Dzień dobry.Nie wiem jak usunąć tego trojana.Wykrył mi go a squared free.Mam tu logi.Pomocy Logfile of HijackThis v1.99.1 Scan saved at 05:16:40, on 2007-08-23 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe C:\programy\google descop\AlienGUIse\wbload.exe C:\programy\a-square\a-squared Free\a2service.exe C:\programy\zerospyware\FileDeleter.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Spyware Terminator\sp_rsser.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\RTHDCPL.EXE D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Program Files\VIA\RAID\raid_tool.exe C:\programy\daemon\daemon.exe C:\programy\winamp\winampa.exe D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe C:\programy\cursor powre pack\CursorXP.exe C:\programy\winzip\WZQKPICK.EXE D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\programy\POP3 tray\PopTray.exe C:\programy\ObjectDock\ObjectDock.exe C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe D:\WINDOWS\system32\wuauclt.exe C:\programy\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60308 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60308 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60308 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\programy\spybot\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\programy\daemon\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinampAgent] C:\programy\winamp\winampa.exe O4 - HKLM\..\Run: [LogonStudio] "C:\programy\LogonStudio\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\programy\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [UberIcon] "C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [RocketDock] "C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [SkinClock] C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [CursorXP] C:\programy\cursor powre pack\CursorXP.exe O4 - Startup: PopTray.lnk = C:\programy\POP3 tray\PopTray.exe O4 - Startup: RocketDock.lnk = C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe O4 - Startup: Stardock ObjectDock.lnk = C:\programy\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe O4 - Startup: Y'z Toolbar.lnk = C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\programy\winzip\WZQKPICK.EXE O8 - Extra context menu item: Crawler Search - tbr:iemenu O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185388838578 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - AppInit_DLLs: wbsys.dll D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WB - C:\programy\google descop\AlienGUIse\fastload.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\programy\a-square\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - C:\programy\zerospyware\FileDeleter.exe O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "UberIcon" = ""C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe"" [null data] "RocketDock" = ""C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe"" [null data] "SkinClock" = "C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [null data] "CursorXP" = "C:\programy\cursor powre pack\CursorXP.exe" [" "] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "avast!" = "D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "RaidTool" = "D:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "DAEMON Tools-1033" = ""C:\programy\daemon\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "WinampAgent" = "C:\programy\winamp\winampa.exe" [null data] "LogonStudio" = ""C:\programy\LogonStudio\LogonStudio\logonstudio.exe" /RANDOM" ["Stardock and Luca Saggese"] "BootSkin Startup Jobs" = ""C:\programy\BootSkin\BootSkin.exe" /StartupJobs" [empty string] "SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."] "SpywareTerminator" = ""D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"] "Google Desktop Search" = ""D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"] "NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\programy\spybot\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Shell Extension" -> {HKLM...CLSID} = "a-squared Free Shell Extension" \InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "D:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\programy\real player\rpshell.dll" ["RealNetworks, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] "{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\programy\crystal XP\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows<> "AppInit_DLLs" = "wbsys.dll D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Stardock.Net, Inc"] HKLM\System\CurrentControlSet\Control\Session Manager<> "BootExecute" = "autocheck autochk *"| [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<> WB\DLLName = "C:\programy\google descop\AlienGUIse\fastload.dll" ["Stardock"] HKLM\Software\Classes\Folder\shellex\ColumnHandlers{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlersavast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlersCMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}" -> {HKLM...CLSID} = "CMenuExtender" \InProcServer32\(Default) = "C:\programy\crystal XP\Crystal Clear\iColorFolder\CMExt.dll" ["Revenger inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlersa-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Shell Extension" \InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlersa-squared Free Shell Extension\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Shell Extension" \InProcServer32\(Default) = "C:\programy\a-square\a-squared Free\a2freecontmenu.dll" ["Emsi Software GmbH"] SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "D:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoViewContextMenu" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoDispCPL" = (REG_DWORD) hex:0x00000000 {Remove Display in Control Panel} "NoDispBackgroundPage" = (REG_DWORD) hex:0x00000000 {Hide Desktop tab} "NoDispScrSavPage" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoDispAppearancePage" = (REG_DWORD) hex:0x00000000 {unrecognized setting} "NoDispSettingsPage" = (REG_DWORD) hex:0x00000000 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop"Wallpaper" = "D:\Documents and Settings\Van Helsing\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Startup items in "Van Helsing" & "All Users" startup folders: ------------------------------------------------------------- D:\Documents and Settings\Van Helsing\Menu Start\Programy\Autostart "PopTray" -> shortcut to: "C:\programy\POP3 tray\PopTray.exe" ["Renier Crause"] "RocketDock" -> shortcut to: "C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe" [null data] "Stardock ObjectDock" -> shortcut to: "C:\programy\ObjectDock\ObjectDock.exe" ["Stardock"] "UberIcon" -> shortcut to: "C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe" [null data] "Y'z Shadow" -> shortcut to: "C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe" ["Y'z@Home"] "Y'z Toolbar" -> shortcut to: "C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe" ["Y'z@Home"] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart "WinZip Quick Pick" -> shortcut to: "C:\programy\winzip\WZQKPICK.EXE" ["WinZip Computing, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" -> {HKLM...CLSID} = "&Crawler Toolbar" \InProcServer32\(Default) = "D:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"] HKLM\Software\Microsoft\Internet Explorer\Toolbar"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" = (no title provided) -> {HKLM...CLSID} = "&Crawler Toolbar" \InProcServer32\(Default) = "D:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_02" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_02" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."] {E2E2DD38-D088-4134-82B7-F2BA38496583}"MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ a-squared Free Service, a2free, ""C:\programy\a-square\a-squared Free\a2service.exe"" ["Emsi Software GmbH"] avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Spyware Terminator Realtime Shield Service, sp_rssrv, ""D:\Program Files\Spyware Terminator\sp_rsser.exe"" ["Crawler.com"] ZeroSpyware FileDeleter, FileDeleter, "C:\programy\zerospyware\FileDeleter.exe" ["FBM Software"] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 41 seconds, including 12 seconds for message boxes) ComboFix 07-07-30.2 - "Van Helsing" 2007-08-23 5:33:06.6 [GMT 2:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.Prawda ((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 ))))))))))))))))))))))))))))))) 2007-08-23 05:33 51,200 --a------ D:\WINDOWS\nircmd.exe 2007-08-23 05:07 359,040 --a------ D:\WINDOWS\system32\drivers\tcpip.sys 2007-08-20 17:23 64,512 --ah----- D:\DOCUME~1\VANHEL~1\DANEAP~1\dach100.dll 2007-08-19 04:19 217 --ah----- D:\WINDOWS\winshell.dat 2007-08-19 04:03 d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Systweak 2007-08-18 20:18 512,688 --a------ D:\WINDOWS\system32\XceedCry.dll 2007-08-18 20:18 423,784 --a------ D:\WINDOWS\system32\XceedBkp.dll 2007-08-18 20:18 118,784 --a------ D:\WINDOWS\system32\msstdfmt.dll 2007-08-18 20:18 101,888 --a------ D:\WINDOWS\system32\VB6STKIT.DLL 2007-08-15 05:41 4,102 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd 2007-08-15 05:35 221,184 --a------ D:\WINDOWS\system32\wmpns.dll 2007-08-13 19:55 d-------- D:\WINDOWS\Clean MemXP 2007-08-11 13:29 d-------- D:\Program Files\SystemRequirementsLab 2007-08-10 17:37 143,872 --a------ D:\WINDOWS\system32\iacenc.dll 2007-08-09 09:56 36,864 --a------ D:\WINDOWS\system32\wbsys.dll 2007-08-09 09:37 d-------- D:\Program Files\Google 2007-08-09 09:30 d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP 2007-08-07 19:04 d-------- D:\Program Files\Media Player Classic 2007-08-06 14:44 d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles 2007-08-04 11:12 81,920 --a------ D:\WINDOWS\system32\OpenAL32.dll 2007-08-04 11:12 221,184 --a------ D:\WINDOWS\system32\wrap_oal.dll 2007-08-03 09:44 108,144 --a------ D:\WINDOWS\system32\CmdLineExt.dll 2007-08-03 09:44 dr-h----- D:\DOCUME~1\VANHEL~1\DANEAP~1\SecuROM 2007-08-02 06:38 138,624 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2007-08-02 06:37 d-------- D:\Program Files\Crawler 2007-08-02 06:36 d-------- D:\Program Files\Spyware Terminator 2007-08-02 06:36 d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Spyware Terminator 2007-08-01 20:46 d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Trymedia 2007-08-01 20:24 d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Lavasoft 2007-07-31 15:12 d-------- D:\Program Files\Common Files\DirectX 2007-07-31 14:59 98,304 --a------ D:\WINDOWS\system32\msir3jp.dll 2007-07-31 14:59 9,216 --a------ D:\WINDOWS\system32\kbdnecAT.dll 2007-07-31 14:59 838,144 --a------ D:\WINDOWS\system32\chtbrkr.dll 2007-07-31 14:59 70,656 --a------ D:\WINDOWS\system32\korwbrkr.dll 2007-07-31 14:59 7,680 --a------ D:\WINDOWS\system32\kbdnecNT.dll 2007-07-31 14:59 7,168 --a------ D:\WINDOWS\system32\kbdnec95.dll 2007-07-31 14:59 7,168 --a------ D:\WINDOWS\system32\kbdibm02.dll 2007-07-31 14:59 7,168 --a------ D:\WINDOWS\system32\f3ahvoas.dll 2007-07-31 14:59 6,656 --a------ D:\WINDOWS\system32\kbdlk41a.dll 2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbdlk41j.dll 2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbdax2.dll 2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbd106n.dll 2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbd101a.dll 2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbd101.dll 2007-07-31 14:59 218,112 --a------ D:\WINDOWS\system32\c_g18030.dll 2007-07-31 14:59 1,677,824 --a------ D:\WINDOWS\system32\chsbrkr.dll 2007-07-31 14:58 811,064 --a------ D:\WINDOWS\system32\imjp81k.dll 2007-07-31 14:58 76,288 --a------ D:\WINDOWS\system32\uniime.dll 2007-07-31 14:58 6,656 --a------ D:\WINDOWS\system32\c_is2022.dll 2007-07-31 14:57 8,704 --a------ D:\WINDOWS\system32\kbdjpn.dll 2007-07-31 14:57 8,192 --a------ D:\WINDOWS\system32\kbdkor.dll 2007-07-31 14:57 6,144 --a------ D:\WINDOWS\system32\kbd106.dll 2007-07-31 14:57 6,144 --a------ D:\WINDOWS\system32\kbd101c.dll 2007-07-31 14:57 6,144 --a------ D:\WINDOWS\system32\kbd101b.dll 2007-07-31 14:57 5,632 --a------ D:\WINDOWS\system32\kbd103.dll 2007-07-29 20:46 d-------- D:\WINDOWS\pss 2007-07-29 15:07 271,360 --a------ D:\WINDOWS\system32\drivers\atksgt.sys 2007-07-29 15:07 18,048 --a------ D:\WINDOWS\system32\drivers\lirsgt.sys 2007-07-29 07:49 d-------- D:\Program Files\Common Files\xing shared 2007-07-29 07:49 d-------- D:\Program Files\Common Files\Real 2007-07-29 07:48 d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Real 2007-07-28 16:19 d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Help 2007-07-27 09:58 d-------- D:\Program Files\Electronic Arts 2007-07-26 16:25 d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\POP3Profiles 2007-07-26 16:19 1,415,680 --a------ D:\WINDOWS\system32\wmv9vcm.dll 2007-07-26 15:55 420,240 --a------ D:\WINDOWS\system32\mpg4c32.dll 2007-07-26 15:55 309,616 --a------ D:\WINDOWS\system32\wmv8dmod.dll 2007-07-26 15:32 d-------- D:\Program Files\directx 2007-07-26 15:24 d-------- D:\Program Files\XviD 2007-07-26 06:31 d-------- D:\WINDOWS\system32\ZeroSpyware Limited Edition 2007-07-26 06:20 d-------- D:\WINDOWS\system32\zslfiles 2007-07-26 05:33 d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy 2007-07-26 05:22 d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Talkback 2007-07-26 05:01 d-------- D:\Program Files\MSXML 6.0 2007-07-26 04:15 d-------- D:\Program Files\MSBuild 2007-07-26 04:12 d-------- D:\WINDOWS\system32\XPSViewer 2007-07-26 04:12 d-------- D:\Program Files\Reference Assemblies 2007-07-26 04:11 14,048 --------- D:\WINDOWS\system32\spmsg2.dll 2007-07-26 04:10 d-------- D:\Program Files\Windows Media Connect 2 2007-07-26 04:09 d-------- D:\WINDOWS\system32\LogFiles 2007-07-26 04:09 d-------- D:\WINDOWS\system32\drivers\UMDF 2007-07-26 04:04 d-------- D:\WINDOWS\system32\URTTemp 2007-07-26 03:31 2,916,352 --------- D:\WINDOWS\UNNMP.exe 2007-07-26 03:30 d-------- D:\Program Files\Common Files\Nero 2007-07-26 03:29 476,320 --------- D:\WINDOWS\system32\ImagXpr7.dll 