Proszę O Sprawdzenie Loga Hijack

[p1tu]

Od paru dni komputer strasznie zaczął mi fixować, podczas odpalania w oknie gdzie leci pasek ładowania systemu XP niebieska kreska wariuje tzn. strasznie zamula, gdy uruchomi się system wszystko jest niby ok ale gdy chcę wejść na WWW lub odpalić jakiś film itp. system strasznie zamula i czasami łapie zwiechę. Proszę o przeanalizowanie poniższego loga.

 

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log Hijack"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:34:48, on 2009-03-03

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre6\bin\jusched.exe

F:\rapget141\rapget.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Documents and Settings\opuiopu\Menu Start\Programy\Autostart\Msoffice.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Twick32] C:\DOCUME~1\opuiopu\USTAWI~1\Temp\Rar$EX00.569\Titanium_Conax_Thor_08_west_OK\TitaniumLoader.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Rapget] F:\rapget141\rapget.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Msoffice.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 4939 bytes

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log ComboFIX"

ComboFix 09-03-02.03 - opuiopu 2009-03-03 15:40:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.767.286 [GMT 1:00]

Uruchomiony z: c:\documents and settings\opuiopu\Pulpit\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

* Utworzono nowy punkt przywracania

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll

c:\program files\myglobalsearch

c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

c:\program files\myglobalsearch\bar\Cache\000181D4

c:\program files\myglobalsearch\bar\Cache\00114959.bin

c:\program files\myglobalsearch\bar\Cache\00114C5C.bin

c:\program files\myglobalsearch\bar\Cache\00114E5A.bin

c:\program files\myglobalsearch\bar\Cache\files.ini

c:\program files\myglobalsearch\bar\History\search

c:\program files\myglobalsearch\bar\Settings\prevcfg.htm

c:\recycled\Recycled

 

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NTNDIS

 

 

((((((((((((((((((((((((( Pliki utworzone od 2009-02-03 do 2009-03-03 )))))))))))))))))))))))))))))))

.

 

2009-03-02 18:55 . 2009-03-02 18:55 54,156 --ah----- c:\windows\QTFont.qfn

2009-03-02 18:55 . 2009-03-02 18:55 1,409 --a------ c:\windows\QTFont.for

2009-03-02 18:47 . 2009-03-02 18:47 <DIR> d-------- c:\program files\Trend Micro

2009-03-02 18:25 . 2009-03-02 18:25 <DIR> d--hs---- C:\found.000

2009-03-02 17:12 . 2009-03-02 17:12 <DIR> d-------- c:\program files\Lavalys

2009-03-02 16:55 . 2009-03-03 15:51 3,373,917 --a------ c:\windows\{00000000-00000000-0000000A-00001102-00000002-80271102}.BAK

2009-02-28 12:19 . 2009-03-02 12:32 <DIR> d-------- c:\program files\IrfanView

2009-02-22 13:23 . 2009-02-22 13:23 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-18 17:08 . 2009-02-18 17:08 <DIR> d-------- c:\program files\CCleaner

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-03 14:26 --------- d-----w c:\documents and settings\opuiopu\Dane aplikacji\Skype

2009-03-03 09:49 --------- d-----w c:\documents and settings\opuiopu\Dane aplikacji\skypePM

2009-03-02 19:05 --------- d-----w c:\program files\NAPI-PROJEKT

2009-03-02 19:05 --------- d-----w c:\program files\ALLPlayer

2009-03-02 19:01 --------- d-----w c:\program files\SubEdit-Player

2009-03-02 15:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ScanSoft

2009-02-22 15:40 --------- d-----w c:\program files\ZodiacEdit

2009-02-22 12:22 --------- d-----w c:\program files\Java

2009-02-18 16:23 --------- d-----w c:\program files\ESET

2009-02-18 16:00 --------- d-----w c:\program files\Canon

2009-02-18 15:57 --------- d-----w c:\program files\Yahoo!

2009-01-23 17:59 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\DriverCure

2009-01-23 17:54 --------- d-----w c:\documents and settings\opuiopu\Dane aplikacji\DriverCure

2009-01-23 17:53 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ParetoLogic

2009-01-23 17:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations

2009-01-03 12:16 4,256 ----a-w c:\windows\system32\drivers\userport.sys

2008-04-11 17:45 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600]

"Rapget"="f:\rapget141\rapget.exe" [2008-06-03 171008]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-09-16 1447168]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 c:\windows\system32\CTHELPER.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\opuiopu\Menu Start\Programy\Autostart\

Msoffice.exe [2008-11-08 642050]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

"MSACM.MSNAUDIO"= msnaudio.acm

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BearShare\\BearShare.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-09-17 468224]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]

.

- - - - USUNIĘTO PUSTE WPISY - - - -

 

HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe

HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe

 

 

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://google.bearshare.com/pl

FF - ProfilePath - c:\documents and settings\opuiopu\Dane aplikacji\Mozilla\Firefox\Profiles\065ctu7j.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://dvhk.pl/

FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66020&qkw=

FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-03 15:51:05

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\documents and settings\opuiopu\Menu Start\Programy\Autostart\Msoffice.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Czas ukończenia: 2009-03-03 15:56:12 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-03-03 14:55:49

 

Przed: 19 691 421 696 bajtów wolnych

Po: 21,929,107,456 bajtów wolnych

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

143

Edytowane 3 Marca 2009 przez P(!)Tu

[Kolobos]

Uzyj EDYTUJ i daj log w spoilerze + log z combofix. Daj tez screeny ze wszystkich zakladek HdTune.