Proszę o sprawdzenie loga. cpu na poziomie 50% w trakcie gry

[anncora]

Witam serdecznie. To mój pierwszy post na forum więc przepraszam za ogólnikowość problemu. Jak widać poniżej mam Windowsa xp i zostałam przekonana do zagrania w Planesape Torment. (gra z 1999r). Niestety w trakcie gry następują zacięcia i zatrzymania akcji, podczas uzywania magii, czyli innymi slowy jakichs wiekszych rewolucji graficznych. Gdy chowam gre w pasek, by pozamykac wszystkie inne programy, choc wydaje mi się, ze nie w tym tkwi problem, okazuje się, ze gra pochłania az 50%cpu (waha sie od 47-52). Bardzo proszę o przejglądniecie mojego loga, w celu pomocy w wyszukaniu źródła problemu.

(Dodatkową informacją moze byc fakt, ze twardy format był ponad rok temu, oraz ostatnimi czasy mialam problem z pozbyciem się Trojana Downloadera, z racji ponownych wystąpień zmuszona byłam pousuwac samo generujące sie czterosylabowce w system32 ręcznie w trybie awaryjnym.)

Kod: Zaznacz wszystko

ComboFix 08-12-28.03 - EWA 2008-12-29 14:29:43.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2046.1329 [GMT 1:00]
Uruchomiony z: c:\documents and settings\EWA\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\EWA\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active


[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]

FILE ::
C:\n1deiect.com
C:\ntde1ect.com
c:\windows\system32\amvo.exe
c:\windows\system32\amvo1.dll
c:\windows\system32\avpo.exe
c:\windows\system32\avpo0.dll
D:\n1deiect.com
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-11-28 do 2008-12-29  )))))))))))))))))))))))))))))))
.

2008-12-28 19:01 . 2000-03-01 00:00   327,168   --a------   c:\windows\IsUn0415.exe
2008-12-26 20:40 . 2008-12-26 20:40   1,700,352   --a------   c:\windows\system32\gdiplus.dll
2008-12-26 20:40 . 2008-12-26 20:40   1,060,864   --a------   c:\windows\system32\mfc71.dll
2008-12-26 13:27 . 2008-12-26 13:27   <DIR>   d--------   c:\windows\Logs
2008-12-26 13:27 . 2008-05-30 14:11   3,850,760   --a------   c:\windows\system32\D3DX9_38.dll
2008-12-26 13:27 . 2008-05-30 14:11   1,491,992   --a------   c:\windows\system32\D3DCompiler_38.dll
2008-12-26 13:27 . 2008-05-30 14:19   507,400   --a------   c:\windows\system32\XAudio2_1.dll
2008-12-26 13:27 . 2008-05-30 14:11   467,984   --a------   c:\windows\system32\d3dx10_38.dll
2008-12-26 13:27 . 2008-05-30 14:18   238,088   --a------   c:\windows\system32\xactengine3_1.dll
2008-12-26 13:27 . 2008-05-30 14:17   65,032   --a------   c:\windows\system32\XAPOFX1_0.dll
2008-12-26 13:27 . 2008-05-30 14:17   25,608   --a------   c:\windows\system32\X3DAudio1_4.dll
2008-12-26 13:24 . 2008-12-26 13:24   <DIR>   d--------   c:\windows\system32\xlive
2008-12-26 13:24 . 2008-12-26 20:06   <DIR>   d--------   c:\program files\Microsoft Games for Windows - LIVE
2008-12-26 13:04 . 2008-12-26 13:04   <DIR>   d--------   c:\program files\Rockstar Games
2008-12-26 13:03 . 2008-12-26 13:03   <DIR>   d--------   c:\program files\MSBuild
2008-12-26 13:00 . 2008-12-26 13:00   <DIR>   d--------   c:\windows\system32\XPSViewer
2008-12-26 13:00 . 2008-12-26 13:00   <DIR>   d--------   c:\program files\Reference Assemblies
2008-12-26 13:00 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2008-12-24 00:11 . 2008-12-24 00:11   <DIR>   d--------   c:\program files\PrevxCSI
2008-12-24 00:11 . 2008-12-24 00:12   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\PrevxCSI
2008-12-24 00:11 . 2008-12-24 00:11   26,808   --a------   c:\windows\system32\drivers\pxark.sys
2008-12-23 23:57 . 2002-12-29 01:14   81,920   --a------   c:\windows\system32\Startup.cpl
2008-12-23 15:48 . 2008-12-23 17:31   <DIR>   d--------   c:\program files\Spyware Terminator
2008-12-23 15:48 . 2008-12-23 15:48   <DIR>   d--------   c:\program files\Crawler
2008-12-23 15:48 . 2008-12-23 17:31   <DIR>   d--------   c:\documents and settings\EWA\Dane aplikacji\Spyware Terminator
2008-12-23 15:48 . 2008-12-23 16:23   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator
2008-12-23 15:48 . 2008-12-23 15:48   141,312   --a------   c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-22 20:38 . 2008-12-28 20:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Google Updater
2008-12-22 20:31 . 2008-12-16 15:19   4,096   --a------   c:\windows\system32\drivers\Start2Driver.SYS
2008-12-22 20:31 . 2008-12-16 11:44   3,584   --a------   c:\windows\system32\drivers\Start1Driver.SYS
2008-12-22 20:07 . 2008-12-22 20:35   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-19 19:16 . 2008-12-19 19:17   <DIR>   d--------   C:\My Book instal
2008-12-18 21:54 . 2008-12-18 21:55   <DIR>   d--------   c:\program files\SystemRequirementsLab

