Duże obciążenie systemu

[Mike]

Objawy:
Komputer jest bardzo obciążony, NOD nic nie widzi, często mysz nie reaguje na polecenia tzn. Jeśli chcę przesunąć jakiś folder często otwiera go zamiast przesunąć, utrudnia mi to też pracę w corelu bo nie mogę swobodnie przesuwać obiektów itp... dodam, że komputer wyłączam po przez hibernację!

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:01, on 2009-05-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\V0420Mon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\ipla\ipla.exe
E:\PROGRAMY\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\twex.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051109 serial=DR12WNK-1943704-LNP lang=PL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: oleS.lnk = ?
O4 - Global Startup: ComproRemote.lnk = C:\Program Files\Common Files\VideoMate\ComproRemote.exe
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{54139350-F610-48E6-B0CC-26C811C8E072}: NameServer = 194.204.159.1 194.204.152.34
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5970 bytes


[Okocza]

oles*, wstaw log z combofixa

[oles*]

Kod: Zaznacz wszystko

ComboFix 09-04-30.05 - admin 2009-05-01 14:34.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.990.588 [GMT 2:00]
Uruchomiony z: c:\documents and settings\admin\Pulpit\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)
FW: Zapora osobista *enabled*
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\Dane aplikacji\inst.exe
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\explorer.exe.tmp
c:\windows\system32\systeminfo3.dll
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twex.exe

----- BITS: Możliwe zainfekowane strony -----

hxxp://banksguard.com
.
(((((((((((((((((((((((((   Pliki utworzone od 2009-04-01 do 2009-05-01  )))))))))))))))))))))))))))))))
.

2009-04-25 22:49 . 2009-04-25 22:52   --------   d-----w   c:\windows\system32\VITrans
2009-04-25 22:49 . 2006-12-03 15:15   111104   ----a-w   c:\windows\system32\Uharc.exe
2009-04-25 22:49 . 2006-12-03 15:15   19968   ----a-w   c:\windows\system32\reico.exe
2009-04-25 22:49 . 2006-12-03 15:14   8636   ----a-w   c:\windows\system32\modifype.exe
2009-04-25 22:49 . 2006-12-03 15:15   69632   ----a-w   c:\windows\system32\moveex.exe
2009-04-25 22:49 . 2006-12-03 15:10   81920   ----a-w   c:\windows\system32\closeapp.exe
2009-04-25 22:49 . 2009-04-25 22:53   --------   d-----w   C:\VTPFiles
2009-04-25 22:44 . 2009-04-25 22:44   --------   d-----w   c:\program files\CCleaner

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 08:57 . 2009-02-28 14:45   664   ----a-w   c:\windows\system32\d3d9caps.dat
2009-04-26 20:38 . 2008-10-15 14:54   38688   ----a-w   c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-25 22:57 . 2001-10-26 14:15   67078   ----a-w   c:\windows\system32\perfc015.dat
2009-04-25 22:57 . 2001-10-26 14:15   435978   ----a-w   c:\windows\system32\perfh015.dat
2009-03-21 19:41 . 2009-03-21 12:40   --------   d-----w   c:\program files\Winamp
2009-03-12 11:29 . 2009-03-12 11:29   47360   ----a-w   c:\windows\system32\drivers\pcouffin.sys
2009-03-12 11:29 . 2009-03-12 11:29   47360   ----a-w   c:\documents and settings\admin\Dane aplikacji\pcouffin.sys
2009-03-12 11:29 . 2009-03-12 11:28   --------   d-----w   c:\program files\CloneDVD
2009-03-08 13:33 . 2008-11-05 17:37   --------   d-----w   c:\program files\Guitar Pro 5
2009-02-01 13:36 . 2009-02-01 13:36   130   ----a-w   c:\documents and settings\admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
2008-12-20 12:51 . 2008-10-15 15:24   67688   ----a-w   c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 12:51 . 2008-10-15 15:24   54368   ----a-w   c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 12:51 . 2008-10-15 15:24   34944   ----a-w   c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 12:51 . 2008-10-15 15:24   46712   ----a-w   c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 12:51 . 2008-10-15 15:24   172136   ----a-w   c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-30 32768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe" [2004-06-22 733184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\admin\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2008-10-18 1978368]
ComproSchedulerDTV.lnk - c:\program files\Common Files\VideoMate\ComproSchedulerDTV.exe [2008-10-18 90112]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-04-16 39472]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
S3 CXSONORA;VideoMate 2388x AvStream Video Capture;c:\windows\system32\drivers\VMTVE88x.sys [2007-09-28 300800]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\EuroTEST.exe
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {54139350-F610-48E6-B0CC-26C811C8E072} = 194.204.159.1 194.204.152.34
FF - ProfilePath - c:\documents and settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\877bqvbq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 14:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b1,fc,79,61,96,
   d5,56,f2,e2,63,26,f1,3f,c8,ff,68,af,e7,ab,27,66,91,c2,75,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,02,b5,50,4f,d2,
   e8,6d,33,6a,9c,d6,61,af,45,84,18,0a,57,0f,be,bb,50,7d,00,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,f3,d7,97,2a,e2,
   9a,f3,fa,ff,7c,85,e0,43,d4,0e,fe,f6,c6,65,6e,79,5e,51,73,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d2,54,f4,3f,eb,
   b7,e4,46,86,8c,21,01,be,91,eb,e7,ea,06,26,74,9e,d2,c7,ff,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,ce,97,db,84,e6,
   9b,6a,c7,f5,1d,4d,73,a8,13,5c,05,17,06,52,15,35,ff,c7,dd,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,07,c9,7f,a3,f6,
   25,7f,c8,df,20,58,62,78,6b,cf,c8,d3,9a,ca,3b,78,b3,d8,bf,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,08,f7,8b,58,0f,
   72,ba,85,fb,a7,78,e6,12,2f,9a,ea,fa,bb,e1,20,a6,c3,e7,42,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,be,c0,79,a9,af,
   47,1a,f2,01,3a,48,fc,e8,04,4a,f1,8b,bf,9d,2c,06,9c,9a,44,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,8d,34,ce,ec,7b,
   c3,37,14,f6,0f,4e,58,98,5b,89,c9,fb,5b,26,ce,69,5e,1b,cb,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,e3,00,ab,f7,e6,
   f5,a9,91,3d,ce,ea,26,2d,45,aa,78,1b,8f,4c,31,f2,9a,ac,e8,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e4,38,c4,1c,a8,
   6f,6e,6b,2a,b7,cc,b5,b9,7f,41,e7,bb,e6,ac,d1,58,b7,6e,7c,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,78,ad,0b,16,7b,
   9a,29,3f,6c,43,2d,1e,aa,22,2f,9c,58,2d,0c,12,7e,1e,e4,fa,6c,43,2d,1e,aa,22,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2976)
c:\windows\system32\NETSHELL.dll
c:\windows\system32\msi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MICROS~3\rapimgr.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-01 14:40 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-05-01 12:40

Przed: 41 264 963 584 bajtów wolnych
Po: 41 263 091 712 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

212


[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka