR> d-------- C:\Themes
2008-07-21 15:08 . 2008-07-21 15:18 <DIR> d-------- C:\Documents and Settings\Domownicy\Dane aplikacji\Winamp
2008-07-21 14:53 . 2008-07-21 19:37 <DIR> d-------- C:\Documents and Settings\Domownicy\Gadu-Gadu
2008-07-21 14:39 . 2008-07-21 14:39 <DIR> d-------- C:\Documents and Settings\Domownicy\Dane aplikacji\DivX
2008-07-21 14:34 . 2008-06-14 16:11 <DIR> d--h----- C:\Documents and Settings\Domownicy\Ustawienia lokalne
2008-07-21 14:34 . 2008-07-21 14:34 <DIR> dr------- C:\Documents and Settings\Domownicy\Ulubione
2008-07-21 14:34 . 2008-06-14 14:16 <DIR> d--h----- C:\Documents and Settings\Domownicy\Szablony
2008-07-21 14:34 . 2008-07-24 13:37 <DIR> d-------- C:\Documents and Settings\Domownicy\Pulpit
2008-07-21 14:34 . 2008-07-24 13:37 <DIR> dr------- C:\Documents and Settings\Domownicy\Moje dokumenty
2008-07-21 14:34 . 2008-07-21 14:53 <DIR> dr------- C:\Documents and Settings\Domownicy\Menu Start
2008-07-21 14:34 . 2008-07-21 16:24 <DIR> dr-h----- C:\Documents and Settings\Domownicy\Dane aplikacji
2008-07-21 14:34 . 2008-07-23 22:27 <DIR> d-------- C:\Documents and Settings\Domownicy
2008-07-21 14:28 . 2006-03-02 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-21 14:27 . 2008-07-21 14:27 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-21 14:27 . 2008-07-21 14:27 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-21 14:27 . 2008-07-21 14:27 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-21 14:27 . 2008-07-21 14:27 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-21 14:27 . 2008-07-21 14:27 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-21 13:00 . 2008-07-21 13:02 <DIR> d-------- C:\Documents and Settings\User\.gimp-2.4
2008-07-21 12:59 . 2008-07-21 12:59 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-07-21 12:40 . 2008-07-21 16:03 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Lavasoft
2008-07-21 12:30 . 2008-07-21 15:05 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-07-21 12:29 . 2008-07-21 15:04 <DIR> d-------- C:\WINDOWS\Packs
2008-07-20 15:54 . 2008-07-20 16:02 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\skypePM
2008-07-20 15:54 . 2008-07-20 15:54 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-20 15:43 . 2008-07-20 15:43 <DIR> d-------- C:\Program Files\Skype
2008-07-20 15:43 . 2008-07-20 15:43 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-20 15:43 . 2008-07-20 20:42 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Skype
2008-07-20 15:43 . 2008-07-20 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-18 17:40 . 2008-07-18 20:03 18,334 --a------ C:\WINDOWS\setupapi.old
2008-07-16 15:26 . 2008-07-16 15:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-16 15:19 . 2008-07-16 15:19 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\TuneUp Software
2008-07-16 13:48 . 2008-07-18 17:35 <DIR> d-------- C:\Documents and Settings\User\DoctorWeb
2008-07-16 13:06 . 2008-07-16 13:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion
2008-07-16 12:51 . 2008-07-16 12:51 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-16 12:51 . 2008-07-16 12:52 <DIR> d-------- C:\Program Files\CCleaner
2008-07-15 14:22 . 2006-10-25 14:17 <DIR> d-------- C:\Documents and Settings\User\Support
2008-07-15 14:22 . 2006-10-25 14:17 <DIR> d-------- C:\Documents and Settings\User\DirectX
2008-07-15 14:22 . 2008-07-18 17:38 <DIR> d-------- C:\Documents and Settings\User\AutoRun
2008-07-15 14:22 . 2006-10-25 14:17 380,928 --a------ C:\Documents and Settings\User\server.dll
2008-07-15 14:22 . 2006-10-25 14:17 22,016 --a------ C:\Documents and Settings\User\setup.exe
2008-07-15 14:21 . 2006-10-25 14:17 625,035,295 --a------ C:\Documents and Settings\User\0compressed.zip
2008-07-15 14:21 . 2006-10-25 14:17 7,577,600 --a------ C:\Documents and Settings\User\nfsc_demo.exe
2008-07-15 14:21 . 2006-10-25 14:17 720,896 --a------ C:\Documents and Settings\User\EAInstall.dll
2008-07-15 14:21 . 2006-10-25 14:17 569,344 --a------ C:\Documents and Settings\User\AutoRun.exe
2008-07-15 14:21 . 2006-10-25 14:17 528,384 --a------ C:\Documents and Settings\User\AutoRunGUI.dll
2008-07-15 14:21 . 2006-10-25 14:17 499,712 --a------ C:\Documents and Settings\User\msvcp71.dll
2008-07-15 14:21 . 2006-10-25 14:17 348,160 --a------ C:\Documents and Settings\User\msvcr71.dll
2008-07-15 14:21 . 2006-10-25 14:17 253,952 --a------ C:\Documents and Settings\User\eauninstall.exe
2008-07-15 14:21 . 2006-10-25 14:17 53,248 --a------ C:\Documents and Settings\User\nfs_inst.exe
2008-07-15 14:21 . 2006-10-25 14:17 258 --a------ C:\Documents and Settings\User\dat.bin
2008-07-15 11:04 . 1998-10-29 19:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-15 11:03 . 2008-07-15 11:11 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-07-15 11:02 . 2002-04-19 13:24 15,749,120 -ra------ C:\WINDOWS\UnWSetup.exe
