Niebieski ekran...a potem się zwiesił ;(

[Gosiak91]

Witam. Niewiele ponad godzinę temu wyskoczył mi niebieski ekran, który spowodował zwieszenie się netbooka

wklejam lok z ComboFix
Proszę bardzo o pomoc
Pozdrawiam

Kod: Zaznacz wszystko

ComboFix 12-11-16.02 - Gosia 2012-11-17  23:15:59.1.4 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1250.48.1045.18.2037.1322 [GMT 1:00]
Uruchomiony z: c:\users\Gosia\Downloads\ComboFix.exe
AV: Norton Internet Security Netbook Edition *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security Netbook Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\IsUn0415.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2012-10-17 do 2012-11-17  )))))))))))))))))))))))))))))))
.
.
2012-11-17 22:37 . 2012-11-17 22:37   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-11-04 17:58 . 2012-11-04 17:59   --------   d-----w-   c:\users\Gosia\AppData\Local\GHISLER
2012-11-04 16:45 . 2012-08-03 07:01   545   ----a-w-   c:\windows\UC.PIF
2012-11-04 16:45 . 2012-08-03 07:01   545   ----a-w-   c:\windows\RAR.PIF
2012-11-04 16:45 . 2012-08-03 07:01   545   ----a-w-   c:\windows\LHA.PIF
2012-11-04 16:45 . 2012-08-03 07:01   545   ----a-w-   c:\windows\ARJ.PIF
2012-11-04 16:45 . 2012-11-04 16:45   --------   d-----w-   C:\totalcmd
2012-11-04 16:45 . 2012-11-04 16:45   --------   d-----w-   c:\users\Gosia\AppData\Roaming\GHISLER
2012-10-27 18:09 . 2012-10-27 18:09   56200   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7944A9A2-19BD-4D92-8420-A3461340FBFA}\offreg.dll
2012-10-20 08:17 . 2012-10-12 05:56   6918632   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7944A9A2-19BD-4D92-8420-A3461340FBFA}\mpengine.dll
2012-10-20 08:13 . 2012-06-02 04:36   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-10-20 08:13 . 2012-06-02 04:36   1159680   ----a-w-   c:\windows\system32\crypt32.dll
2012-10-20 08:13 . 2012-06-02 04:36   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2012-10-20 08:12 . 2012-09-14 18:28   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-10-20 08:12 . 2012-08-31 17:18   1211760   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2012-10-20 08:12 . 2012-08-24 16:57   172544   ----a-w-   c:\windows\system32\wintrust.dll
2012-10-20 08:08 . 2012-08-10 23:56   542208   ----a-w-   c:\windows\system32\kerberos.dll
2012-10-20 08:06 . 2012-08-30 17:12   3968880   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-10-20 08:06 . 2012-08-30 17:12   3914096   ----a-w-   c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 08:24 . 2012-09-27 17:16   696760   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-10-20 08:24 . 2011-11-13 22:59   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 19:35 . 2012-10-03 19:35   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2012-10-03 19:35 . 2012-10-03 19:36   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-10-03 19:35 . 2011-10-08 14:17   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-08-24 16:57 . 2012-09-27 13:58   981504   ----a-w-   c:\windows\system32\wininet.dll
2012-08-24 15:20 . 2012-09-27 13:58   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-27 13:58   1292144   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-27 13:58   712048   ----a-w-   c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-27 13:58   240496   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-27 13:58   187760   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-27 13:58   245760   ----a-w-   c:\windows\system32\OxpsConverter.exe
2012-11-13 11:27 . 2012-11-13 11:27   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2011-09-28 1937736]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2011-07-04 13374048]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-09 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-09 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-09 150808]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 08:07   843712   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41   37296   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33   4910912   ----a-w-   c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
2010-11-12 22:24   1812264   ----a-w-   c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2012-05-11 14:33   19858432   ----a-w-   c:\program files\ipla\ipla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]
2010-06-01 06:32   966488   ----a-w-   c:\program files\Symantec\Norton Online Backup\NOBuClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-04-07 01:58   8555040   ------w-   c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 21:29   1174016   ----a-w-   c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04   252848   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-19 20:16   222504   ------w-   c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20111114.002\BHDrvx86.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS [x]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 PLAY ONLINE. RunOuc;PLAY ONLINE. OUC;c:\program files\PLAY ONLINE\UpdateDog\ouc.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS [x]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20111118.030\IDSvix86.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Zawartość folderu 'Zaplanowane zadania'
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 08:24]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 10:15]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 10:15]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://samsung.msn.com
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.100
TCP: Interfaces\{796106C2-8EB7-4221-8C7B-B0D9C2C2FE7F}: NameServer = 89.108.195.20 89.108.202.20
TCP: Interfaces\{A39A2972-7E08-43EC-9237-3A78519B883A}: NameServer = 89.108.195.20 89.108.202.20
TCP: Interfaces\{C58E3BAB-3477-4D8E-89EB-98DA9F068DBD}: NameServer = 89.108.195.21 217.17.34.10
TCP: Interfaces\{D260B415-3829-42EE-832B-451E53AD0EC9}: NameServer = 89.108.195.20 217.17.34.10
FF - ProfilePath - c:\users\Gosia\AppData\Roaming\Mozilla\Firefox\Profiles\otxih0j3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20111203150228088&tb_oid=03-12-2011&tb_mrud=03-12-2011&query=
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20111203150228088&tb_oid=03-12-2011&tb_mrud=03-12-2011&query=
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2012-11-17  23:43:28
ComboFix-quarantined-files.txt  2012-11-17 22:43
.
Przed: 51 779 235 840 bajtów wolnych
Po: 51 552 391 168 bajtów wolnych
.
- - End Of File - - E5B60BCA1996E9157B4C2C37B2FD62FE


[wojtas]

nie te logi.. wydaję mi się że jednak to nie wina wirusów .


Proszę zastosować się do obowiązkowych zasad w dziale bezpieczeństwo
- wstaw wymagane logi zgodnie ze swoim systemem
- wrzuć logi na forum w formie załącznika,