ComboFix.txt

Proszę o analizę loga Combofix

Witam Z czystej ciekawo¶ci uruchomiłem ten program ,ażeby upewnić się czy wszystko jest ok. Program się uruchomił , informował co robi i po restarcie utworzył plik .txt Tyle że po owym restarcie : Zamiast uruchomić system wł±cza się opcja samsung recovery i domaga się przywrócenia b±dĽ wgrania kopii zapasowej,po ominięciu i uruchomieniu systemu , Windows informuje że brak jest sterowników wyj¶ciowego urz±dzenia audio . Dlaczego tak się stało? Notebook Samsung NP-SA11 FS01PL Windows Vista


ComboFix 09-03-10.03 - Ania & Piotr 2009-03-11 15:25:59.1 - NTFSx86
Microsoft(R) Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.3066.1810 [GMT 1:00]
Uruchomiony z: c:\users\Ania & Piotr\Desktop\ComboFix.exe
* Utworzono nowy punkt przywracania
.
[i] ADS - Windows: deleted 24 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\msetup
c:\windows\msetup\BASW-00503A63\data1.cab
c:\windows\msetup\BASW-00503A63\data1.hdr
c:\windows\msetup\BASW-00503A63\data2.cab
c:\windows\msetup\BASW-00503A63\engine32.cab
c:\windows\msetup\BASW-00503A63\layout.bin
c:\windows\msetup\BASW-00503A63\PlayCamera\CameraOn.wav
c:\windows\msetup\BASW-00503A63\PlayCamera\Click.wav
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_chs_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_cht_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_deu_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_eng_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_esp_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_fra_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_ita_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_kor_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_ptg_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_rus_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\Help\PlayCamera_ukr_s.chm
c:\windows\msetup\BASW-00503A63\PlayCamera\HookDllPS2.dll
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\Back_Big.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\Back_Small.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\gbCancel.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\gbHelp.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\gbOk.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\gbOpen.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\gbPreviewOff.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\gbPreviewOn.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\gbRecordOff.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\gbRecordOn.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\gbSnap.bmp
c:\windows\msetup\BASW-00503A63\PlayCamera\Images\PlayCamera.ico
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_chs.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_cht.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_deu.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_eng.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_esp.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_fra.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_ita.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_kor.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_ptg.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_rus.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\Language\PlayCamera_ukr.txt
c:\windows\msetup\BASW-00503A63\PlayCamera\PlayCamera.exe
c:\windows\msetup\BASW-00503A63\PlayCamera\SSHook.dll
c:\windows\msetup\BASW-00503A63\PlayCamera\Uninst.ico
c:\windows\msetup\BASW-00503A63\setup.exe
c:\windows\msetup\BASW-00503A63\setup.ibt
c:\windows\msetup\BASW-00503A63\setup.ini
c:\windows\msetup\BASW-00503A63\setup.iss
c:\windows\msetup\BASW-00503A63\SWDesc.txt
c:\windows\msetup\BASW-01038A02\ChgWLANSettings.exe
c:\windows\msetup\MSetup.exe
c:\windows\msetup\MSetupLog.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Us?ugi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Pliki utworzone od 2009-02-11 do 2009-03-11 )))))))))))))))))))))))))))))))
.

2009-03-10 18:08 . 2009-03-10 18:08 3,337 --a------ C:\DSCF00142.jpg
2009-03-10 18:04 . 2009-03-10 18:13 & lt; DIR & gt; d-------- c:\users\Ania & Piotr\AppData\Roaming\Nowe Gadu-Gadu
2009-03-10 18:04 . 2009-03-10 19:55 & lt; DIR & gt; d-------- c:\program files\Nowe Gadu-Gadu
2009-03-09 20:57 . 2009-03-09 20:57 & lt; DIR & gt; d-------- c:\program files\Common Files\Autodata Limited Shared
2009-03-04 20:06 . 1997-11-19 15:49 303,616 --a------ c:\windows\IsUninst.exe
2009-03-02 19:12 . 2009-03-02 19:13 & lt; DIR & gt; d-------- c:\users\Ania & Piotr\AppData\Roaming\RaimaRadioPro
2009-02-28 12:22 . 2009-02-28 12:22 & lt; DIR & gt; d-------- c:\program files\PDF Password Remover v3.0
2009-02-23 17:11 . 1999-06-18 22:49 165,888 --a------ c:\windows\Ckconfig.exe
2009-02-23 17:11 . 2006-09-22 00:33 69,632 --a------ c:\windows\System32\Crypserv.exe
2009-02-23 17:11 . 2006-01-10 03:47 31,846 --a------ c:\windows\System32\Ckldrv.sys
2009-02-23 17:11 . 1996-05-03 18:21 27,648 -ra------ c:\windows\Setup_ck.exe
2009-02-23 17:11 . 1996-05-03 16:36 18,432 --a------ c:\windows\Setup_ck.dll
2009-02-23 17:11 . 1995-07-04 19:33 11,776 --a------ c:\windows\Ckrfresh.exe
2009-02-23 16:27 . 2009-02-23 16:27 & lt; DIR & gt; d-------- c:\users\All Users\WorkshopData
2009-02-23 16:27 . 2009-02-23 16:27 & lt; DIR & gt; d-------- c:\programdata\WorkshopData
2009-02-23 16:27 . 2009-02-23 17:11 138 --a------ c:\windows\Crypkey.ini
2009-02-23 16:19 . 2009-02-23 16:27 & lt; DIR & gt; d--h----- c:\program files\Zero G Registry
2009-02-23 16:18 . 2009-02-23 16:18 & lt; DIR & gt; d--h----- c:\users\Ania & Piotr\InstallAnywhere
2009-02-21 22:02 . 2009-02-21 22:02 & lt; DIR & gt; d-------- c:\users\Ania & Piotr\AppData\Roaming\23doors
2009-02-21 21:52 . 2009-02-21 21:52 410,984 --a------ c:\windows\System32\deploytk.dll
2009-02-21 21:51 . 2009-02-21 21:51 & lt; DIR & gt; d-------- c:\program files\Java
2009-02-13 08:52 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-13 08:52 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-13 08:52 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-13 08:52 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-13 08:52 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 09:09 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 09:09 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 13:41 32,536 ----a-w c:\users\All Users\nvModes.dat
2009-03-11 13:41 32,536 ----a-w c:\programdata\nvModes.dat
2009-03-11 00:49 --------- d-----w c:\programdata\Google Updater
2009-03-10 18:45 --------- d---a-w c:\programdata\TEMP
2009-03-10 17:15 --------- d-----w c:\program files\Gadu-Gadu
2009-03-02 16:59 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\IrfanView
2009-02-26 18:18 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\Skype
2009-02-26 15:59 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\skypePM
2009-02-14 21:03 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\VSO
2009-02-13 07:53 --------- d-----w c:\program files\Windows Mail
2009-02-10 15:26 --------- d-----w c:\program files\Real Alternative
2009-02-09 09:50 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\streamripper
2009-02-05 18:32 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\ipla
2009-02-05 18:29 1,700,352 ----a-w c:\windows\System32\gdiplus.dll
2009-02-05 18:29 --------- d-----w c:\programdata\ipla
2009-02-05 18:29 --------- d-----w c:\program files\ipla
2009-02-03 15:09 --------- d-----w c:\program files\VSO
2009-02-02 16:15 --------- d-----w c:\programdata\Laconic Software
2009-02-01 16:32 --------- d-----w c:\program files\IncrediMail
2009-01-31 17:38 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 16:58 --------- d-----w c:\program files\Lavalys
2009-01-30 15:44 80,384 ----a-w C:\NESTER.EXE
2009-01-25 22:48 --------- d-----w c:\program files\Google
2009-01-23 17:19 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\Gearbox Software
2009-01-23 16:58 --------- d-----w c:\program files\Ubisoft
2009-01-21 18:42 --------- d-----w c:\program files\Turtle Odyssey 3-in-1
2009-01-20 17:52 --------- d-----w c:\programdata\PopCap Games
2009-01-17 17:05 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\TeamViewer
2009-01-16 18:58 --------- d-----w c:\program files\TeamViewer
2009-01-15 16:46 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\AVI ReComp
2009-01-14 19:18 --------- d-----w c:\program files\Xvid
2009-01-14 19:18 --------- d-----w c:\program files\Gabest
2009-01-14 19:18 --------- d-----w c:\program files\AviSynth 2.5
2009-01-14 19:18 --------- d-----w c:\program files\AVI ReComp
2009-01-14 17:03 --------- d-----w c:\programdata\Microsoft Help
2009-01-13 08:45 954,368 ----a-w c:\windows\system32\drivers\athr.sys
2009-01-12 18:55 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\DAEMON Tools Pro
2009-01-10 18:58 418,480 ----a-w c:\windows\System32\wrap_oal.dll
2009-01-10 18:58 115,432 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-26 15:26 545,280 ----a-w c:\windows\flashax.exe
2008-12-26 15:26 12,288 ----a-w c:\windows\impborl.dll
2008-11-05 09:57 22,328 ----a-w c:\users\Ania & Piotr\AppData\Roaming\PnkBstrK.sys
2008-09-15 07:32 558,551 --sha-r c:\program files\Norton2009Reset.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" WMPNSCFG " = " c:\program files\Windows Media Player\WMPNSCFG.exe " [2008-01-21 202240]
" SmartRAM " = " c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe " [2009-01-06 202064]
" DAEMON Tools Pro Agent " = " c:\program files\DAEMON Tools Pro\DTProAgent.exe " [2007-09-06 136136]
" Active Desktop Calendar " = " c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe " [2008-08-13 3780608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" SynTPEnh " = " c:\program files\Synaptics\SynTP\SynTPEnh.exe " [2007-10-26 1029416]
" NvCplDaemon " = " c:\windows\system32\NvCpl.dll " [2008-10-07 13584928]
" NvMediaCenter " = " c:\windows\system32\NvMcTray.dll " [2008-10-07 92704]
" SunJavaUpdateSched " = " c:\program files\Java\jre6\bin\jusched.exe " [2009-02-21 148888]
" RtHDVCpl " = " RtHDVCpl.exe " [2008-04-17 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" EnableUIADesktopToggle " = 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
" msacm.l3codecp " = l3codecp.acm
" msacm.clmp3enc " = c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
" vidc.tscc " = c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
" DisableMonitoring " =dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1318546717-2813108111-1262065269-1003]
" EnableNotifications " =dword:00000001
" EnableNotificationsRef " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
" EnableFirewall " = 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
" {665C7918-7F5E-43FB-B375-2D0A06DD6B43} " = Profile=Private|c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
" {EBC19711-5F0B-4920-BE3E-55A9E06011D8} " = Profile=Private|c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
" TCP Query User{F1BC478C-E530-432C-84E4-945E9F47D810}c:\\program files\\mozilla firefox\\firefox.exe " = UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
" UDP Query User{E1D400D2-3685-4E0D-B2E4-9025417FD525}c:\\program files\\mozilla firefox\\firefox.exe " = TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
" TCP Query User{A0B85401-56F3-4632-9201-13B4F970C618}c:\\program files\\bittornado\\btdownloadgui.exe " = UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
" UDP Query User{E8D18031-5E85-413E-9DDF-44FEE8A8CD1D}c:\\program files\\bittornado\\btdownloadgui.exe " = TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
" TCP Query User{50F2C0B9-6B8F-46B4-AF67-FF796DCB1E25}c:\\program files\\bitcomet\\bitcomet.exe " = UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
" UDP Query User{1D16A71E-13CA-434C-AAD1-7E8DB31EB44D}c:\\program files\\bitcomet\\bitcomet.exe " = TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
" {51792CF7-A0CE-4E58-A724-A102CFD908E5} " = Disabled:c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
" {E0E62FC7-1334-4C94-9886-910518333D7D} " = Disabled:c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
" TCP Query User{17845A71-64AC-4E1F-88B4-2B857F30EAD0}c:\\users\\ania & piotr\\documents\\god\\god.exe " = Disabled:UDP:c:\users\ania & piotr\documents\god\god.exe:god.exe
" UDP Query User{3D7F1A1F-AB07-4704-B15C-6ADC602127B1}c:\\users\\ania & piotr\\documents\\god\\god.exe " = Disabled:TCP:c:\users\ania & piotr\documents\god\god.exe:god.exe
" TCP Query User{786E2F4D-EA2A-4B96-815C-50BE327ABBA8}c:\\program files\\bitcomet\\bitcomet.exe " = UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
" UDP Query User{3EE3B166-83D9-4FB8-A43F-223725CC3A90}c:\\program files\\bitcomet\\bitcomet.exe " = TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
" TCP Query User{80881CF8-B203-44F3-B59E-1A5D4939B1E3}c:\\program files\\mozilla firefox\\firefox.exe " = UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
" UDP Query User{8E8803FC-14A2-44BC-93B4-7540F041A40B}c:\\program files\\mozilla firefox\\firefox.exe " = TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
" TCP Query User{C38F65A2-715D-4E49-9158-A189772805B9}c:\\users\\ania & piotr\\desktop\\v\\emule0.49b-xtreme7.0\\emule.exe " = UDP:c:\users\ania & piotr\desktop\v\emule0.49b-xtreme7.0\emule.exe:emule.exe
" UDP Query User{B262F72F-2553-47DE-9FDE-17CB335379C2}c:\\users\\ania & piotr\\desktop\\v\\emule0.49b-xtreme7.0\\emule.exe " = TCP:c:\users\ania & piotr\desktop\v\emule0.49b-xtreme7.0\emule.exe:emule.exe
" TCP Query User{57A0F26E-08E9-4786-A2CE-28ADAAC4FD63}d:\\gry\\program files\\cod\\codmp.exe " = UDP:d:\gry\program files\cod\codmp.exe:CoDMP
" UDP Query User{CB319570-E930-4D12-964E-9F2E34A5CAEA}d:\\gry\\program files\\cod\\codmp.exe " = TCP:d:\gry\program files\cod\codmp.exe:CoDMP
" {C3659471-8BF3-4CDD-972A-BA9EAC9CE0FA} " = UDP:25278:BitComet 25278 TCP
" {2F5E6710-D5DA-4EF6-A678-89925066CE80} " = TCP:25278:BitComet 25278 UDP
" {9B4CF280-7ECD-4417-9CFE-9E53E5532A87} " = UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
" {387792F1-B48F-431D-A4F4-578460736751} " = TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
" {E3BDAB72-2D6F-458C-85EE-34958F4F8075} " = UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
" {9325BF53-01F7-428F-84CC-63B6C6AC77F0} " = TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
" {34D1CB45-7ED9-4E1D-AB9C-B8D92F3A8DB7} " = UDP:d:\gry\Program Files\CallofDuty4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
" {E701648D-CE90-43CC-B73A-5BDD2B8EB727} " = TCP:d:\gry\Program Files\CallofDuty4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
" {790955F4-C1F2-42ED-8579-E1979C268039} " = UDP:d:\gry\Program Files\mohaA\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
" {D931C9C4-D616-4AA5-A9A2-D0B961589529} " = TCP:d:\gry\Program Files\mohaA\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
" TCP Query User{2C577FAF-407F-4057-8D2B-089C5C324DCE}d:\\obrazy\\counter strike\\xtcs counter-strike 1.6 final release\\cstrike.exe " = UDP:d:\obrazy\counter strike\xtcs counter-strike 1.6 final release\cstrike.exe:XTCS Counter-Strike 1.6 Final Release
" UDP Query User{40CC71BA-2AC3-4EDB-A2B7-A23D2A25CC30}d:\\obrazy\\counter strike\\xtcs counter-strike 1.6 final release\\cstrike.exe " = TCP:d:\obrazy\counter strike\xtcs counter-strike 1.6 final release\cstrike.exe:XTCS Counter-Strike 1.6 Final Release
" TCP Query User{7E3850D4-F077-4708-99C8-F0A0B4CF29D1}c:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe " = UDP:c:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
" UDP Query User{3F3C8097-315D-419D-90EF-A5C7187899FA}c:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe " = TCP:c:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
" TCP Query User{FD29D3E7-16B6-4DEF-9919-E5E6DBC6326C}c:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe " = UDP:c:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
" UDP Query User{EFB0B1F6-C201-4FF9-B005-C279D6260C1F}c:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe " = TCP:c:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
" {70FB6086-2A01-4941-93C7-AC77270997A6} " = UDP:25278:BitComet 25278 TCP
" {DC7CA0BB-E064-43F9-A0E3-875CB2BEE305} " = TCP:25278:BitComet 25278 UDP
" TCP Query User{BE134285-54C9-4D85-B256-03956D0252B6}c:\\program files\\gadu-gadu\\gg.exe " = UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program g?ówny
" UDP Query User{43925D9D-FE6E-4EDF-B6B5-9F325BEC1D28}c:\\program files\\gadu-gadu\\gg.exe " = TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program g?ówny
" {ED996B90-5E5C-4E49-AB55-9DAB5D812756} " = c:\program files\Skype\Phone\Skype.exe:Skype
" {F25239EE-3BF4-4017-9814-169F7EDE3E58} " = UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
" {89D07AD8-236D-42A0-AF90-98E812B61F6C} " = TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
