Internet antyvirus pro i `pełno` trojanów etc.

[Z@K]

Witam. Zostalem poproszony o wyczyszczenie komputera znajomego, aczkolwiek nie moge sobie z tym poradzic.

Program `internet antywirus pro` pokazuje ze znalazł 57 trojanow, jakies wirusy itd, po uruchomieniu CF i skanowaniu, usunelo troche syfu, ale IAPro nadal działa i nadal pokazuje infekcje. na dodatek ciagle wyskakuje jakies okienko z owego antywirusa ze nie moze odnalezc jakiegos pliku exe...

Prosze o pomoc
wrzucam log z CF

Kod: Zaznacz wszystko

ComboFix 09-05-02.4 - wojtek 2009-05-03 12:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1250.48.1045.18.1021.305 [GMT 2:00]
Uruchomiony z: c:\downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\FunWebProducts
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\recycled\Recycled
c:\recycled\Recycled\ctfmon.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\avi32.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro
c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro\db\config.cfg
c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro\db\Timeout.inf
c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro\db\Urls.inf
c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro\settings.ini
c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro\uill.ini
c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro\unins000.exe
c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro\Uninstall  Internet Antivirus Pro.lnk
c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro\updateloadlist.ini
c:\users\wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.exe
c:\users\wojtek\AppData\Roaming\Microsoft\Windows\winlogon.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\x64
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


(((((((((((((((((((((((((   Pliki utworzone od 2009-04-03 do 2009-05-03  )))))))))))))))))))))))))))))))
.

2009-05-03 10:19 . 2009-05-03 10:19   --------   d-----w   c:\users\wojtek\AppData\Roaming\Internet Antivirus Pro
2009-05-03 10:17 . 2009-05-03 10:17   --------   d-----w   C:\Internet Antivirus Pro
2009-05-03 09:43 . 2009-05-03 09:43   --------   d-----w   c:\program files\Internet Antivirus Pro
2009-05-02 20:07 . 2009-05-03 09:43   28672   ----a-w   c:\program files\Common Files\file.exe
2009-05-02 20:06 . 2009-05-03 09:43   2175527   ----a-w   c:\program files\Common Files\InternetAntivirusPro.exe
2009-04-21 16:07 . 2009-04-21 16:07   --------   d-----w   c:\users\wojtek\AppData\Local\Apps
2009-04-21 16:07 . 2009-04-21 16:08   --------   d-----w   c:\users\wojtek\AppData\Local\Deployment
2009-04-18 11:45 . 2007-01-02 12:13   274432   ----a-w   c:\windows\system32\lcms.dll
2009-04-18 11:45 . 2004-06-04 20:22   782336   ----a-w   c:\windows\system32\IlmImf.dll
2009-04-18 11:45 . 2004-12-14 11:19   53248   ----a-w   c:\windows\system32\pmexr.dll
2009-04-18 11:45 . 2003-11-26 09:47   11776   ----a-w   c:\windows\system32\pmbm.dll
2009-04-18 11:45 . 2006-11-29 10:55   204288   ----a-w   c:\windows\system32\pmtf3.dll
2009-04-18 11:45 . 2006-02-05 15:23   205824   ----a-w   c:\windows\system32\pmtf1.dll
2009-04-18 11:45 . 2006-02-05 14:27   353280   ----a-w   c:\windows\system32\pmtf2.dll
2009-04-18 11:45 . 2007-06-28 13:09   446464   ----a-w   c:\windows\system32\Photomatix_jpg.dll
2009-04-18 11:45 . 2007-07-12 13:17   167936   ----a-w   c:\windows\system32\Photomatix25Lib3.dll
2009-04-18 11:45 . 2007-07-15 11:09   249856   ----a-w   c:\windows\system32\Photomatix25Lib2.dll
2009-04-18 11:45 . 2007-07-09 11:51   266240   ----a-w   c:\windows\system32\Photomatix25Lib.dll
2009-04-18 11:45 . 2009-04-18 11:53   --------   d-----w   c:\program files\Photomatix
2009-04-16 19:28 . 2009-03-03 03:04   666624   ----a-w   c:\windows\system32\printfilterpipelinesvc.exe
2009-04-16 19:28 . 2009-03-03 04:39   26112   ----a-w   c:\windows\system32\printfilterpipelineprxy.dll
2009-04-16 19:28 . 2009-03-03 04:39   183296   ----a-w   c:\windows\system32\sdohlp.dll
2009-04-16 19:28 . 2009-03-03 04:37   98304   ----a-w   c:\windows\system32\iasrecst.dll
2009-04-16 19:28 . 2009-03-03 04:37   44032   ----a-w   c:\windows\system32\iasdatastore.dll
2009-04-16 19:28 . 2009-03-03 04:37   54784   ----a-w   c:\windows\system32\iasads.dll
2009-04-16 19:28 . 2009-03-03 02:38   17408   ----a-w   c:\windows\system32\iashost.exe
2009-04-16 19:28 . 2009-02-13 08:49   1255936   ----a-w   c:\windows\system32\lsasrv.dll
2009-04-16 19:28 . 2009-02-13 08:49   72704   ----a-w   c:\windows\system32\secur32.dll
2009-04-16 19:28 . 2009-03-17 03:38   13824   ----a-w   c:\windows\system32\apilogen.dll
2009-04-16 19:28 . 2009-03-17 03:38   24064   ----a-w   c:\windows\system32\amxread.dll
2009-04-16 19:27 . 2008-12-06 04:42   376832   ----a-w   c:\windows\system32\winhttp.dll
2009-04-05 10:39 . 2009-04-05 10:39   --------   d-----w   c:\program files\TomTom International B.V

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 10:20 . 2008-06-26 21:14   424   ---ha-w   c:\windows\Tasks\User_Feed_Synchronization-{0B77F1B4-6616-4BAD-AB7B-CE0F3D571779}.job
2009-05-03 10:18 . 2006-11-02 13:01   6   ---ha-w   c:\windows\Tasks\SA.DAT
2009-05-03 10:17 . 2008-11-23 12:06   3252   ----a-w   c:\windows\bthservsdp.dat
2009-05-01 07:32 . 2008-05-10 07:53   136446   ----a-w   c:\users\wojtek\AppData\Roaming\nvModes.dat
2009-04-25 12:52 . 2006-12-05 05:22   662056   ----a-w   c:\windows\system32\perfh015.dat
2009-04-25 12:52 . 2006-12-05 05:22   126908   ----a-w   c:\windows\system32\perfc015.dat
2009-04-23 17:33 . 2008-10-31 19:21   512   ----a-w   c:\windows\system32\miscfg.tmp
2009-03-17 14:07 . 2009-03-17 14:07   410984   ----a-w   c:\windows\system32\deploytk.dll
2009-03-17 14:06 . 2009-03-17 14:06   --------   d-----w   c:\program files\Java
2009-03-17 03:38 . 2009-04-16 19:28   40960   ----a-w   c:\windows\AppPatch\apihex86.dll
2009-03-05 14:06 . 2009-03-05 14:06   --------   d-----w   c:\program files\Common Files\Adobe AIR
2009-03-05 14:06 . 2007-08-16 12:52   --------   d-----w   c:\program files\Common Files\Adobe
2009-03-03 04:46 . 2009-04-16 19:29   3599328   ----a-w   c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 19:29   3547632   ----a-w   c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 19:29   827392   ----a-w   c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 19:29   551424   ----a-w   c:\windows\system32\rpcss.dll
2009-03-03 04:37 . 2009-04-16 19:29   78336   ----a-w   c:\windows\system32\ieencode.dll
2009-03-03 02:28 . 2009-04-16 19:29   26624   ----a-w   c:\windows\system32\ieUnatt.exe
2009-02-16 15:13 . 2008-08-05 16:14   680   ----a-w   c:\users\wojtek\AppData\Local\d3d9caps.dat
2009-02-09 10:47 . 2008-07-12 15:48   70040   ----a-w   c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-02-09 10:46 . 2008-05-10 07:24   8224   ----a-w   c:\users\wojtek\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-09 03:10 . 2009-03-11 09:26   2033152   ----a-w   c:\windows\system32\win32k.sys
2009-02-08 19:03 . 2006-11-02 10:25   86016   ----a-w   c:\windows\inf\infpub.dat
2009-02-08 19:03 . 2006-11-02 10:25   143360   ----a-w   c:\windows\inf\infstrng.dat
2009-02-08 19:03 . 2006-11-02 10:25   143360   ----a-w   c:\windows\inf\infstor.dat
2008-10-16 10:24 . 2006-11-02 12:50   174   --sha-w   c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-22 8966760]
"TomTomHOME.exe"="d:\programy\TomTom HOME 2\TomTomHOMERunner.exe" [2009-03-18 251240]
"Internet Antivirus Pro"="c:\program files\Internet Antivirus Pro\IAPro.exe" [2009-05-02 1503232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-12 1286144]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-25 206952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-22 174872]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"iPlusManager"="c:\program files\iPlus\iPlusChecker.exe" [2008-05-30 409600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8470528]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-17 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"foronof"="c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\foronof.exe" [2009-05-02 64000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-16 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{24368811-638E-4AA5-AC42-291E8DD2CCB0}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{4ADF2998-3DCA-4A32-B24A-D5D7B7C20A99}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{F2C39C05-B469-48A7-A9EA-1771F3F8B48D}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{4E6EF43B-D83E-4170-8E22-AF1DA496E04C}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{CF0163C4-8748-4A52-9375-C407E35C21D1}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{ED7BC62C-EBB1-4D96-BDA7-732AF839FEF1}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{549EB022-BA5E-4DA5-90E5-B7C201BB9F41}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"TCP Query User{38DE159C-2DEA-4EED-A4D2-A7B0A4A0059D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{8343D220-C9E1-498F-A3BB-B9D8B345F6AF}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B8674F16-B415-439A-B32D-52FB86A3F693}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{384EF89A-E6E2-4C8A-872D-96FDB96CC360}d:\\programy\\flashget\\flashget.exe"= UDP:d:\programy\flashget\flashget.exe:FlashGet
