Zwolnienie systemu

[KondzikS]

Straszne zwolnienie systemu, komputer włącza się 10-15minut, choc po przeleceniu Combofixem komputer działa "w miarę" normalnie, ale przy reboocie kompa problem znów wraca. Oto skany:
Hijack:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:06, on 2009-02-24
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Users\oem\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
D:\Miranda2\miranda32.exe
D:\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Winamp\winamp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\oem\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:/oem/podziekowania/podziekowania.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:/oem/podziekowania/podziekowania.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\oem\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Miranda.lnk = D:\Miranda2\miranda32.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F759779D-CEBB-4961-B7A9-86F11C0F501F}: NameServer = 83.238.255.76 213.241.79.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 5535 bytes

ComboFix:

Kod: Zaznacz wszystko

ComboFix 09-02-21.01 - oem 2009-02-24 10:00:43.7 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.1.1045.18.2046.1218 [GMT 1:00]
Uruchomiony z: c:\users\oem\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-01-24 do 2009-02-24  )))))))))))))))))))))))))))))))
.

2009-02-22 18:32 . 2009-02-22 18:36   233,039,935   --a------   c:\windows\MEMORY.DMP
2009-02-22 15:07 . 2009-02-22 15:07   <DIR>   d--------   c:\program files\Panda Security
2009-02-22 15:07 . 2008-06-19 16:24   28,544   --a------   c:\windows\System32\drivers\pavboot.sys
2009-02-22 15:00 . 2009-02-22 15:00   <DIR>   d--------   c:\program files\SkanerOnline
2009-02-21 11:36 . 2009-02-21 12:47   <DIR>   d--------   c:\users\All Users\Spybot - Search & Destroy
2009-02-21 11:36 . 2009-02-21 12:47   <DIR>   d--------   c:\programdata\Spybot - Search & Destroy
2009-02-21 11:07 . 2009-02-20 20:03   15,688   --a------   c:\windows\System32\lsdelete.exe
2009-02-20 20:03 . 2009-02-20 20:03   <DIR>   d----c---   c:\windows\System32\DRVSTORE
2009-02-20 20:03 . 2009-02-20 20:03   64,160   --a------   c:\windows\System32\drivers\Lbd.sys
2009-02-20 20:01 . 2009-02-20 20:03   <DIR>   d--------   c:\users\All Users\Lavasoft
2009-02-20 20:01 . 2009-02-20 20:01   <DIR>   d--h-c---   c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 20:01 . 2009-02-20 20:03   <DIR>   d--------   c:\programdata\Lavasoft
2009-02-20 20:01 . 2009-02-20 20:01   <DIR>   d--h-c---   c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 20:01 . 2009-02-20 20:01   <DIR>   d--------   c:\program files\Lavasoft
2009-02-16 13:42 . 2009-02-16 13:42   <DIR>   d--------   c:\users\oem\AppData\Roaming\Gadu-Gadu
2009-02-16 13:36 . 2009-02-16 13:37   <DIR>   d--------   c:\users\oem\Gadu-Gadu
2009-02-15 10:47 . 2008-12-05 05:32   428,544   --a------   c:\windows\System32\EncDec.dll
2009-02-15 10:47 . 2008-12-05 05:32   293,376   --a------   c:\windows\System32\psisdecd.dll
2009-02-15 10:47 . 2008-12-05 05:31   217,088   --a------   c:\windows\System32\psisrndr.ax
2009-02-15 10:47 . 2008-12-05 05:31   177,664   --a------   c:\windows\System32\mpg2splt.ax
2009-02-15 10:47 . 2008-12-05 05:31   80,896   --a------   c:\windows\System32\MSNP.ax
2009-02-12 08:56 . 2009-02-12 08:56   <DIR>   d--------   c:\windows\System32\AGEIA
2009-02-12 08:56 . 2009-02-12 08:56   <DIR>   d--------   c:\program files\AGEIA Technologies
