ComboFix.txt

Proszę o analizę loga Combofix

zrobiłem co przykazane, chyba dobrze,je¶li chodzi o blokadę tego mountpoints2 ? oto logi "po" co dalej? czy co¶ nie schrzaniłem? co w sumie jest -było nie tak że potrzeba tylu operacji? A i po kolejnym uruchomieniu systemu-po użyciu combo - znów brak sterowników audio - dlaczego to co¶ usilnie pozbawia mnie głosu?? przeciez to oryginalne sterowniki samsunga?


ComboFix 09-03-10.03 - Ania & Piotr 2009-03-11 19:45:30.2 - NTFSx86
Microsoft(R) Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.3066.2224 [GMT 1:00]
Uruchomiony z: c:\users\Ania & Piotr\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Pliki utworzone od 2009-02-11 do 2009-03-11 )))))))))))))))))))))))))))))))
.

2009-03-11 19:35 . 2009-03-11 19:35 & lt; DIR & gt; d-------- c:\program files\Trend Micro
2009-03-10 18:08 . 2009-03-10 18:08 3,337 --a------ C:\DSCF00142.jpg
2009-03-10 18:04 . 2009-03-10 18:13 & lt; DIR & gt; d-------- c:\users\Ania & Piotr\AppData\Roaming\Nowe Gadu-Gadu
2009-03-10 18:04 . 2009-03-10 19:55 & lt; DIR & gt; d-------- c:\program files\Nowe Gadu-Gadu
2009-03-09 20:57 . 2009-03-09 20:57 & lt; DIR & gt; d-------- c:\program files\Common Files\Autodata Limited Shared
2009-03-04 20:06 . 1997-11-19 15:49 303,616 --a------ c:\windows\IsUninst.exe
2009-03-02 19:12 . 2009-03-02 19:13 & lt; DIR & gt; d-------- c:\users\Ania & Piotr\AppData\Roaming\RaimaRadioPro
2009-02-28 12:22 . 2009-02-28 12:22 & lt; DIR & gt; d-------- c:\program files\PDF Password Remover v3.0
2009-02-23 17:11 . 1999-06-18 22:49 165,888 --a------ c:\windows\Ckconfig.exe
2009-02-23 17:11 . 2006-09-22 00:33 69,632 --a------ c:\windows\System32\Crypserv.exe
2009-02-23 17:11 . 2006-01-10 03:47 31,846 --a------ c:\windows\System32\Ckldrv.sys
2009-02-23 17:11 . 1996-05-03 18:21 27,648 -ra------ c:\windows\Setup_ck.exe
2009-02-23 17:11 . 1996-05-03 16:36 18,432 --a------ c:\windows\Setup_ck.dll
2009-02-23 17:11 . 1995-07-04 19:33 11,776 --a------ c:\windows\Ckrfresh.exe
2009-02-23 16:27 . 2009-02-23 16:27 & lt; DIR & gt; d-------- c:\users\All Users\WorkshopData
2009-02-23 16:27 . 2009-02-23 16:27 & lt; DIR & gt; d-------- c:\programdata\WorkshopData
2009-02-23 16:27 . 2009-02-23 17:11 138 --a------ c:\windows\Crypkey.ini
2009-02-23 16:19 . 2009-02-23 16:27 & lt; DIR & gt; d--h----- c:\program files\Zero G Registry
2009-02-23 16:18 . 2009-02-23 16:18 & lt; DIR & gt; d--h----- c:\users\Ania & Piotr\InstallAnywhere
2009-02-21 22:02 . 2009-02-21 22:02 & lt; DIR & gt; d-------- c:\users\Ania & Piotr\AppData\Roaming\23doors
2009-02-21 21:52 . 2009-02-21 21:52 410,984 --a------ c:\windows\System32\deploytk.dll
2009-02-21 21:51 . 2009-02-21 21:51 & lt; DIR & gt; d-------- c:\program files\Java
2009-02-13 08:52 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-13 08:52 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-13 08:52 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-13 08:52 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-13 08:52 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 09:09 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 09:09 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 15:12 --------- d-----w c:\programdata\NVIDIA
2009-03-11 14:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 13:41 32,536 ----a-w c:\users\All Users\nvModes.dat
2009-03-11 13:41 32,536 ----a-w c:\programdata\nvModes.dat
2009-03-11 00:49 --------- d-----w c:\programdata\Google Updater
2009-03-10 18:45 --------- d---a-w c:\programdata\TEMP
2009-03-10 17:15 --------- d-----w c:\program files\Gadu-Gadu
2009-03-02 16:59 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\IrfanView
2009-02-26 18:18 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\Skype
2009-02-26 15:59 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\skypePM
2009-02-14 21:03 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\VSO
2009-02-13 07:53 --------- d-----w c:\program files\Windows Mail
2009-02-10 15:26 --------- d-----w c:\program files\Real Alternative
2009-02-09 09:50 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\streamripper
2009-02-05 18:32 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\ipla
2009-02-05 18:29 1,700,352 ----a-w c:\windows\System32\gdiplus.dll
2009-02-05 18:29 --------- d-----w c:\programdata\ipla
2009-02-05 18:29 --------- d-----w c:\program files\ipla
2009-02-03 15:09 --------- d-----w c:\program files\VSO
2009-02-02 16:15 --------- d-----w c:\programdata\Laconic Software
2009-02-01 16:32 --------- d-----w c:\program files\IncrediMail
2009-01-31 16:58 --------- d-----w c:\program files\Lavalys
2009-01-30 15:44 80,384 ----a-w C:\NESTER.EXE
2009-01-25 22:48 --------- d-----w c:\program files\Google
2009-01-23 17:19 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\Gearbox Software
2009-01-23 16:58 --------- d-----w c:\program files\Ubisoft
2009-01-21 18:42 --------- d-----w c:\program files\Turtle Odyssey 3-in-1
2009-01-20 17:52 --------- d-----w c:\programdata\PopCap Games
2009-01-17 17:05 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\TeamViewer
2009-01-16 18:58 --------- d-----w c:\program files\TeamViewer
2009-01-15 16:46 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\AVI ReComp
2009-01-14 19:18 --------- d-----w c:\program files\Xvid
2009-01-14 19:18 --------- d-----w c:\program files\Gabest
2009-01-14 19:18 --------- d-----w c:\program files\AviSynth 2.5
2009-01-14 19:18 --------- d-----w c:\program files\AVI ReComp
2009-01-14 17:03 --------- d-----w c:\programdata\Microsoft Help
2009-01-13 08:45 954,368 ----a-w c:\windows\system32\drivers\athr.sys
2009-01-12 18:55 --------- d-----w c:\users\Ania & Piotr\AppData\Roaming\DAEMON Tools Pro
2009-01-10 18:58 418,480 ----a-w c:\windows\System32\wrap_oal.dll
2009-01-10 18:58 115,432 ----a-w c:\windows\System32\OpenAL32.dll
2008-12-26 15:26 545,280 ----a-w c:\windows\flashax.exe
2008-12-26 15:26 12,288 ----a-w c:\windows\impborl.dll
2008-11-05 09:57 22,328 ----a-w c:\users\Ania & Piotr\AppData\Roaming\PnkBstrK.sys
2008-09-15 07:32 558,551 --sha-r c:\program files\Norton2009Reset.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-03-11_15.41.32.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-05 15:30:14 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2009-03-11 14:58:03 51,200 ----a-w c:\windows\inf\infpub.dat
- 2009-02-05 15:26:57 86,016 ----a-w c:\windows\inf\infstor.dat
+ 2009-03-11 14:58:00 86,016 ----a-w c:\windows\inf\infstor.dat
- 2009-02-05 15:30:14 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2009-03-11 14:58:03 143,360 ----a-w c:\windows\inf\infstrng.dat
+ 2009-03-11 14:53:43 90,578 ----a-r c:\windows\Installer\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\ARPPRODUCTICON.exe
+ 2009-03-11 14:53:43 131,072 ----a-r c:\windows\Installer\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\SupClientApp.exe_8162F2AF1BD24E4E837FC95377F96401.exe
+ 2009-03-11 14:53:43 131,072 ----a-r c:\windows\Installer\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\SupClientApp.exe1_CE2363C612F141AB98F67EC43FED8218.exe
+ 2009-03-11 14:53:43 131,072 ----a-r c:\windows\Installer\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\SupClientApp.exe2_48D3E07A8289423A98D0E395FB7963C6.exe
+ 2009-03-11 14:53:43 40,960 ----a-r c:\windows\Installer\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\SUPHelp.exe1_EBE42EA6B05045DA93FA5B46277F6D80.exe