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 11:31   ---------   d-----w   c:\documents and settings\EWA\Dane aplikacji\Tlen.pl
2008-12-27 21:42   ---------   d-----w   c:\documents and settings\EWA\Dane aplikacji\Skype
2008-12-27 21:38   ---------   d-----w   c:\documents and settings\EWA\Dane aplikacji\skypePM
2008-12-26 12:04   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-22 19:38   ---------   d-----w   c:\program files\Google
2008-12-22 12:31   ---------   d-----w   c:\documents and settings\EWA\Dane aplikacji\F-Secure
2008-12-20 21:21   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-07 14:53   ---------   d-----w   c:\program files\Gigabyte
2008-12-05 14:38   24,944   ----a-w   c:\windows\system32\drivers\GVTDrv.sys
2008-11-03 10:28   ---------   d-----w   c:\program files\Windows Live
2008-11-03 10:27   ---------   dcsh--w   c:\program files\Common Files\WindowsLiveInstaller
2008-11-03 10:27   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\WLInstaller
2008-10-28 16:41   14,303,392   ----a-w   c:\windows\system32\xlive.dll
2008-10-28 16:41   13,643,936   ----a-w   c:\windows\system32\xlivefnt.dll
2008-10-23 12:42   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 20:33   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 13:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 13:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-03 10:04   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-09-30 15:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2008-01-06 10:52   32   -c--a-w   c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2007-04-15 11:09   641   -c-ha-w   c:\documents and settings\EWA\hpothb07.dat
2006-05-06 16:42   7,260,160   ----a-w   c:\program files\mozilla firefox\plugins\libvlc.dll
2008-09-02 10:06   32,768   -csha-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008090220080903\index.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-12-29_14.17.19.68   )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="c:\program files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 684032]
"DownloadAccelerator"="f:\dap\DAP.EXE" [2006-10-05 3352328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2006-03-24 262144]
F-Secure Automatic Update.lnk - c:\program files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-04-29 32807]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^EWA^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=c:\documents and settings\EWA\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-03-20 17:46 217544 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 f:\daemon tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 14:45 278528 f:\quick time\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a------ 2007-10-16 14:47 9119536 c:\program files\ooVoo\ooVoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-07 08:15 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-01-07 01:36 81920 c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 23:22 35328 f:\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 14:39 16862208 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\DAP\\DAP.exe"=
"f:\\Tlen\\tlen.exe"=
"e:\\BitComet\\BitComet.exe"=
"f:\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"f:\\Quick Time\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Counter Strike\\hl.exe"=
"c:\\Program Files\\MoonEdit\\me.exe"=
"f:\\BitSpirit\\BitSpirit.exe"=
"f:\\totalcmd\\TOTALCMD.EXE"=
"f:\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\F-Secure\\FWES\\program\\fsdfwd.exe"=
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\fsbwsys.exe"=
"c:\\Program Files\\F-Secure\\Anti-Virus\\fssm32.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Program Files\\F-Secure\\Anti-Virus\\fsgk32.exe"=
"c:\\Program Files\\F-Secure\\common\\FSMB32.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19671:TCP"= 19671:TCP:BitComet 19671 TCP
"19671:UDP"= 19671:UDP:BitComet 19671 UDP
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-04-29 70896]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-12-24 26808]
R1 Start1Driver;Start1Driver;c:\windows\system32\drivers\Start1Driver.sys [2008-12-22 3584]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-04-29 32807]
R2 CSIScanner;CSIScanner;"c:\program files\PrevxCSI\prevxcsi.exe" /service [2008-12-24 927288]
R2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2006-04-29 48816]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2006-04-29 48256]
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2006-04-29 16720]
R2 Start2Driver;Start2Driver;c:\windows\system32\drivers\Start2Driver.sys [2008-12-22 4096]
S3 GVTDrv;GVTDrv;\??\c:\windows\system32\Drivers\GVTDrv.sys [2008-06-24 24944]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
S3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D.sys [2004-07-06 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{085bbae9-a1f4-11dc-b887-000d88f2405a}]
\Shell\AutoRun\command - L:\EXPLORER.EXE
\Shell\explore\Command - L:\EXPLORER.EXE
\Shell\open\Command - L:\EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c8a3a9a-9e6d-11db-b80d-000d88f2405a}]
\Shell\AutoRun\command - N:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baf3f348-a972-11dc-b88a-000d88f2405a}]
\Shell\AutoRun\command - L:\DTSP_Launcher.exe
.
Zawartość folderu 'Zaplanowane zadania'