2009-02-12 08:55 . 2009-02-12 08:55   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-02-11 09:32 . 2009-01-15 04:36   1,383,424   --a------   c:\windows\System32\mshtml.tlb
2009-02-11 09:32 . 2009-01-15 07:11   827,392   --a------   c:\windows\System32\wininet.dll
2009-02-10 10:50 . 2009-02-10 10:50   <DIR>   d--------   C:\CrashReport
2009-02-05 21:50 . 2009-02-05 21:50   42,320   --a------   c:\windows\System32\xfcodec.dll
2009-02-04 15:33 . 2009-02-04 15:33   <DIR>   d--------   c:\users\oem\Program Files
2009-02-04 13:10 . 2009-02-20 12:48   <DIR>   d--------   c:\users\oem\AppData\Roaming\BitTorrent
2009-02-04 13:09 . 2009-02-24 10:06   <DIR>   d--------   c:\users\oem\AppData\Roaming\DNA
2009-02-04 13:09 . 2009-02-04 13:09   <DIR>   d--------   c:\program files\DNA
2009-02-04 12:04 . 2009-02-15 14:22   <DIR>   d--------   c:\users\All Users\TrackMania
2009-02-04 12:04 . 2009-02-15 14:22   <DIR>   d--------   c:\programdata\TrackMania
2009-02-04 12:04 . 2005-05-26 15:34   2,297,552   --a------   c:\windows\System32\d3dx9_26.dll
2009-01-26 09:15 . 2009-02-04 07:36   101,287   --a------   c:\windows\System32\drivers\klin.dat
2009-01-26 09:15 . 2009-02-04 07:36   89,601   --a------   c:\windows\System32\drivers\klick.dat
2009-01-26 09:14 . 2009-02-24 09:41   <DIR>   d--------   c:\users\All Users\Kaspersky Lab
2009-01-26 09:14 . 2009-02-24 09:41   <DIR>   d--------   c:\programdata\Kaspersky Lab
2009-01-26 09:14 . 2009-01-26 09:14   <DIR>   d--------   c:\program files\Kaspersky Lab
2009-01-26 09:14 . 2009-02-23 16:13   2,591,264   --ahs----   c:\windows\System32\drivers\fidbox.dat
2009-01-26 09:14 . 2009-02-23 16:13   376,864   --ahs----   c:\windows\System32\drivers\fidbox2.dat
2009-01-26 09:14 . 2009-02-23 16:13   25,516   --ahs----   c:\windows\System32\drivers\fidbox.idx
2009-01-26 09:14 . 2009-02-23 16:13   5,512   --ahs----   c:\windows\System32\drivers\fidbox2.idx
2009-01-26 09:09 . 2009-01-26 09:09   <DIR>   d--------   c:\users\All Users\Kaspersky Lab Setup Files
2009-01-26 09:09 . 2009-01-26 09:09   <DIR>   d--------   c:\programdata\Kaspersky Lab Setup Files
2009-01-25 12:39 . 2009-01-25 12:39   <DIR>   d--------   c:\program files\ArcSoft
2009-01-25 12:32 . 2002-11-20 15:15   729,088   --a------   c:\windows\System32\CNQA1209.DLL
2009-01-25 12:32 . 2006-10-25 09:43   495,616   --a------   c:\windows\System32\CNQL1209.DLL
2009-01-25 12:32 . 2001-07-20 15:25   393,225   --a------   c:\windows\System32\CNQ1209F.PLG
2009-01-25 12:32 . 2001-08-31 19:02   393,225   --a------   c:\windows\System32\CNQ1209B.PLG
2009-01-25 12:32 . 2001-09-26 13:20   393,225   --a------   c:\windows\System32\CNQ12091.PLG
2009-01-25 12:32 . 2002-11-15 10:15   40,960   --a------   c:\windows\System32\CNQU83.DLL
2009-01-25 10:39 . 2009-01-25 10:39   <DIR>   d--------   c:\program files\World of Warcraft
2009-01-25 10:39 . 2009-01-25 10:39   <DIR>   d--------   c:\program files\Common Files\Blizzard Entertainment
2009-01-24 15:43 . 2009-01-25 08:04   <DIR>   d--------   c:\users\oem\AppData\Roaming\skypePM
2009-01-24 15:43 . 2009-01-24 15:43   56   --ah-----   c:\windows\System32\ezsidmv.dat
2009-01-24 15:42 . 2009-01-25 08:09   <DIR>   d--------   c:\users\oem\AppData\Roaming\Skype
2009-01-24 15:42 . 2009-01-24 15:42   <DIR>   d--------   c:\users\All Users\Skype
2009-01-24 15:42 . 2009-01-24 15:42   <DIR>   d--------   c:\programdata\Skype
2009-01-24 15:42 . 2009-01-24 15:42   <DIR>   d--------   c:\program files\Skype
2009-01-24 15:42 . 2009-01-24 15:42   <DIR>   d--------   c:\program files\Common Files\Skype

