User - 06-12-14 16:45:32,57 Dodatek Service Pack 2 ComboFix 06.11.27W - Running from: “C:\Documents and Settings\User\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\taskmgr.com ((((((((((((((((((((((((((((((( Files Created from 2006-11-14 to 2006-12-14 )))))))))))))))))))))))))))))))))) 2006-12-14 15:50 2006-12-14 15:49 2006-12-12 18:22 2006-11-29 19:40 2006-11-21 21:05 2006-11-21 21:02 2006-11-19 12:11 2006-11-19 09:58 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-14 15:20 41 --a------ C:\WINDOWS\system32\feafccbcbecd_s.dll 2006-12-13 17:54 500 --a------ C:\Documents and Settings\User\Dane aplikacji\mainhst.zgh 2006-12-13 17:43 -------- d-------- C:\Program Files\SkanerOnline 2006-12-13 13:25 69952 --a------ C:\WINDOWS\system32\SkanerOnlineUninstall.exe 2006-12-13 13:24 715048 --a------ C:\WINDOWS\system32\SkanerOnline.dll 2006-12-10 09:24 -------- d-------- C:\Documents and Settings\User\Dane aplikacji\Skype 2006-11-30 18:48 47648 --a–c— C:\Documents and Settings\User\Dane aplikacji\GDIPFONTCACHEV1.DAT 2006-11-21 21:05 -------- d-------- C:\Documents and Settings\User\Dane aplikacji\Apple Computer 2006-11-21 21:04 -------- d-------- C:\Program Files\QuickTime 2006-11-19 09:58 -------- d-------- C:\Program Files\Internet Explorer 2006-11-18 22:06 -------- d-------- C:\Documents and Settings\User\Dane aplikacji\Lavasoft 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-19 16:46 -------- d–h----- C:\Program Files\InstallShield Installation Information 2006-10-17 21:01 -------- d-------- C:\Documents and Settings\User\Dane aplikacji\ZipGenius 2006-10-15 18:20 -------- d-------- C:\Documents and Settings\User\Dane aplikacji\Kopia zapasowa 2006-10-15 10:13 -------- d-------- C:\Program Files\HP 2006-10-15 10:13 -------- d-------- C:\Program Files\Common Files 2006-10-15 10:12 -------- d-------- C:\Documents and Settings\User\Dane aplikacji\Image Zone Express 2006-10-13 13:41 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 13:41 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 13:41 143872 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe 2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2006-09-21 21:23 209408 --a------ C:\WINDOWS\ADS.exe 2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “SpybotSD TeaTimer”=“D:\Programy\Spybot - Search & Destroy\TeaTimer.exe” “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “Skrót do strony właściwości High Definition Audio”=“HDAudPropShortcut.exe” “SoundMan”=“SOUNDMAN.EXE” “AlcWzrd”=“ALCWZRD.EXE” “ipTray.exe”="“C:\Program Files\Intel\IDU\iptray.exe”" “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “ISUSScheduler”="“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start" “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “Windows Defender”="“C:\Program Files\Windows Defender\MSASCui.exe” -hide" “Zone Labs Client”="“D:\Programy\ZoneAlarm\zlclient.exe”" “ISUSPM Startup”=“c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Moja bieżąca strona główna” “Flags”=dword:00000002 “Position”=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 “CurrentState”=hex:04,00,00,40 “OriginalStateInfo”=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,04,00,00,40 “RestoredStateInfo”=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] “{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Moduł wstępnego ładowania interfejsu Browseui” “{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Demon buforu kategorii składników” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”="" “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}”=“Microsoft AntiMalware ShellExecuteHook” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”="" “legalnoticetext”="" “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “PostBootReminder”="{7849596a-48ea-486e-8937-a2a3009f31a9}" “CDBurn”="{fbeb8a05-beee-4442-804e-409d6c4515e9}" “WebCheck”="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" “SysTray”="{35CEC8A3-2BE6-11D2-8773-92E220524153}"