2008-12-28 c:\windows\Tasks\At1.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At10.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At11.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At12.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At13.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At14.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At15.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-28 c:\windows\Tasks\At16.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-28 c:\windows\Tasks\At17.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-28 c:\windows\Tasks\At18.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-28 c:\windows\Tasks\At19.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At2.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-28 c:\windows\Tasks\At20.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-28 c:\windows\Tasks\At21.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-28 c:\windows\Tasks\At22.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-28 c:\windows\Tasks\At23.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-28 c:\windows\Tasks\At24.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At3.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At4.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At5.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At6.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At7.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At8.job
- c:\windows\system32\1l3joh1S.exe []

2008-12-29 c:\windows\Tasks\At9.job
- c:\windows\system32\1l3joh1S.exe []

2008-09-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1212515008.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2008-12-29 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2005-05-24 15:42]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Block this popup - c:\program files\F-Secure\Anti-Spyware\blockpopups.htm
IE: &Clean Traces - f:\dap\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - f:\dap\dapextie.htm
IE: Crawler Search - tbr:iemenu
IE: Download &all with DAP - f:\dap\dapextie2.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Pobierz z &BitSpirit - f:\bitspirit\bsurl.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\EWA\Dane aplikacji\Mozilla\Firefox\Profiles\grnsvuwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: f:\opera\program\plugins\npdsplay.dll
FF - plugin: f:\opera\program\plugins\NPOFFICE.DLL
FF - plugin: f:\opera\program\plugins\npwmsdrm.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 13);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", true);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 14:30:46
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-29 14:31:49
ComboFix-quarantined-files.txt  2008-12-29 13:31:13
ComboFix2.txt  2008-12-29 13:18:30

Przed: 53 187 858 432 bajtów wolnych
Po: 53,170,036,736 bajtów wolnych

309   --- E O F ---   2008-12-18 09:00:53


[sgsman]

1. Zmień nazwę tematu na zgodną z regulaminem.
2. Opisz swój problem.
3. Czekaj na pomoc.

[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{085bbae9-a1f4-11dc-b887-000d88f2405a}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

[anncora]

Kod: Zaznacz wszystko

ComboFix 08-12-28.03 - EWA 2008-12-29 18:15:00.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.2046.1383 [GMT 1:00]
Uruchomiony z: c:\documents and settings\EWA\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\EWA\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active


[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]

FILE ::
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-28 do 2008-12-29  )))))))))))))))))))))))))))))))
.

2008-12-28 19:01 . 2000-03-01 00:00   327,168   --a------   c:\windows\IsUn0415.exe
2008-12-26 20:40 . 2008-12-26 20:40   1,700,352   --a------   c:\windows\system32\gdiplus.dll
2008-12-26 20:40 . 2008-12-26 20:40   1,060,864   --a------   c:\windows\system32\mfc71.dll
2008-12-26 13:27 . 2008-12-26 13:27   <DIR>   d--------   c:\windows\Logs
2008-12-26 13:27 . 2008-05-30 14:11   3,850,760   --a------   c:\windows\system32\D3DX9_38.dll
2008-12-26 13:27 . 2008-05-30 14:11   1,491,992   --a------   c:\windows\system32\D3DCompiler_38.dll
2008-12-26 13:27 . 2008-05-30 14:19   507,400   --a------   c:\windows\system32\XAudio2_1.dll
2008-12-26 13:27 . 2008-05-30 14:11   467,984   --a------   c:\windows\system32\d3dx10_38.dll
2008-12-26 13:27 . 2008-05-30 14:18   238,088   --a------   c:\windows\system32\xactengine3_1.dll
2008-12-26 13:27 . 2008-05-30 14:17   65,032   --a------   c:\windows\system32\XAPOFX1_0.dll
2008-12-26 13:27 . 2008-05-30 14:17   25,608   --a------   c:\windows\system32\X3DAudio1_4.dll
2008-12-26 13:24 . 2008-12-26 13:24   <DIR>   d--------   c:\windows\system32\xlive
2008-12-26 13:24 . 2008-12-26 20:06   <DIR>   d--------   c:\program files\Microsoft Games for Windows - LIVE
2008-12-26 13:04 . 2008-12-26 13:04   <DIR>   d--------   c:\program files\Rockstar Games
2008-12-26 13:03 . 2008-12-26 13:03   <DIR>   d--------   c:\program files\MSBuild
2008-12-26 13:00 . 2008-12-26 13:00   <DIR>   d--------   c:\windows\system32\XPSViewer
2008-12-26 13:00 . 2008-12-26 13:00   <DIR>   d--------   c:\program files\Reference Assemblies
2008-12-26 13:00 . 2006-06-29 13:07   14,048   ---------   c:\windows\system32\spmsg2.dll
2008-12-24 00:11 . 2008-12-24 00:11   <DIR>   d--------   c:\program files\PrevxCSI
2008-12-24 00:11 . 2008-12-24 00:12   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\PrevxCSI
2008-12-24 00:11 . 2008-12-24 00:11   26,808   --a------   c:\windows\system32\drivers\pxark.sys
2008-12-23 23:57 . 2002-12-29 01:14   81,920   --a------   c:\windows\system32\Startup.cpl
2008-12-23 15:48 . 2008-12-23 17:31   <DIR>   d--------   c:\program files\Spyware Terminator
2008-12-23 15:48 . 2008-12-23 15:48   <DIR>   d--------   c:\program files\Crawler
2008-12-23 15:48 . 2008-12-23 17:31   <DIR>   d--------   c:\documents and settings\EWA\Dane aplikacji\Spyware Terminator
2008-12-23 15:48 . 2008-12-23 16:23   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Spyware Terminator
2008-12-23 15:48 . 2008-12-23 15:48   141,312   --a------   c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-22 20:38 . 2008-12-28 20:21   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\Google Updater
2008-12-22 20:31 . 2008-12-16 15:19   4,096   --a------   c:\windows\system32\drivers\Start2Driver.SYS
2008-12-22 20:31 . 2008-12-16 11:44   3,584   --a------   c:\windows\system32\drivers\Start1Driver.SYS
2008-12-22 20:07 . 2008-12-22 20:35   <DIR>   d-a------   c:\documents and settings\All Users\Dane aplikacji\TEMP
2008-12-19 19:16 . 2008-12-19 19:17   <DIR>   d--------   C:\My Book instal
2008-12-18 21:54 . 2008-12-18 21:55   <DIR>   d--------   c:\program files\SystemRequirementsLab

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 11:31   ---------   d-----w   c:\documents and settings\EWA\Dane aplikacji\Tlen.pl
2008-12-27 21:42   ---------   d-----w   c:\documents and settings\EWA\Dane aplikacji\Skype
2008-12-27 21:38   ---------   d-----w   c:\documents and settings\EWA\Dane aplikacji\skypePM
2008-12-26 12:04   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-22 19:38   ---------   d-----w   c:\program files\Google
2008-12-22 12:31   ---------   d-----w   c:\documents and settings\EWA\Dane aplikacji\F-Secure
2008-12-20 21:21   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-07 14:53   ---------   d-----w   c:\program files\Gigabyte
2008-12-05 14:38   24,944   ----a-w   c:\windows\system32\drivers\GVTDrv.sys
2008-11-03 10:28   ---------   d-----w   c:\program files\Windows Live
2008-11-03 10:27   ---------   dcsh--w   c:\program files\Common Files\WindowsLiveInstaller
2008-11-03 10:27   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\WLInstaller
2008-10-28 16:41   14,303,392   ----a-w   c:\windows\system32\xlive.dll
2008-10-28 16:41   13,643,936   ----a-w   c:\windows\system32\xlivefnt.dll
2008-10-23 12:42   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-16 20:33   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 13:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 13:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 13:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 13:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 13:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 13:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 13:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 13:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 13:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 13:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-03 10:04   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-09-30 15:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2008-01-06 10:52   32   -c--a-w   c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2007-04-15 11:09   641   -c-ha-w   c:\documents and settings\EWA\hpothb07.dat
2006-05-06 16:42   7,260,160   ----a-w   c:\program files\mozilla firefox\plugins\libvlc.dll
2008-09-02 10:06   32,768   -csha-w   c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008090220080903\index.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-12-29_14.17.19.68   )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2005-10-26 122929]
"F-Secure TNB"="c:\program files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 684032]
"DownloadAccelerator"="f:\dap\DAP.EXE" [2006-10-05 3352328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2006-03-24 262144]
F-Secure Automatic Update.lnk - c:\program files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2006-04-29 32807]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^EWA^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=c:\documents and settings\EWA\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-03-20 17:46 217544 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 15:57 133016 f:\daemon tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-02-23 14:45 278528 f:\quick time\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
--a------ 2007-10-16 14:47 9119536 c:\program files\ooVoo\ooVoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-07 08:15 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-01-07 01:36 81920 c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 02:43 83608 c:\program files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 23:22 35328 f:\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-05-07 14:39 16862208 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\DAP\\DAP.exe"=
"f:\\Tlen\\tlen.exe"=
"e:\\BitComet\\BitComet.exe"=
"f:\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"=
"f:\\Quick Time\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Counter Strike\\hl.exe"=
"c:\\Program Files\\MoonEdit\\me.exe"=
"f:\\BitSpirit\\BitSpirit.exe"=
"f:\\totalcmd\\TOTALCMD.EXE"=
"f:\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\F-Secure\\FWES\\program\\fsdfwd.exe"=
"c:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\fsbwsys.exe"=
"c:\\Program Files\\F-Secure\\Anti-Virus\\fssm32.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Program Files\\F-Secure\\Anti-Virus\\fsgk32.exe"=
"c:\\Program Files\\F-Secure\\common\\FSMB32.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19671:TCP"= 19671:TCP:BitComet 19671 TCP
"19671:UDP"= 19671:UDP:BitComet 19671 UDP
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-04-29 70896]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-12-24 26808]
R1 Start1Driver;Start1Driver;c:\windows\system32\drivers\Start1Driver.sys [2008-12-22 3584]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2006-04-29 32807]
R2 CSIScanner;CSIScanner;"c:\program files\PrevxCSI\prevxcsi.exe" /service [2008-12-24 927288]
R2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2006-04-29 48816]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2006-04-29 48256]
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2006-04-29 16720]
R2 Start2Driver;Start2Driver;c:\windows\system32\drivers\Start2Driver.sys [2008-12-22 4096]
S3 GVTDrv;GVTDrv;\??\c:\windows\system32\Drivers\GVTDrv.sys [2008-06-24 24944]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
S3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D.sys [2004-07-06 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c8a3a9a-9e6d-11db-b80d-000d88f2405a}]
\Shell\AutoRun\command - N:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baf3f348-a972-11dc-b88a-000d88f2405a}]
\Shell\AutoRun\command - L:\DTSP_Launcher.exe
.
Zawartość folderu 'Zaplanowane zadania'

2008-09-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1212515008.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2008-12-29 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2005-05-24 15:42]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Block this popup - c:\program files\F-Secure\Anti-Spyware\blockpopups.htm
IE: &Clean Traces - f:\dap\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - f:\dap\dapextie.htm
IE: Crawler Search - tbr:iemenu
IE: Download &all with DAP - f:\dap\dapextie2.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Pobierz z &BitSpirit - f:\bitspirit\bsurl.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\EWA\Dane aplikacji\Mozilla\Firefox\Profiles\grnsvuwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://igoogle.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: f:\opera\program\plugins\npdsplay.dll
FF - plugin: f:\opera\program\plugins\NPOFFICE.DLL
FF - plugin: f:\opera\program\plugins\npwmsdrm.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 13);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", true);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 18:15:48
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-29 18:16:52
ComboFix-quarantined-files.txt  2008-12-29 17:16:20
ComboFix2.txt  2008-12-29 13:31:50
ComboFix3.txt  2008-12-29 13:18:30

Przed: 53 146 841 088 bajtów wolnych
Po: 53,128,896,512 bajtów wolnych

302   --- E O F ---   2008-12-18 09:00:53


[Okocza]

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.