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 15:12   ---------   d-----w   c:\users\oem\AppData\Roaming\Xfire
2009-02-22 18:53   ---------   d-----w   c:\users\oem\AppData\Roaming\teamspeak2
2009-02-20 11:40   ---------   d-----w   c:\programdata\Xfire
2009-02-12 07:22   ---------   d-----w   c:\program files\Windows Mail
2009-02-07 13:26   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-04 14:34   33,808   ----a-w   c:\windows\system32\drivers\klbg.sys
2009-01-26 09:50   ---------   d-----w   c:\programdata\Microsoft Help
2009-01-26 08:19   ---------   d-----w   c:\program files\F-Secure Internet Security
2009-01-26 08:13   ---------   d-----w   c:\programdata\f-secure
2009-01-23 22:44   ---------   d-----w   c:\program files\Common Files\Adobe
2009-01-23 21:49   ---------   d-----w   c:\program files\Canon
2009-01-23 21:47   ---------   d--h--w   c:\programdata\CanonBJ
2009-01-23 21:47   ---------   d--h--w   c:\program files\CanonBJ
2009-01-23 16:41   319,456   ----a-w   c:\windows\DIFxAPI.dll
2009-01-23 16:41   ---------   d--h--w   c:\program files\Temp
2009-01-23 09:48   ---------   d-----w   c:\users\oem\AppData\Roaming\GHISLER
2009-01-22 16:53   ---------   d-----w   c:\users\oem\AppData\Roaming\DAEMON Tools Lite
2009-01-22 16:46   ---------   d-----w   c:\users\oem\AppData\Roaming\DAEMON Tools Pro
2009-01-22 16:46   ---------   d-----w   c:\users\oem\AppData\Roaming\DAEMON Tools
2009-01-22 16:45   ---------   d-----w   c:\programdata\DAEMON Tools Lite
2009-01-22 16:42   717,296   ----a-w   c:\windows\system32\drivers\sptd.sys
2009-01-22 16:42   ---------   d-----w   c:\users\oem\AppData\Roaming\Winamp
2009-01-22 16:17   ---------   d-----w   c:\users\oem\AppData\Roaming\Miranda
2009-01-22 15:54   ---------   d-----w   c:\program files\NAPI-PROJEKT
2009-01-22 14:39   ---------   d-----w   c:\program files\Thomson
2009-01-22 08:39   ---------   d-----w   c:\users\oem\AppData\Roaming\PeerNetworking
2009-01-21 16:11   473,600   ----a-w   c:\windows\System32\SkanerOnline.dll
2009-01-20 18:26   ---------   d-----w   c:\users\oem\AppData\Roaming\F-Secure
2009-01-06 18:29   965,664   ----a-w   c:\windows\System32\RtkPgExt.dll
2009-01-06 18:29   44,064   ----a-w   c:\windows\System32\RtkCoInst.dll
2009-01-06 18:29   322,080   ----a-w   c:\windows\System32\RtkApoApi.dll
2009-01-06 18:29   2,510,368   ----a-w   c:\windows\System32\RtkAPO.dll
2009-01-06 18:07   2,261,024   ----a-w   c:\windows\system32\drivers\RTKVHDA.sys
2008-01-21 02:43   174   --sha-w   c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((   SnapShot@2009-02-22_19.34.48,21   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-22 17:36:17   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-24 08:29:50   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-22 17:36:18   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-24 08:29:50   2,048   --sha-w   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-22 17:47:21   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-24 08:42:05   262,144   --sha-w   c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-22 17:47:00   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-24 08:41:57   262,144   --sha-w   c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-02-22 08:34:06   16,384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-24 08:30:43   16,384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-22 08:34:06   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-24 08:30:43   32,768   --sha-w   c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-22 08:34:06   16,384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-24 08:30:43   16,384   --sha-w   c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-22 08:48:29   38,102   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-23 06:49:17   38,150   ----a-w   c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent DNA"="c:\users\oem\Program Files\DNA\btdna.exe" [2009-02-04 342848]
"SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 201992]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-20 509784]

c:\users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Miranda.lnk - d:\miranda2\miranda32.exe [2009-01-22 557652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DmwClient]
--a------ 2009-01-23 08:51 337408 d:\dmw client 3\dmwclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 16:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2009-01-06 19:29 6707744 c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{867DDFB5-45D1-4A59-B6D0-13A1396008E2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8CB1840B-EE3D-41CD-8A2B-21AF9A0DF7B9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{765E72F5-B405-4F43-BF3A-E802A3F6B08E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{C8342E64-8FE0-4E7A-800B-B2B04D516B35}d:\\xfire\\xfire.exe"= UDP:d:\xfire\xfire.exe:Xfire
"UDP Query User{C59BC25C-3208-42BE-878C-E9B33ADD33CE}d:\\xfire\\xfire.exe"= TCP:d:\xfire\xfire.exe:Xfire
"TCP Query User{8BB0591C-34E9-4938-AAE3-3FC7D2FABB77}d:\\miranda2\\miranda32.exe"= UDP:d:\miranda2\miranda32.exe:Miranda IM
"UDP Query User{E36EBB91-443C-45D1-899B-62B4B1E8BD3A}d:\\miranda2\\miranda32.exe"= TCP:d:\miranda2\miranda32.exe:Miranda IM
"TCP Query User{551A5CE0-0717-4E6D-A096-E23FC820D103}d:\\mohaa\\mohaa.exe"= UDP:d:\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{E925EEA0-4286-468E-836D-5F105A5615AD}d:\\mohaa\\mohaa.exe"= TCP:d:\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{3CA5EFC1-1093-4B13-99EC-7F9D028ABF55}d:\\miranda2\\miranda32.exe"= UDP:d:\miranda2\miranda32.exe:Miranda IM
"UDP Query User{A7A0054F-4B92-435F-B292-C2020ED9DBA3}d:\\miranda2\\miranda32.exe"= TCP:d:\miranda2\miranda32.exe:Miranda IM
"TCP Query User{FB8B726C-BB0E-42CD-B58E-330C71D308DC}d:\\xfire\\xfire.exe"= UDP:d:\xfire\xfire.exe:Xfire
"UDP Query User{F7ECE6E0-DCCD-459F-91FE-1629B06A2A98}d:\\xfire\\xfire.exe"= TCP:d:\xfire\xfire.exe:Xfire
"TCP Query User{BF2F134C-38F9-48B9-9CC4-4498FC31EFC0}d:\\mohaa\\mohaa.exe"= UDP:d:\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{87D7A179-4FDE-4A5E-873F-148EB88FC6C4}d:\\mohaa\\mohaa.exe"= TCP:d:\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{8080E0BB-7100-48A6-8699-B630B0E70755}d:\\totalcmd\\totalcmd.exe"= UDP:d:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{1DD43436-506A-4817-A8C0-14EC54C83F44}d:\\totalcmd\\totalcmd.exe"= TCP:d:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{926DEFF4-C55E-41CA-97F8-7460FFC65603}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{58928C60-B803-433B-B86B-3125A50F3AD8}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{A082EFD6-D610-4306-8A22-9065E3C8C09B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{A922B32F-CFFD-4655-89AB-DFFD0D8A1082}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\polish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{1D7018F8-43CE-44AC-B33F-880034A59074}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\polish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\polish\setup.exe:Kaspersky Anti-Virus 2009 Setup
"TCP Query User{08551CAB-8F58-4836-AA32-5A22C2A4F599}d:\\tmnationsforever\\tmforever.exe"= UDP:d:\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{EC7CEEEB-98AD-46CE-BB5D-B7F8B0D82731}d:\\tmnationsforever\\tmforever.exe"= TCP:d:\tmnationsforever\tmforever.exe:TmForever
"{812DB17E-81A9-47A7-8A79-0EAA39D55362}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{484B43E4-72A4-4490-9F0D-289925CEEBCC}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{2C097A2A-4FD4-41EF-A89D-96C4D7F06E8F}"= UDP:d:\bittorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{9F1E4F2E-D767-4185-AC74-5DCD2505B753}"= TCP:d:\bittorrent\BitTorrent.exe:BitTorrent (UDP-In)
"TCP Query User{50EEA118-40CA-49B6-9F1D-14DFF5C6C205}c:\\users\\oem\\program files\\dna\\btdna.exe"= UDP:c:\users\oem\program files\dna\btdna.exe:btdna.exe
"UDP Query User{A15880FE-290E-466B-9FFC-E8A5E6D2BA71}c:\\users\\oem\\program files\\dna\\btdna.exe"= TCP:c:\users\oem\program files\dna\btdna.exe:btdna.exe
"TCP Query User{380888EB-C222-4AD1-8615-08E5732A1E3D}c:\\users\\oem\\program files\\dna\\btdna.exe"= UDP:c:\users\oem\program files\dna\btdna.exe:btdna.exe
"UDP Query User{A2184BD1-9BA2-4F97-934D-7CC59BD1B09C}c:\\users\\oem\\program files\\dna\\btdna.exe"= TCP:c:\users\oem\program files\dna\btdna.exe:btdna.exe
"TCP Query User{1F2F2E51-5BA3-4B22-B1D1-ED11FED97F7C}d:\\ja\\gamedata\\jamp.exe"= UDP:d:\ja\gamedata\jamp.exe:Jedi Academy MultiPlayer
"UDP Query User{93A11767-5561-49AD-977D-75D1BD279CA5}d:\\ja\\gamedata\\jamp.exe"= TCP:d:\ja\gamedata\jamp.exe:Jedi Academy MultiPlayer
"TCP Query User{11C4742A-82AC-4CD6-9A53-3B9D9FDC4F2A}j:\\gry\\moh - airborne\\unrealengine3\\binaries\\moha.exe"= UDP:j:\gry\moh - airborne\unrealengine3\binaries\moha.exe:Medal of Honor Airborne™
"UDP Query User{37B1F5A2-0CC5-47C3-B652-FCDD8073D983}j:\\gry\\moh - airborne\\unrealengine3\\binaries\\moha.exe"= TCP:j:\gry\moh - airborne\unrealengine3\binaries\moha.exe:Medal of Honor Airborne™
"TCP Query User{FD4779B1-D1AA-429D-A6D5-E65F307C293B}d:\\mohaa\\mohaa_server.exe"= UDP:d:\mohaa\mohaa_server.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{C826FFA8-DED9-41DC-A741-E7E14D5F26B8}d:\\mohaa\\mohaa_server.exe"= TCP:d:\mohaa\mohaa_server.exe:Medal of Honor Allied Assault(tm)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\BitTorrent\\bittorrent.exe"= d:\bittorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 33808]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-02-20 64160]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [2009-02-22 28544]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-03-26 20496]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S2 SBSDWSCService;SBSD Security Center Service;d:\spybot - search & destroy\SDWinSec.exe [2009-02-21 1153368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da23c056-e8a3-11dd-8ed0-000000000000}]
\shell\AutoRun\command - M:\autorun.exe
.
Zawartość folderu 'Zaplanowane zadania'

2009-02-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-20 20:03]

2009-02-24 c:\windows\Tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2009-02-24 c:\windows\Tasks\User_Feed_Synchronization-{3B2A01B4-928C-46B5-AB27-33834172ACFB}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Skan uzupełniający -------
.
uStart Page = c:/oem/podziekowania/podziekowania.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {F759779D-CEBB-4961-B7A9-86F11C0F501F} = 83.238.255.76 213.241.79.37
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\users\oem\AppData\Roaming\Mozilla\Firefox\Profiles\orvofmqt.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\oem\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 10:08:04
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2009-02-24 10:11:01
ComboFix-quarantined-files.txt  2009-02-24 09:10:59
ComboFix2.txt  2009-02-23 07:29:45
ComboFix3.txt  2009-02-22 09:53:48
ComboFix4.txt  2009-02-21 11:46:15
ComboFix5.txt  2009-02-24 08:55:50

Przed: 47 327 404 032 bajtów wolnych
Po: 47,306,117,120 bajtów wolnych

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
254   --- E O F ---   2009-02-24 08:52:26

Proszę o pomoc.

[wojtas]

nic tu nie widac...

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.