+ 2009-03-11 14:53:43 40,960 ----a-r c:\windows\Installer\{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}\SUPHelp.exe11_6C5812CA04E24A769466BF88165E31C8.exe
+ 2009-03-11 18:40:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-11 18:40:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-11 14:38:57 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-11 18:41:09 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-11 18:41:09 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-11 14:38:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-11 18:41:04 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-03-11 18:41:04 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-11 03:52:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-11 18:39:11 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-11 18:39:11 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
+ 2008-08-06 02:29:26 44,576 ----a-w c:\windows\System32\drivers\nvhda32v.sys
+ 2008-08-06 02:29:14 53,760 ----a-w c:\windows\System32\DriverStore\FileRepository\nvhda.inf_244c4d7f\nvapo32v.dll
+ 2008-08-02 00:46:04 122,880 ----a-w c:\windows\System32\DriverStore\FileRepository\nvhda.inf_244c4d7f\nvcohda.dll
+ 2008-08-06 02:29:26 44,576 ----a-w c:\windows\System32\DriverStore\FileRepository\nvhda.inf_244c4d7f\nvhda32v.sys
+ 2008-08-02 00:45:56 453,152 ----a-w c:\windows\System32\DriverStore\FileRepository\nvhda.inf_244c4d7f\nvuhda.exe
+ 2008-08-02 00:46:04 122,880 ----a-w c:\windows\System32\nvcohda.dll
+ 2008-08-02 00:45:56 453,152 ----a-w c:\windows\System32\nvuhda.exe
- 2009-03-10 16:09:59 101,250 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-11 18:47:59 101,250 ----a-w c:\windows\System32\perfc009.dat
- 2009-03-10 16:09:59 126,908 ----a-w c:\windows\System32\perfc015.dat
+ 2009-03-11 18:47:59 126,908 ----a-w c:\windows\System32\perfc015.dat
- 2009-03-10 16:09:59 587,178 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-11 18:47:59 587,178 ----a-w c:\windows\System32\perfh009.dat
- 2009-03-10 16:09:59 662,056 ----a-w c:\windows\System32\perfh015.dat
+ 2009-03-11 18:48:00 662,056 ----a-w c:\windows\System32\perfh015.dat
- 2009-03-10 01:54:40 11,464 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1318546717-2813108111-1262065269-1003_UserData.bin
+ 2009-03-11 18:41:55 11,592 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1318546717-2813108111-1262065269-1003_UserData.bin
- 2009-03-10 01:54:39 78,514 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-11 18:41:55 78,998 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-05 15:29:55 50,026 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-11 18:41:53 50,664 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-03-08 09:33:14 336,950 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-03-11 16:38:48 339,514 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" WMPNSCFG " = " c:\program files\Windows Media Player\WMPNSCFG.exe " [2008-01-21 202240]
" SmartRAM " = " c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe " [2009-01-06 202064]
" DAEMON Tools Pro Agent " = " c:\program files\DAEMON Tools Pro\DTProAgent.exe " [2007-09-06 136136]
" Active Desktop Calendar " = " c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe " [2008-08-13 3780608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" SynTPEnh " = " c:\program files\Synaptics\SynTP\SynTPEnh.exe " [2007-10-26 1029416]
" NvCplDaemon " = " c:\windows\system32\NvCpl.dll " [2008-10-07 13584928]
" NvMediaCenter " = " c:\windows\system32\NvMcTray.dll " [2008-10-07 92704]
" RtHDVCpl " = " RtHDVCpl.exe " [2008-04-17 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