"UDP Query User{F179359D-A32F-47D7-BC43-651D8B0D5015}d:\\programy\\flashget\\flashget.exe"= TCP:d:\programy\flashget\flashget.exe:FlashGet
"TCP Query User{ABAAEC0A-E0D2-488B-BB35-6398A05C0DCA}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
"UDP Query User{E247CBC1-7988-40C2-86E1-C3F8107ACC64}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu beta
"TCP Query User{FB62503C-425B-4628-932C-3B25F7DCCB08}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{46D819B6-AD95-4F0C-A2E8-0236CE4A0C92}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{70050978-B389-4207-9EE4-9121F799890E}"= UDP:8461:GoD High Port
"{D4341DE6-023D-4A89-8653-0E61B437A344}"= UDP:8462:GoD Low Port
"TCP Query User{749B640C-A4C9-49C5-9E16-4001DCE210AC}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{3F78186E-A597-4928-98E0-CD0FA98AC6E1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{88AB94C1-142F-4384-A6B5-6995DDCF7171}"= UDP:h:\norton_removal_tool\SymNRT.exe:Norton Removal Tool
"{ED39855F-1850-49AE-BF1F-BBB94B58F00C}"= TCP:h:\norton_removal_tool\SymNRT.exe:Norton Removal Tool
"{F427ABA1-1F2F-48AD-B7C4-9817BADCC78C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5D017746-0781-4AAD-A976-3689DBFCFDA7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
R3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
R3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
R3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
R3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]
R3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0[/u]00.fcl [2006-11-03 03:51 13560]
S2 ITGrdEngine;Guard Service;c:\users\wojtek\AppData\Local\Microsoft\Windows\services.exe [2009-05-02 193536]
S2 NtfsSvc;Microsoft NtfsSvc Manager Service;c:\windows\System\updates.exe [2009-04-23 40960]
S2 TomTomHOMEService;TomTomHOMEService;d:\programy\TomTom HOME 2\TomTomHOMEService.exe [2009-03-18 92008]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b9daf64-ee8c-11dd-877c-8475aa859c5d}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{834e2c80-ee77-11dd-8da4-c63059538652}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{834e2c9f-ee77-11dd-8da4-c63059538652}]
\shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2cfa093-0a5d-11de-8ae0-cd552c1f61a1}]
\shell\AutoRun\command - H:\ioockw.bat
\shell\open\Command - H:\ioockw.bat
.
Zawartość folderu 'Zaplanowane zadania'

2009-05-03 c:\windows\Tasks\User_Feed_Synchronization-{0B77F1B4-6616-4BAD-AB7B-CE0F3D571779}.job
- c:\windows\system32\msfeedssync.exe [2008-06-20 07:33]
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://pl.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download All with FlashGet - d:\programy\FlashGet\jc_all.htm
IE: &Download with FlashGet - d:\programy\FlashGet\jc_link.htm
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm185YYPL
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {8D27578B-DD11-4C5E-9CB8-11507F67BD9D} = 212.2.96.54 212.2.96.53
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 12:20
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'Explorer.exe'(4256)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\System32\conime.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPlus\iPlusManager.exe
c:\acer\Empowering Technology\eNet\eNMTray.exe
c:\users\wojtek\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\ePower\ePower_DMC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\acer\Empowering Technology\eRecovery\eRAgent.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Czas ukończenia: 2009-05-03 12:24 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-05-03 10:24

Przed: 20 130 385 920 bajtów wolnych
Po: 22 063 443 968 bajtów wolnych

484   --- E O F ---   2009-05-01 09:44


[Okocza]

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka