Hijack
- Kod: Zaznacz wszystko
- Logfile of HijackThis v1.99.1
 Scan saved at 00:33:02, on 2006-11-20
 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
 C:\WINDOWS\system32\CTsvcCDA.exe
 C:\Program Files\Norton Internet Security\NISUM.EXE
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\MsPMSPSv.exe
 C:\Program Files\Norton Internet Security\ccPxySvc.exe
 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
 C:\WINDOWS\system32\CTHELPER.EXE
 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe
 C:\PROGRA~1\WIDCOMM\OPROGR~1\BTSTAC~1.EXE
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\PROGRA~1\WINZIP\winzip32.exe
 C:\Program Files\DAP\DAP.EXE
 C:\Program Files\Messenger\msmsgs.exe
 C:\Documents and Settings\Es\Ustawienia lokalne\Temp\HijackThis.exe
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
 O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
 O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
 O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
 O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
 O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
 O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
 O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
 O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
 O4 - Global Startup: BTTray.lnk = ?
 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
 O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
 O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
 O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
 O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
 O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
 O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe
 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
 O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
 O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
 O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
 O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
 O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
 O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
 O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
SilentRunners
- Kod: Zaznacz wszystko
- "Silent Runners.vbs", revision 49, http://www.silentrunners.org/
 Operating System: Windows XP SP2
 Output limited to non-default values, except where indicated by "{++}"
 Startup items buried in registry:
 ---------------------------------
 HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
 "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
 HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
 "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
 "ccRegVfy" = ""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
 "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
 "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
 "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]
 "CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
 "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
 "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
 "AtiCwd32" = "Aticwd32.exe" [file not found]
 "AtiQiPcl" = "AtiQiPcl.exe" [file not found]
 "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
 "SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe" [null data]
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
 -> {HKLM...CLSID} = "AcroIEHlprObj Class"
 \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
 {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
 -> {HKLM...CLSID} = "CNavExtBho Class"
 \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
 -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
 \InProcServer32\(Default) = "deskpan.dll" [file not found]
 "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
 -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
 \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
 "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
 -> {HKLM...CLSID} = "Portable Media Devices Menu"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
 "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
 -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
 \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
 "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
 -> {HKLM...CLSID} = "Moje miejsca interfejsu Bluetooth"
 \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]
 HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
 DAP_Menu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
 -> {HKLM...CLSID} = "DAPMenuShellExt Class"
 \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
 DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
 -> {HKLM...CLSID} = "DAPMenuShellExt Class"
 \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
 Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
 -> {HKLM...CLSID} = "IEContextMenu Class"
 \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
 DAP_ShredMenu\(Default) = "{BED4C38B-F765-45AC-8C56-613F76BBF43E}"
 -> {HKLM...CLSID} = "DAPMenuShellExt Class"
 \InProcServer32\(Default) = "C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL" ["Speedbit Ltd."]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
 Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
 -> {HKLM...CLSID} = "IEContextMenu Class"
 \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {HKLM...CLSID} = "WinRAR"
 \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 Group Policies {policy setting}:
 --------------------------------
 Note: detected settings may not have any effect.
 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
 "CDRAutoRun" = (REG_DWORD) hex:0x00000000
 {unrecognized setting}
 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
 "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
 {Shutdown: Allow system to be shut down without having to log on}
 "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
 {Devices: Allow undock without having to log on}
 Active Desktop and Wallpaper:
 -----------------------------
 Active Desktop may be disabled at this entry:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
 HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
 "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
 Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\Documents and Settings\Es\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
 Enabled Screen Saver:
 ---------------------
 HKCU\Control Panel\Desktop\
 "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
 Startup items in "Es" & "All Users" startup folders:
 ----------------------------------------------------
 C:\Documents and Settings\Es\Menu Start\Programy\Autostart
 "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
 C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
 "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
 "BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe" ["Broadcom Corporation."]
 Winsock2 Service Provider DLLs:
 -------------------------------
 Namespace Service Providers
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 Transport Service Providers
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
 %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 20
 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
 Toolbars, Explorer Bars, Extensions:
 ------------------------------------
 Toolbars
 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
 "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
 -> {HKLM...CLSID} = "Norton AntiVirus"
 \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
 HKLM\Software\Microsoft\Internet Explorer\Toolbar\
 "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
 -> {HKLM...CLSID} = "Norton AntiVirus"
 \InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
 Extensions (Tools menu items, main toolbar menu buttons)
 HKLM\Software\Microsoft\Internet Explorer\Extensions\
 {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
 "MenuText" = "Sun Java Console"
 "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
 -> {HKLM...CLSID} = "Web Browser Applet Control"
 \InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS]
 {CCA281CA-C863-46EF-9331-5C8D4460577F}\
 "ButtonText" = "@btrez.dll,-4015"
 "MenuText" = "@btrez.dll,-4017"
 "Script" = "C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm" [null data]
 {FB5F1910-F110-11D2-BB9E-00C04F795683}\
 "ButtonText" = "Messenger"
 "MenuText" = "Windows Messenger"
 "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
 Running Services (Display Name, Service Name, Path {Service DLL}):
 ------------------------------------------------------------------
 Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe" ["Broadcom Corporation."]
 Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]
 Norton Internet Security Accounts Manager, NISUM, "C:\Program Files\Norton Internet Security\NISUM.EXE" ["Symantec Corporation"]
 Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
 Symantec Proxy Service, ccPxySvc, "C:\Program Files\Norton Internet Security\ccPxySvc.exe" ["Symantec Corporation"]
 Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
 WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]
 Print Monitors:
 ---------------
 HKLM\System\CurrentControlSet\Control\Print\Monitors\
 Monitor 2 języka BJ\Driver = "CNBJMON2.DLL" [MS]
 Monitor języka BJ\Driver = "CNBJMON.DLL" [MS]
 Port drukarki interfejsu Bluetooth\Driver = "bthcrp.dll" ["Broadcom Corporation."]
 ----------
 + This report excludes default entries except where indicated.
 + To see *everywhere* the script checks and *everything* it finds,
 launch it from a command prompt or a shortcut with the -all parameter.
 + The search for DESKTOP.INI DLL launch points on all local fixed drives
 took 17 seconds.
 ---------- (total run time: 56 seconds)
Combofix
- Kod: Zaznacz wszystko
- Es - 06-11-20 1:30:03,00 Dodatek Service Pack 2
 ComboFix 06.11.19 - Running from: "C:\Documents and Settings\Es\Pulpit"
 (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
 
