Proszę o sprawdzenie loga (komputer wolno chodzi)

[medjarek]

Kod: Zaznacz wszystko

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\setup.ini

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-01-15 do 2009-02-15  )))))))))))))))))))))))))))))))
.

2009-02-15 10:10 . 2009-02-15 10:10   <DIR>   d--------   c:\documents and settings\MADZIA\.gstreamer-0.10
2009-02-14 15:24 . 2009-02-14 15:25   <DIR>   d--------   c:\documents and settings\MADZIA\Dane aplikacji\Nowe Gadu-Gadu
2009-02-14 15:23 . 2009-02-14 15:24   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2009-02-14 15:06 . 2001-10-26 16:57   12,160   --a------   c:\windows\system32\drivers\mouhid.sys
2009-02-14 15:06 . 2001-10-26 16:57   12,160   --a--c---   c:\windows\system32\dllcache\mouhid.sys
2009-02-14 15:06 . 2008-04-14 00:15   10,368   --a------   c:\windows\system32\drivers\hidusb.sys
2009-02-14 15:06 . 2008-04-14 00:15   10,368   --a--c---   c:\windows\system32\dllcache\hidusb.sys
2009-01-31 17:47 . 2008-04-14 00:15   26,368   --a--c---   c:\windows\system32\dllcache\usbstor.sys
2009-01-26 20:57 . 2009-01-26 20:57   <DIR>   d--------   c:\program files\Yahoo!
2009-01-26 15:50 . 2009-01-26 15:50   <DIR>   d--------   c:\program files\AskSBar
2009-01-26 15:50 . 2009-01-26 15:50   249,592   --a------   c:\windows\system32\cssdll32.dll
2009-01-26 15:49 . 2009-01-26 17:30   <DIR>   d--------   c:\program files\COMODO
2009-01-26 15:49 . 2009-01-26 15:49   <DIR>   d--------   c:\documents and settings\MADZIA\Dane aplikacji\Comodo
2009-01-25 22:22 . 2009-02-01 15:27   <DIR>   d--------   c:\documents and settings\MADZIA\Dane aplikacji\Corel
2009-01-25 22:21 . 2009-01-25 22:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Corel
2009-01-25 22:20 . 2009-01-25 22:20   <DIR>   d--------   c:\program files\Common Files\Corel
2009-01-25 22:11 . 2009-02-01 15:28   2,516   --ahs----   c:\windows\system32\KGyGaAvL.sys
2009-01-25 22:11 . 2009-02-01 15:27   88   -r-hs----   c:\windows\system32\667E9A9017.sys
2009-01-25 19:06 . 2008-04-14 22:50   159,232   --a------   c:\windows\system32\ptpusd.dll
2009-01-25 19:06 . 2001-10-26 17:29   5,632   --a------   c:\windows\system32\ptpusb.dll
2009-01-25 19:05 . 2008-04-14 00:15   15,104   --a------   c:\windows\system32\drivers\usbscan.sys
2009-01-25 19:05 . 2008-04-14 00:15   15,104   --a--c---   c:\windows\system32\dllcache\usbscan.sys
2009-01-24 11:11 . 2003-06-19 01:31   17,920   --a------   c:\windows\system32\mdimon.dll
2009-01-24 11:08 . 2009-01-24 11:09   <DIR>   d--------   c:\windows\SHELLNEW
2009-01-24 11:00 . 2009-01-24 11:00   <DIR>   dr-h-----   C:\MSOCache
2009-01-24 10:52 . 2009-02-15 10:13   <DIR>   d--------   c:\program files\ALLPlayer
2009-01-21 23:27 . 2008-12-11 08:38   159,600   --a------   c:\windows\system32\drivers\pctgntdi.sys
2009-01-21 23:27 . 2008-12-11 12:32   132,976   --a------   c:\windows\system32\drivers\PCTCore.sys
2009-01-21 23:27 . 2008-12-11 17:01   95,640   --a------   c:\windows\system32\drivers\pctplfw.sys
2009-01-21 23:27 . 2008-12-11 12:32   73,840   --a------   c:\windows\system32\drivers\PCTAppEvent.sys
2009-01-15 19:29 . 2009-01-15 19:30   <DIR>   d--------   c:\program files\Common Files\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 09:13   ---------   d-----w   c:\program files\NAPI-PROJEKT
2009-02-15 07:29   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-28 13:14   ---------   d-----w   c:\program files\PC Tools Firewall Plus
2009-01-25 21:09   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-21 22:28   ---------   d-----w   c:\program files\Common Files\PC Tools
2009-01-12 10:14   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-01-12 10:05   ---------   d-----w   c:\program files\Spybot - Search & Destroy
2009-01-03 09:13   ---------   d-----w   c:\program files\ffdshow
2008-12-28 12:49   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2008-12-26 20:18   ---------   d-----w   c:\documents and settings\MADZIA\Dane aplikacji\uTorrent
2008-12-17 16:36   ---------   d-----w   c:\program files\ZTE ZXDSL 852
2008-12-17 16:36   ---------   d-----w   c:\program files\Orange
2008-12-16 15:08   ---------   d-----w   c:\documents and settings\MADZIA\Dane aplikacji\Gadu-Gadu
2008-12-16 13:08   ---------   d-----w   c:\documents and settings\MADZIA\Dane aplikacji\PCToolsFirewallPlus
2008-12-16 12:46   ---------   d-----w   c:\program files\Alwil Software
2008-12-16 09:35   ---------   d-----w   c:\program files\Common Files\LightScribe
2008-12-16 09:35   ---------   d-----w   c:\documents and settings\MADZIA\Dane aplikacji\Ahead
2008-12-16 09:32   ---------   d-----w   c:\program files\Common Files\Ahead
2008-12-16 09:29   ---------   d-----w   c:\program files\Nero
2008-12-16 09:29   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Nero
2008-12-16 09:06   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-16 08:49   ---------   d-----w   c:\program files\microsoft frontpage
2008-12-16 08:46   ---------   d-----w   c:\program files\Usługi online
2008-12-08 11:53   57,344   ----a-w   c:\windows\system32\ff_vfw.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-01-28 2652056]
"OrangeDeamon"="c:\program files\Orange\Orange.exe" [2008-05-16 20336640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="soundman.exe" [2002-02-05 c:\windows\soundman.exe]
"AdslTaskBar"="stmctrl.dll" [2008-04-23 c:\windows\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]
"_nltide_3"="advpack.dll" [2008-04-14 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-16 111184]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-01-21 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-16 20560]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-01-21 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-01-21 95640]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2008-12-17 60255]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2008-12-17 683791]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - LanmanServer
*Deregistered* - lanmanworkstation
*Deregistered* - LightScribeService
*Deregistered* - LmHosts
*Deregistered* - MSIServer
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NVSvc
*Deregistered* - PCToolsFirewallPlus
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - ProtexisLicensing
*Deregistered* - RasMan
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.comodo.com/search/
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B9226CED-664F-4C6F-A0A0-D91EF2441475} = 79.163.127.70 217.116.100.65
FF - ProfilePath - c:\documents and settings\MADZIA\Dane aplikacji\Mozilla\Firefox\Profiles\6p413doq.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 12:52:04
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\NVDESK32.DLL

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\NVDESK32.DLL
.
Czas ukończenia: 2009-02-15 12:54:42
ComboFix-quarantined-files.txt  2009-02-15 11:54:32

Przed: 8 696 950 784 bajtów wolnych
Po: 8,731,291,648 bajtów wolnych

200


[Okocza]

medjarek, opisz swój problem w temacie oraz wklej log z hijacka