" {E47970D7-DC93-4E41-BF8A-F3B549E75D58} " = UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
" {F73A1FF3-675E-4690-80B1-F09909FB32B7} " = TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
" {57A5A587-E1EE-4044-93B3-CF13D30E240B} " = UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
" {9872ADDE-FD87-45E4-81B4-64F9DAA10771} " = TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
" {1F6C0A87-DE11-4D1A-BB1E-E3FF294CEA0B} " = Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
" {4C4F140E-CAA2-4303-8A4F-610EFA5CB183} " = Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
" {7BE8A664-513D-41FF-885D-A3812C3342C7} " = Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
" {ED7804B0-68FB-4DA0-B26A-953E4EF95F80} " = Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
" {BF4B70D1-1551-4534-A70B-BCCA0A9CCAB1} " = UDP:d:\gry\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
" {371EAF0D-16AC-4CC5-872C-F362A30E2343} " = TCP:d:\gry\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
" {3F313CB1-58B2-4744-BA2B-A0F873011F30} " = UDP:d:\gry\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
" {6EA63AAB-0158-442F-B16C-DF55B69A57A3} " = TCP:d:\gry\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
" {F8ACF690-94CA-4A72-93C7-5E0D69904258} " = Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
" {D8E7A85F-3BA0-40F3-A6B4-2EE4CBCC406E} " = Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
" {0CE56E14-EC71-4123-A628-28013FB31D99} " = UDP:c:\program files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:FEARXP2
" {0B6A0538-8B2F-45DC-AD52-846EACF9A1F9} " = TCP:c:\program files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:FEARXP2
" {E1188FE6-CBD4-4174-93D5-3423051D6296} " = UDP:d:\gry\Program Files\JBond\JB_LiveEngine_s.exe:Quantum of Solace
" {F976DEDD-97D3-4421-AFB6-42AB078DD4F3} " = TCP:d:\gry\Program Files\JBond\JB_LiveEngine_s.exe:Quantum of Solace
" {081B3CB8-B4DA-447C-A158-B9274986811E} " = Disabled:UDP:c:\users\Ania & Piotr\AppData\Local\Temp\ImInstaller\FreeEcardMovies_Installer.exe:IncrediMail Installer
" {F48BEDD3-0517-4669-BA3A-D4070757C3FF} " = Disabled:TCP:c:\users\Ania & Piotr\AppData\Local\Temp\ImInstaller\FreeEcardMovies_Installer.exe:IncrediMail Installer
" {1C117EA7-CB3A-4629-8174-9EBAFF4550DF} " = UDP:d:\gry\Program Files\the club\Launcher.exe:The Club Launcher
" {7CF3498B-B981-4367-B7F0-B584862191A5} " = TCP:d:\gry\Program Files\the club\Launcher.exe:The Club Launcher
" {8CA5C208-5714-4DFE-AAE1-755B2EA32389} " = UDP:d:\gry\Program Files\the club\TheClub.exe:The Club
" {9D8ED055-0F31-4907-AF23-28C66AADC1FC} " = TCP:d:\gry\Program Files\the club\TheClub.exe:The Club
" {9A4F76D1-B4D8-421C-B2CE-C6A846600E45} " = TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
" {17F6B879-7FAA-4D54-BEA0-EE687707DFDB} " = UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
" {AFC26FBF-69B4-4702-96D1-41327EFB2DA5} " = TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
" {582975D2-87AE-45F0-AA03-C4A8935F4753} " = UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
" {6CDB642D-DA4D-41B7-9E84-D1E9315C1F0B} " = TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
" {3246662A-E26E-4931-97E1-6E39D7662CC2} " = UDP:d:\gry\Program Files\Bionic komando\bcr.exe:Bionic Commando Rearmed
" {2F1B1202-E307-42D1-89EE-5B7C31B12481} " = TCP:d:\gry\Program Files\Bionic komando\bcr.exe:Bionic Commando Rearmed
" {04DB9BCE-20A4-4397-844E-ED06DC31031F} " = Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
" {9B93F423-0E92-45BA-9435-6616A1FED237} " = Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
" {85597CE4-D24B-4EA3-BB91-2CE6DDBCB3D5} " = Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
" {02FE3F5F-E5B4-463F-881F-B3B97459544B} " = Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
" {1B03C974-F94C-46DA-9C47-60D5E025CFE2} " = Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
" {3B6C410A-DC01-427F-BCA1-FDAF67A152A8} " = Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
" TCP Query User{5490B988-8CC4-4265-81B9-1CD1D023AA87}c:\\program files\\nowe gadu-gadu\\gg.exe " = UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
" UDP Query User{664C34D0-6D93-42B1-91D9-8F7772A397F0}c:\\program files\\nowe gadu-gadu\\gg.exe " = TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
" EnableFirewall " = 0 (0x0)

R0 hotcore3;Hotcore helper;c:\windows\System32\drivers\hotcore3.sys [2008-11-29 40496]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-16 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1002000.007\cchpx86.sys [2008-12-16 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090309.001\IDSvix86.sys [2009-03-10 292912]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2008-07-16 13312]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-16 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1002000.007\symndisv.sys [2008-12-16 40496]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [2008-07-16 242560]
S2 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-10-01 558551]
S3 NETw5v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-05-20 3663360]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [2008-01-07 25088]

--- Inne Us?ugi/Sterowniki w Pami?ci ---

*Deregistered* - sptd
*Deregistered* - SymEFA

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dca531d-fbf0-11dd-bef8-001fe2ef3d0e}]
\shell\AutoRun\command - hszhnu.exe
\shell\explore\Command - hszhnu.exe
\shell\open\Command - hszhnu.exe
.
Zawartośae folderu 'Zaplanowane zadania'

2009-03-11 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-01-06 11:32]

2009-03-11 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-07 17:23]

2009-03-10 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-06 11:37]

2009-03-10 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-03-11 15:38]

2009-03-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-25 23:46]
.
- - - - USUNI?TO PUSTE WPISY - - - -

HKLM-Run-Application Booster - vbohost.exe
HKLM-RunServices-Application Booster - vbohost.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe


.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://mystart.incredimail.com/
IE: & Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Wyślij obraz do urz?dzenia & Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stron? do urz?dzenia & Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
FF - ProfilePath - c:\users\Ania & Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\9qdcceiu.default\
FF - prefs.js: browser.search.selectedEngine - google
FF - prefs.js: browser.startup.homepage - hxxp://google.pl
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar & search=
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Ania & Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\9qdcceiu.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 15:39:06
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie uko?czone
ukryte pliki:

**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------

- - - - - - - & gt; 'Explorer.exe'(1844)
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Pozosta?e uruchomione procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\System32\Crypserv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Czas uko?czenia: 2009-03-11 15:44:21 - komputer zosta? uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-11 14:43:36

Przed: 582 770 688 bajtów wolnych
Po: 417,460,224 bajtów wolnych

406 --- E O F --- 2009-02-13 07:59:17


Download file - link to post
  Search 5 million + Products