dzięki za pomoc i pomoc utrapionej kobiecie 
DDS.log
DDS (Ver_09-05-14.01) - NTFSx86
Run by Uľytkownik at 19:31:15,76 on 2009-05-29
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.onet.pl/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [avast!] c:\progra~1\avast\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [00PCTFW] “c:\program files\pc tools firewall plus\FirewallGUI.exe” -s
mRun: [iSTray] “c:\program files\spyware doctor\pctsTray.exe”
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoPrinters = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-explorer: NoThemesTab = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - c:\windows\system32\proxypal.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\httrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta … s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta … s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta … s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta … s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta … s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta … s-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\uytkow~1\appdata\roaming\mozilla\firefox\profiles\prhdws2z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as … ource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://onet.pl/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\użytkownik\appdata\roaming\mozilla\firefox\profiles\prhdws2z.default\extensions{59385f95-c52f-4a84-b674-4a4206b17218}\components\FFAlert.dll
FF - component: c:\users\użytkownik\appdata\roaming\mozilla\firefox\profiles\prhdws2z.default\extensions{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\użytkownik\appdata\roaming\mozilla\firefox\profiles\prhdws2z.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: network.prefetch-next - false
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-05-29 16:14
2009-05-29 16:14
2009-05-23 15:08
2009-05-22 21:00
2009-05-22 21:00
2009-05-22 21:00 20,086,816 a–sh— c:\windows\system32\drivers\fidbox.dat
2009-05-22 21:00 174,992 a–sh— c:\windows\system32\drivers\fidbox.idx
2009-05-22 20:59 148,496 a------- c:\windows\system32\drivers\04909655.sys
2009-05-22 20:59
2009-05-22 18:25
2009-05-22 10:14
2009-05-19 20:28 0 a------- c:\windows\NtRegEdit.INI
2009-05-19 16:16
2009-05-19 16:15
2009-05-19 08:50
2009-05-19 08:42
2009-05-18 16:19
2009-05-18 13:07
2009-05-16 20:05
2009-05-16 19:08
2009-05-16 19:08
2009-05-16 10:39
2009-05-16 10:39
2009-05-16 09:49
2009-05-15 10:17
2009-05-15 09:37 45 ----h— c:\windows\dsys2329.dat
2009-05-15 09:36
2009-05-11 16:05
2009-05-11 16:04
2009-05-11 13:16
2009-05-08 14:38
2009-05-06 06:59 213,504 a------- c:\windows\system32\libssl32.dll
2009-05-06 06:59 1,077,760 a------- c:\windows\system32\libeay32.dll
2009-05-06 06:59
2009-05-05 16:36
2009-05-05 16:36
2009-04-30 11:20
2009-04-29 22:06
2009-04-29 22:04
==================== Find3M ====================
2009-05-29 19:29 4,456,448 a------- c:\users\użytkownik\NTUSER.DAT
2009-05-29 19:01 43,034 a------- c:\programdata\nvModes.dat
2009-05-29 19:01 43,034 a------- c:\progra~2\nvModes.dat
2009-05-21 14:29 491,188 a------- c:\windows\system32\perfh015.dat
2009-05-21 14:29 295,350 a------- c:\windows\system32\perfc015.dat
2009-05-19 06:41 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-28 09:40 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-21 19:11 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-21 19:10 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-19 19:19 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-19 19:19 86,016 a------- c:\windows\inf\infstor.dat
2009-04-19 19:19 51,200 a------- c:\windows\inf\infpub.dat
2009-04-03 13:39 78,622 a------- c:\windows\dwreng4.dat
2009-03-25 15:50 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-17 05:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 05:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 05:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-08 13:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 13:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 13:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 13:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 13:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 13:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 13:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 13:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 13:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 13:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 13:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 13:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 13:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 13:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 13:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 13:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 13:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 13:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-05 12:12 434,688 a------- c:\windows\system32\ss2uinst.exe
2008-10-24 18:08 28,314 a------- c:\users\uytkow~1\appdata\roaming\nvModes.dat
2008-08-19 10:57 174 a–sh— c:\program files\desktop.ini
2008-08-19 10:45 665,600 a------- c:\windows\inf\drvindex.dat
2006-12-05 07:18 332,832 a------- c:\windows\inf\perflib\0415\perfi.dat
2006-12-05 07:18 332,832 a------- c:\windows\inf\perflib\0415\perfh.dat
2006-12-05 07:18 37,468 a------- c:\windows\inf\perflib\0415\perfd.dat
2006-12-05 07:18 37,468 a------- c:\windows\inf\perflib\0415\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-02 19:36 16 a–sh— c:\windows\sminst\HPCD.sys
2006-05-03 12:06 163,328 —shr-- c:\windows\system32\flvDX.dll
2007-02-21 13:47 31,232 —shr-- c:\windows\system32\msfDX.dll
2008-03-16 15:30 216,064 —shr-- c:\windows\system32\nbDX.dll
2008-10-10 11:54 16,384 a–sh— c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2008-10-10 11:54 32,768 a–sh— c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008101020081011\index.dat
============= FINISH: 19:34:02,40 ===============
– Dodane 29.05.2009 (Pt) 19:49 –
log z catchme
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 19:32:14
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes …
scanning hidden services & system hive …
scanning hidden registry entries …
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
“Galera CoruDa 2008 by Lage EXT NRM (TrueType)”=“GALECLER.TTF”
“Galera CoruDa 2008 by Lage EXT NRM Italic (TrueType)”=“GALECLEI.TTF”
"Philom
ne & Ephrem Normalny (TrueType)"=“PhilomeneEphrem.ttf”
scanning hidden files …
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0