" EnableUIADesktopToggle " = 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
" msacm.l3codecp " = l3codecp.acm
" msacm.clmp3enc " = c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
" vidc.tscc " = c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
" DisableMonitoring " =dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1318546717-2813108111-1262065269-1003]
" EnableNotifications " =dword:00000001
" EnableNotificationsRef " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
" EnableFirewall " = 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
" {665C7918-7F5E-43FB-B375-2D0A06DD6B43} " = Profile=Private|c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
" {EBC19711-5F0B-4920-BE3E-55A9E06011D8} " = Profile=Private|c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
" TCP Query User{F1BC478C-E530-432C-84E4-945E9F47D810}c:\\program files\\mozilla firefox\\firefox.exe " = UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
" UDP Query User{E1D400D2-3685-4E0D-B2E4-9025417FD525}c:\\program files\\mozilla firefox\\firefox.exe " = TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
" TCP Query User{A0B85401-56F3-4632-9201-13B4F970C618}c:\\program files\\bittornado\\btdownloadgui.exe " = UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
" UDP Query User{E8D18031-5E85-413E-9DDF-44FEE8A8CD1D}c:\\program files\\bittornado\\btdownloadgui.exe " = TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
" TCP Query User{50F2C0B9-6B8F-46B4-AF67-FF796DCB1E25}c:\\program files\\bitcomet\\bitcomet.exe " = UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
" UDP Query User{1D16A71E-13CA-434C-AAD1-7E8DB31EB44D}c:\\program files\\bitcomet\\bitcomet.exe " = TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
" {51792CF7-A0CE-4E58-A724-A102CFD908E5} " = Disabled:c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
" {E0E62FC7-1334-4C94-9886-910518333D7D} " = Disabled:c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
" TCP Query User{17845A71-64AC-4E1F-88B4-2B857F30EAD0}c:\\users\\ania & piotr\\documents\\god\\god.exe " = Disabled:UDP:c:\users\ania & piotr\documents\god\god.exe:god.exe
" UDP Query User{3D7F1A1F-AB07-4704-B15C-6ADC602127B1}c:\\users\\ania & piotr\\documents\\god\\god.exe " = Disabled:TCP:c:\users\ania & piotr\documents\god\god.exe:god.exe
" TCP Query User{786E2F4D-EA2A-4B96-815C-50BE327ABBA8}c:\\program files\\bitcomet\\bitcomet.exe " = UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
" UDP Query User{3EE3B166-83D9-4FB8-A43F-223725CC3A90}c:\\program files\\bitcomet\\bitcomet.exe " = TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
" TCP Query User{80881CF8-B203-44F3-B59E-1A5D4939B1E3}c:\\program files\\mozilla firefox\\firefox.exe " = UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
" UDP Query User{8E8803FC-14A2-44BC-93B4-7540F041A40B}c:\\program files\\mozilla firefox\\firefox.exe " = TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
" TCP Query User{C38F65A2-715D-4E49-9158-A189772805B9}c:\\users\\ania & piotr\\desktop\\v\\emule0.49b-xtreme7.0\\emule.exe " = UDP:c:\users\ania & piotr\desktop\v\emule0.49b-xtreme7.0\emule.exe:emule.exe
" UDP Query User{B262F72F-2553-47DE-9FDE-17CB335379C2}c:\\users\\ania & piotr\\desktop\\v\\emule0.49b-xtreme7.0\\emule.exe " = TCP:c:\users\ania & piotr\desktop\v\emule0.49b-xtreme7.0\emule.exe:emule.exe
" TCP Query User{57A0F26E-08E9-4786-A2CE-28ADAAC4FD63}d:\\gry\\program files\\cod\\codmp.exe " = UDP:d:\gry\program files\cod\codmp.exe:CoDMP
" UDP Query User{CB319570-E930-4D12-964E-9F2E34A5CAEA}d:\\gry\\program files\\cod\\codmp.exe " = TCP:d:\gry\program files\cod\codmp.exe:CoDMP
" {C3659471-8BF3-4CDD-972A-BA9EAC9CE0FA} " = UDP:25278:BitComet 25278 TCP
" {2F5E6710-D5DA-4EF6-A678-89925066CE80} " = TCP:25278:BitComet 25278 UDP
" {9B4CF280-7ECD-4417-9CFE-9E53E5532A87} " = UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
" {387792F1-B48F-431D-A4F4-578460736751} " = TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
" {E3BDAB72-2D6F-458C-85EE-34958F4F8075} " = UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
" {9325BF53-01F7-428F-84CC-63B6C6AC77F0} " = TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
" {34D1CB45-7ED9-4E1D-AB9C-B8D92F3A8DB7} " = UDP:d:\gry\Program Files\CallofDuty4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
" {E701648D-CE90-43CC-B73A-5BDD2B8EB727} " = TCP:d:\gry\Program Files\CallofDuty4\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
" {790955F4-C1F2-42ED-8579-E1979C268039} " = UDP:d:\gry\Program Files\mohaA\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
" {D931C9C4-D616-4AA5-A9A2-D0B961589529} " = TCP:d:\gry\Program Files\mohaA\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
" TCP Query User{2C577FAF-407F-4057-8D2B-089C5C324DCE}d:\\obrazy\\counter strike\\xtcs counter-strike 1.6 final release\\cstrike.exe " = UDP:d:\obrazy\counter strike\xtcs counter-strike 1.6 final release\cstrike.exe:XTCS Counter-Strike 1.6 Final Release
" UDP Query User{40CC71BA-2AC3-4EDB-A2B7-A23D2A25CC30}d:\\obrazy\\counter strike\\xtcs counter-strike 1.6 final release\\cstrike.exe " = TCP:d:\obrazy\counter strike\xtcs counter-strike 1.6 final release\cstrike.exe:XTCS Counter-Strike 1.6 Final Release
" TCP Query User{7E3850D4-F077-4708-99C8-F0A0B4CF29D1}c:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe " = UDP:c:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
" UDP Query User{3F3C8097-315D-419D-90EF-A5C7187899FA}c:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe " = TCP:c:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
" TCP Query User{FD29D3E7-16B6-4DEF-9919-E5E6DBC6326C}c:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe " = UDP:c:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
" UDP Query User{EFB0B1F6-C201-4FF9-B005-C279D6260C1F}c:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe " = TCP:c:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
" {70FB6086-2A01-4941-93C7-AC77270997A6} " = UDP:25278:BitComet 25278 TCP
" {DC7CA0BB-E064-43F9-A0E3-875CB2BEE305} " = TCP:25278:BitComet 25278 UDP
" TCP Query User{BE134285-54C9-4D85-B256-03956D0252B6}c:\\program files\\gadu-gadu\\gg.exe " = UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program g?ówny
" UDP Query User{43925D9D-FE6E-4EDF-B6B5-9F325BEC1D28}c:\\program files\\gadu-gadu\\gg.exe " = TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program g?ówny
" {ED996B90-5E5C-4E49-AB55-9DAB5D812756} " = c:\program files\Skype\Phone\Skype.exe:Skype
" {F25239EE-3BF4-4017-9814-169F7EDE3E58} " = UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
" {89D07AD8-236D-42A0-AF90-98E812B61F6C} " = TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
" {E47970D7-DC93-4E41-BF8A-F3B549E75D58} " = UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
" {F73A1FF3-675E-4690-80B1-F09909FB32B7} " = TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
" {57A5A587-E1EE-4044-93B3-CF13D30E240B} " = UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
" {9872ADDE-FD87-45E4-81B4-64F9DAA10771} " = TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
" {1F6C0A87-DE11-4D1A-BB1E-E3FF294CEA0B} " = Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
" {4C4F140E-CAA2-4303-8A4F-610EFA5CB183} " = Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
" {7BE8A664-513D-41FF-885D-A3812C3342C7} " = Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
" {ED7804B0-68FB-4DA0-B26A-953E4EF95F80} " = Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
" {BF4B70D1-1551-4534-A70B-BCCA0A9CCAB1} " = UDP:d:\gry\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
" {371EAF0D-16AC-4CC5-872C-F362A30E2343} " = TCP:d:\gry\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
" {3F313CB1-58B2-4744-BA2B-A0F873011F30} " = UDP:d:\gry\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
" {6EA63AAB-0158-442F-B16C-DF55B69A57A3} " = TCP:d:\gry\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
" {F8ACF690-94CA-4A72-93C7-5E0D69904258} " = Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
" {D8E7A85F-3BA0-40F3-A6B4-2EE4CBCC406E} " = Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
" {0CE56E14-EC71-4123-A628-28013FB31D99} " = UDP:c:\program files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:FEARXP2
" {0B6A0538-8B2F-45DC-AD52-846EACF9A1F9} " = TCP:c:\program files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:FEARXP2
" {E1188FE6-CBD4-4174-93D5-3423051D6296} " = UDP:d:\gry\Program Files\JBond\JB_LiveEngine_s.exe:Quantum of Solace
" {F976DEDD-97D3-4421-AFB6-42AB078DD4F3} " = TCP:d:\gry\Program Files\JBond\JB_LiveEngine_s.exe:Quantum of Solace
" {081B3CB8-B4DA-447C-A158-B9274986811E} " = Disabled:UDP:c:\users\Ania & Piotr\AppData\Local\Temp\ImInstaller\FreeEcardMovies_Installer.exe:IncrediMail Installer
" {F48BEDD3-0517-4669-BA3A-D4070757C3FF} " = Disabled:TCP:c:\users\Ania & Piotr\AppData\Local\Temp\ImInstaller\FreeEcardMovies_Installer.exe:IncrediMail Installer
" {1C117EA7-CB3A-4629-8174-9EBAFF4550DF} " = UDP:d:\gry\Program Files\the club\Launcher.exe:The Club Launcher
" {7CF3498B-B981-4367-B7F0-B584862191A5} " = TCP:d:\gry\Program Files\the club\Launcher.exe:The Club Launcher
" {8CA5C208-5714-4DFE-AAE1-755B2EA32389} " = UDP:d:\gry\Program Files\the club\TheClub.exe:The Club
" {9D8ED055-0F31-4907-AF23-28C66AADC1FC} " = TCP:d:\gry\Program Files\the club\TheClub.exe:The Club
" {9A4F76D1-B4D8-421C-B2CE-C6A846600E45} " = TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
" {17F6B879-7FAA-4D54-BEA0-EE687707DFDB} " = UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
" {AFC26FBF-69B4-4702-96D1-41327EFB2DA5} " = TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
" {582975D2-87AE-45F0-AA03-C4A8935F4753} " = UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
" {6CDB642D-DA4D-41B7-9E84-D1E9315C1F0B} " = TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
" {3246662A-E26E-4931-97E1-6E39D7662CC2} " = UDP:d:\gry\Program Files\Bionic komando\bcr.exe:Bionic Commando Rearmed
" {2F1B1202-E307-42D1-89EE-5B7C31B12481} " = TCP:d:\gry\Program Files\Bionic komando\bcr.exe:Bionic Commando Rearmed
" {04DB9BCE-20A4-4397-844E-ED06DC31031F} " = Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
" {9B93F423-0E92-45BA-9435-6616A1FED237} " = Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
" {85597CE4-D24B-4EA3-BB91-2CE6DDBCB3D5} " = Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
" {02FE3F5F-E5B4-463F-881F-B3B97459544B} " = Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
" {1B03C974-F94C-46DA-9C47-60D5E025CFE2} " = Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
" {3B6C410A-DC01-427F-BCA1-FDAF67A152A8} " = Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
" TCP Query User{5490B988-8CC4-4265-81B9-1CD1D023AA87}c:\\program files\\nowe gadu-gadu\\gg.exe " = UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
" UDP Query User{664C34D0-6D93-42B1-91D9-8F7772A397F0}c:\\program files\\nowe gadu-gadu\\gg.exe " = TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
" EnableFirewall " = 0 (0x0)