2008-07-15 10:58 . 2008-07-15 19:43 <DIR> d-------- C:\Program Files\Outbreak
2008-07-15 10:57 . 2008-07-15 10:57 53,248 --a------ C:\WINDOWS\unrar.dll
2008-07-15 09:20 . 2008-07-15 09:20 <DIR> d-------- C:\WINDOWS\Cache
2008-07-14 07:39 . 2008-07-15 08:44 <DIR> d-------- C:\Program Files\Offroad
2008-07-10 21:39 . 2008-07-17 21:56 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\OpenOffice.org2
2008-07-10 21:38 . 2008-07-10 21:38 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-07-10 21:38 . 2008-07-11 08:36 <DIR> d-------- C:\Program Files\Java
2008-07-10 21:38 . 2008-07-10 21:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-10 21:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-01 20:33 . 2008-07-14 10:55 <DIR> d-------- C:\Program Files\Winamp Remote
2008-07-01 20:33 . 2008-07-01 20:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-07-01 20:26 . 2008-07-01 20:41 <DIR> d-------- C:\Program Files\Winamp
2008-07-01 20:26 . 2008-07-01 20:42 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\Winamp
2008-06-30 11:58 . 2008-06-30 11:58 <DIR> d-------- C:\Program Files\AC3Filter
2008-06-26 09:12 . 2008-07-21 14:53 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-06-25 11:55 . 2008-06-26 10:11 <DIR> d-------- C:\Documents and Settings\User\Dane aplikacji\DivX
2008-06-25 11:54 . 2008-07-18 14:11 <DIR> d-------- C:\Program Files\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 13:55 --------- d-----w C:\Program Files\Valve
2008-07-21 13:05 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-16 12:09 --------- d-----w C:\Program Files\BearShare
2008-07-15 09:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-15 06:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 18:44 --------- d-----w C:\Program Files\Delix
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-16 18:06 --------- d-----w C:\Program Files\Samsung ML-2010 Series
2008-06-16 17:51 --------- d-----w C:\Program Files\Samsung
2008-06-14 18:49 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu
2008-06-14 18:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-14 13:43 --------- d-----w C:\Program Files\Alwil Software
2008-06-14 13:35 --------- d-----w C:\Program Files\Opera
2008-06-14 12:28 16,376 ----a-w C:\WINDOWS\gdrv.sys
2008-06-14 12:28 --------- d-----w C:\Program Files\Realtek
2008-06-14 12:28 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\InstallShield
2008-06-14 12:26 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-14 12:24 --------- d-----w C:\Program Files\Intel
2008-06-14 12:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-14 12:18 --------- d-----w C:\Program Files\Usługi online
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:22 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
------- Sigcheck -------
2006-03-02 14:00 1136640 df73d053c0dc78b09339bef1f9619b77 C:\WINDOWS\system32\WININET.DLL
2006-03-02 14:00 1136640 df73d053c0dc78b09339bef1f9619b77 C:\WINDOWS\system32\dllcache\wininet.dll
2006-03-02 14:00 2712576 188254d06439ecefd0d6ec5832aa9b26 C:\WINDOWS\explorer.exe
2006-03-02 14:00 2712576 188254d06439ecefd0d6ec5832aa9b26 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 15:03 2396160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-07 01:00 8523776]
"Samsung Common SM"="C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 09:20 372736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-07 01:00 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"SkyTel"="SkyTel.EXE" [2007-08-03 07:22 1826816 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-11-07 01:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 12:14 16844800 C:\WINDOWS\RTHDCPL.exe]
C:\Documents and Settings\User\Start Menu\Programs\Startup\
Y'z Toolbar.lnk - C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2008-07-21 15:05:26 90112]
[HKLM\~\startupfolder\C:^Documents and Settings^Domownicy^Menu Start^Programy^Autostart^Y'z Toolbar.lnk]
path=C:\Documents and Settings\Domownicy\Menu Start\Programy\Autostart\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup
[HKLM\~\startupfolder\^nfsc_demo.exe]
path=\nfsc_demo.exe
backup=C:\WINDOWS\pss\nfsc_demo.exeCommon Startup
[HKLM\~\startupfolder\^NFS_icon.ico]
path=\NFS_icon.ico
backup=C:\WINDOWS\pss\NFS_icon.icoCommon Startup
[HKLM\~\startupfolder\^nfs_inst.exe]
path=\nfs_inst.exe
backup=C:\WINDOWS\pss\nfs_inst.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 17:04 3313664 C:\Program Files\BearShare\BearShare.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2006-02-17 15:03 2396160 C:\Program Files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-24 11:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 13:38:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-24 13:38:33
ComboFix-quarantined-files.txt 2008-07-24 11:38:30
ComboFix2.txt 2008-07-16 07:09:35
Pre-Run: 85,482,913,792 bajtów wolnych
Post-Run: 85,600,972,800 bajtów wolnych
200