 C:\Documents and Settings\Es\Dane aplikacji\Install.dat
 C:\secure32.html
 
 ((((((((((((((((((((((((((((((( Files Created from 2006-10-20 to 2006-11-20 ))))))))))))))))))))))))))))))))))
 
 
 2006-11-20 00:28 <DIR> d-------- C:\!KillBox
 2006-11-20 00:10 <DIR> dr-h----- C:\Documents and Settings\Es\Recent
 2006-11-19 23:43 <DIR> d-------- C:\Program Files\Tlen.pl
 2006-11-19 23:43 <DIR> d-------- C:\Documents and Settings\Es\Dane aplikacji\Tlen.pl
 2006-11-14 12:42 <DIR> d--hs---- C:\FOUND.148
 2006-11-09 14:41 <DIR> d-------- C:\Program Files\DAP
 2006-11-09 00:31 <DIR> d--hs---- C:\FOUND.147
 2006-11-04 12:52 <DIR> d--hs---- C:\FOUND.146
 2006-10-23 22:45 <DIR> d-------- C:\AllokMOVFolder
 2006-10-23 22:35 56 -r-hs---- C:\WINDOWS\system32\B297EF3A40.sys
 2006-10-23 22:35 3,350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
 2006-10-23 22:35 <DIR> d-------- C:\Program Files\DivX
 2006-10-22 19:35 <DIR> d-------- C:\WINDOWS\Sun
 2006-10-22 19:34 <DIR> d-------- C:\Documents and Settings\Es\Dane aplikacji\Sun
 2006-10-22 19:33 <DIR> d-------- C:\Program Files\Java
 2006-10-22 19:32 <DIR> d-------- C:\Program Files\Common Files\Java
 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
 2006-10-13 13:41 143872 --a------ C:\WINDOWS\system32\nwprovau.dll
 2006-10-09 18:18 -------- d-------- C:\Program Files\Prime95
 2006-09-13 07:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
 2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
 2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
 
 
 (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
 
 *Note* empty entries are not shown
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
 "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
 "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
 "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
 "ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
 "WINDVDPatch"="CTHELPER.EXE"
 "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
 "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
 "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
 "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
 "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
 "AtiCwd32"="Aticwd32.exe"
 "AtiQiPcl"="AtiQiPcl.exe"
 "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
 "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_11\\bin\\jusched.exe"
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
 "Installed"="1"
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
 "NoChange"="1"
 "Installed"="1"
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
 "Installed"="1"
 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
 "DeskHtmlVersion"=dword:00000110
 "DeskHtmlMinorVersion"=dword:00000005
 "Settings"=dword:00000001
 "GeneralFlags"=dword:00000001
 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
 "Source"="About:Home"
 "SubscribedURL"="About:Home"
 "FriendlyName"="Moja bieżąca strona główna"
 "Flags"=dword:00000002
 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
 "CurrentState"=hex:04,00,00,40
 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
 ff,ff,04,00,00,00
 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
 00,00,01,00,00,00
 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
 "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
 "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
 "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui"
 "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników"
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
 "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
 "NoDriveTypeAutoRun"=dword:00000095
 "CDRAutoRun"=dword:00000000
 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
 "dontdisplaylastusername"=dword:00000000
 "legalnoticecaption"=""
 "legalnoticetext"=""
 "shutdownwithoutlogon"=dword:00000001
 "undockwithoutlogon"=dword:00000001
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
 @=""
 "NoDriveTypeAutoRun"=hex:5f,00,00,00
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
 "NoDriveTypeAutoRun"=dword:00000091
 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
 "NoDriveTypeAutoRun"=dword:00000091
 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
 "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
 "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
 "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
 "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
 "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
 Completion time: 06-11-20 1:30:33.60
 C:\ComboFix.txt ... 06-11-20 01:30


 
	