R0 hotcore3;Hotcore helper;c:\windows\System32\drivers\hotcore3.sys [2008-11-29 40496]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-16 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1002000.007\cchpx86.sys [2008-12-16 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090309.001\IDSvix86.sys [2009-03-10 292912]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [2008-07-16 13312]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-16 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 101936]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-08-06 44576]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1002000.007\symndisv.sys [2008-12-16 40496]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\System32\drivers\vmc302.sys [2008-07-16 242560]
S2 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-10-01 558551]
S3 NETw5v32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-05-20 3663360]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\System32\drivers\teamviewervpn.sys [2008-01-07 25088]

--- Inne Us?ugi/Sterowniki w Pami?ci ---

*Deregistered* - SymEFA

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Zawartośae folderu 'Zaplanowane zadania'

2009-03-11 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-01-06 11:32]

2009-03-11 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-07 17:23]

2009-03-10 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-06 11:37]

2009-03-10 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-03-11 19:40]

2009-03-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-25 23:46]

2009-03-11 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 14:38]
.
.
------- Skan uzupe?niaj?cy -------
.
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
FF - ProfilePath - c:\users\Ania & Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\9qdcceiu.default\
FF - prefs.js: browser.search.selectedEngine - google
FF - prefs.js: browser.startup.homepage - hxxp://google.pl
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar & search=
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Ania & Piotr\AppData\Roaming\Mozilla\Firefox\Profiles\9qdcceiu.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 19:48:17
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...


**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@Denied: (Full) (LocalSystem)
@Denied: (Full) (Owner)
@Denied: (Full) (LocalSystem)
@Denied: (Full) (Administrators)
@Denied: (Full) (Users)

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00353631-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00353632-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00353633-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00353634-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00353635-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00353636-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00353637-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00353638-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00353639-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0035363a-be32-11dd-83d5-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dca531d-fbf0-11dd-bef8-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f267eb2-a774-11dd-837e-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a539848-6a70-11db-887c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a539849-6a70-11db-887c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a53984a-6a70-11db-887c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a53984b-6a70-11db-887c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a53984c-6a70-11db-887c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a53984d-6a70-11db-887c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a53984e-6a70-11db-887c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a539851-6a70-11db-887c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a539852-6a70-11db-887c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41942b37-5bd2-11dd-baf6-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{586d67db-d45b-11dd-b77d-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77bab46c-d629-11dc-bb01-0013770440fd}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae43ff41-d628-11dc-bb47-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae43ff44-d628-11dc-bb47-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2e1292e-0800-11de-bc82-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5b722e6-d6c2-11dd-a57f-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5b722ee-d6c2-11dd-a57f-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbe3b1af-5341-11dd-a3ae-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be055244-5bdb-11dd-809c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be055245-5bdb-11dd-809c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be05524a-5bdb-11dd-809c-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c88a13cf-9b94-11dd-a01e-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c88a142a-9b94-11dd-a01e-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c88a143c-9b94-11dd-a01e-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c88a143e-9b94-11dd-a01e-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c88a1440-9b94-11dd-a01e-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c92be657-c7c0-11dc-8ff1-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c92be658-c7c0-11dc-8ff1-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c92be659-c7c0-11dc-8ff1-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c92be65a-c7c0-11dc-8ff1-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c92be65b-c7c0-11dc-8ff1-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c92be65c-c7c0-11dc-8ff1-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c92be65d-c7c0-11dc-8ff1-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c92be660-c7c0-11dc-8ff1-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c92be661-c7c0-11dc-8ff1-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfc42746-99f9-11dd-8aeb-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d81c3675-b026-11dd-b718-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d81c36db-b026-11dd-b718-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddb7135d-a661-11dd-abcd-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddb71363-a661-11dd-abcd-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e750ece7-53c2-11dd-b404-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e750ece8-53c2-11dd-b404-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e750ece9-53c2-11dd-b404-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e750ecec-53c2-11dd-b404-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2cfc918-9889-11dd-a3c3-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2cfc9da-9889-11dd-a3c3-001fe2ef3d0e}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f416eb16-98b5-11dd-997d-806e6f6e6963}]
" BaseClass " = " Drive "

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6351625-9f57-11dd-95a6-001fe2ef3d0e}]
" BaseClass " = " Drive "
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------

- - - - - - - & gt; 'Explorer.exe'(3152)
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
.
Czas uko?czenia: 2009-03-11 19:52:01
ComboFix-quarantined-files.txt 2009-03-11 18:50:40
ComboFix2.txt 2009-03-11 14:44:24

Przed: 859 996 160 bajtów wolnych
Po: 826,294,272 bajtów wolnych

473 --- E O F --- 2009-02-13 07:59:17


Download file - link to post