2007-07-26 03:29 471,040 --------- D:\WINDOWS\system32\ImagXRA7.dll 2007-07-26 03:29 38,912 --------- D:\WINDOWS\system32\picn20.dll 2007-07-26 03:29 364,544 --------- D:\WINDOWS\system32\TwnLib4.dll 2007-07-26 03:29 262,144 --------- D:\WINDOWS\system32\ImagXR7.dll 2007-07-26 03:29 24,064 --------- D:\WINDOWS\system32\msxml3a.dll 2007-07-26 03:29 2,977,792 --------- D:\WINDOWS\UNNeroVision.exe 2007-07-26 03:29 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll 2007-07-26 03:29 1,568,768 --------- D:\WINDOWS\system32\ImagX7.dll 2007-07-26 03:29 d-------- D:\Program Files\Common Files\Ahead 2007-07-26 03:29 d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Ahead 2007-07-26 03:27 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys 2007-07-26 03:27 d-------- D:\Program Files\VID_0E8F&PID_0012 2007-07-25 22:51 163,712 --a------ D:\WINDOWS\system32\drivers\vidstub.sys 2007-07-25 22:50 187,392 --a------ D:\WINDOWS\system32\JPGUtils.dll 2007-07-25 22:50 d-------- D:\Program Files\Common Files\Stardock (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-14 22:53 36 ---h----- D:\Program Files\desktop.ini 2007-07-26 04:50 87188 --a------ D:\WINDOWS\system32\perfc015.dat 2007-07-26 04:50 494652 --a------ D:\WINDOWS\system32\perfh015.dat 2007-07-25 22:50 6632448 --a------ D:\WINDOWS\system32\logonuiX.exe 2007-07-25 19:18 219648 --a------ D:\WINDOWS\system32\uxtheme.dll 2007-06-26 08:10 1104896 --a------ D:\WINDOWS\system32\msxml3.dll 2007-06-19 15:32 282112 --a------ D:\WINDOWS\system32\gdi32.dll 2007-06-13 15:23 1034752 --a------ D:\WINDOWS\explorer.exe --------- D:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 D:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 20:10 D:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 D:\WINDOWS\Alcmtr.exe] "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03] "RaidTool"="D:\Program Files\VIA\RAID\raid_tool.exe" [2006-01-04 09:43] "nwiz"="nwiz.exe" [2007-04-19 13:26 D:\WINDOWS\system32\nwiz.exe] "DAEMON Tools-1033"="C:\programy\daemon\daemon.exe" [2004-08-22 17:05] "WinampAgent"="C:\programy\winamp\winampa.exe" [2007-05-15 00:22] "LogonStudio"="C:\programy\LogonStudio\LogonStudio\logonstudio.exe" [2002-09-03 18:38] "BootSkin Startup Jobs"="C:\programy\BootSkin\BootSkin.exe" [2004-04-26 16:21] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-20 11:10] "Google Desktop Search"="D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 02:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20] "RocketDock"="C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 22:47] "SkinClock"="C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [2007-07-23 19:31] "CursorXP"="C:\programy\cursor powre pack\CursorXP.exe" [2005-01-19 17:34] D:\Documents and Settings\Van Helsing\Menu Start\Programy\AutostartPopTray.lnk - C:\programy\POP3 tray\PopTray.exe [2006-09-16 15:01:16] RocketDock.lnk - C:\programy\crystal XP\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48] Stardock ObjectDock.lnk - C:\programy\ObjectDock\ObjectDock.exe [2007-07-04 18:15:32] UberIcon.lnk - C:\programy\crystal XP\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14] Y'z Shadow.lnk - C:\programy\crystal XP\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 21:09:06] Y'z Toolbar.lnk - C:\programy\crystal XP\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 14:41:10] D:\Documents and Settings\All Users\Menu Start\Programy\AutostartWinZip Quick Pick.lnk - C:\programy\winzip\WZQKPICK.EXE [2007-07-25 18:28:53] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispCPL"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispAppearancePage"=0 (0x0) "NoDispSettingsPage"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewContextMenu"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] C:\programy\google descop\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\programy\google descop\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=wbsys.dll D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys R1 AmdK8;Sterownik procesora AMD;D:\WINDOWS\system32\DRIVERS\AmdK8.sys R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys R2 atksgt;atksgt;D:\WINDOWS\system32\DRIVERS\atksgt.sys R2 FileDeleter;ZeroSpyware FileDeleter;C:\programy\zerospyware\FileDeleter.exe R2 lirsgt;lirsgt;D:\WINDOWS\system32\DRIVERS\lirsgt.sys R3 netrcacm;RCA USB Digital Cable Modem Driver;D:\WINDOWS\system32\DRIVERS\netrcacm.sys S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe S3 idsvc;Windows CardSpace;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-23 05:33:57 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-23 5:34:24 --- E O F --- Z góry dziękuje.