Logfile of HijackThis v1.99.1
Scan saved at 06:05:02, on 2007-10-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\programy\a-square\a-squared Free\a-squared Free\a2service.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\programy\Quiktim\qttask.exe
C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe
C:\programy\cursor powre pack\CursorXP.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\programy\POP3 tray\PopTray.exe
C:\programy\ObjectDock\ObjectDock.exe
D:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
D:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
D:\progra~1\mozill~1\firefox.exe
D:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\programy\hijack\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60308
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\programy\adobereader\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\programy\Quiktim\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SkinClock] C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [CursorXP] C:\programy\cursor powre pack\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PopTray.lnk = C:\programy\POP3 tray\PopTray.exe
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\programy\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Image with Download Manager - tbr:iemenudownload
O8 - Extra context menu item: Download URL in selection with Download Manager - tbr:iemenudownsel
O8 - Extra context menu item: Download URL with Download Manager - tbr:iemenudownload
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0623510984
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\programy\supera\SASWINLO.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\programy\a-square\a-squared Free\a-squared Free\a2service.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
ComboFix 07-07-30.2 - "van Helsing" 2007-10-02 5:51:16.1 [GMT 2:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.Prawda
* Created a new restore point
((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))
2007-10-02 05:50 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-10-02 05:10 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\SUPERAntiSpyware.com
2007-10-02 05:10 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\SUPERAntiSpyware.com
2007-10-02 05:09 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-10-01 13:30 64,512 --ah----- D:\DOCUME~1\VANHEL~1\DANEAP~1\dach100.dll
2007-10-01 13:07 81 --a------ D:\WINDOWS\anticrash.dat
2007-10-01 13:07 216 --ah----- D:\WINDOWS\winshell.dat
2007-10-01 06:11 719,872 --a------ D:\WINDOWS\system32\devil.dll
2007-10-01 06:11 70,656 --a------ D:\WINDOWS\system32\yv12vfw.dll
2007-10-01 06:11 70,656 --a------ D:\WINDOWS\system32\i420vfw.dll
2007-10-01 06:11 66,560 --a------ D:\WINDOWS\MOTA113.exe
2007-10-01 06:11 502,784 --a------ D:\WINDOWS\x2.64.exe
2007-10-01 06:11 394,240 --a------ D:\WINDOWS\system32\Smab.dll
2007-10-01 06:11 318,976 --a------ D:\WINDOWS\system32\avisynth.dll
2007-10-01 06:11 27,648 --a------ D:\WINDOWS\system32\AVSredirect.dll
2007-10-01 06:11 240,128 --a------ D:\WINDOWS\system32\x.264.exe
2007-10-01 06:11 217,073 --a------ D:\WINDOWS\meta4.exe
2007-10-01 06:11 <DIR> d-------- D:\Program Files\AviSynth 2.5
2007-10-01 06:10 31,232 -r-hs---- D:\WINDOWS\system32\msfDX.dll
2007-10-01 06:10 163,328 -r-hs---- D:\WINDOWS\system32\flvDX.dll
2007-09-30 02:19 <DIR> d-------- D:\Program Files\Common Files\Kaspersky Lab
2007-09-29 15:45 <DIR> d-a------ D:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-09-29 15:44 626,688 --a------ D:\WINDOWS\system32\msvcr80.dll
2007-09-29 15:43 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-09-29 15:43 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll
2007-09-29 07:37 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\nView_Profiles
2007-09-28 11:10 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Media Player Classic
2007-09-28 10:20 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Talkback
2007-09-25 16:17 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\VoipDiscount
2007-09-25 10:28 <DIR> d-------- D:\WINDOWS\pss
2007-09-25 10:16 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\InstallShield
2007-09-25 10:10 271,360 --a------ D:\WINDOWS\system32\drivers\atksgt.sys
2007-09-25 10:10 18,048 --a------ D:\WINDOWS\system32\drivers\lirsgt.sys
2007-09-25 09:00 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Systweak
2007-09-25 08:51 <DIR> d-------- D:\Program Files\MSXML 4.0
2007-09-25 08:20 82,061 --a------ D:\WINDOWS\system32\drivers\klick.dat
2007-09-25 08:20 81,549 --a------ D:\WINDOWS\system32\drivers\klin.dat
2007-09-25 08:20 7,225,376 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2007-09-25 08:20 355,360 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-25 08:20 <DIR> d-------- D:\Program Files\Kaspersky Lab
2007-09-25 08:20 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab
2007-09-24 20:09 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\POP3Profiles
2007-09-24 19:51 23,600 --a------ D:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-09-24 19:04 <DIR> d-------- D:\Program Files\VID_0E8F&PID_0012
2007-09-24 18:41 81,920 --a------ D:\WINDOWS\system32\VM303STI.dll
2007-09-24 18:41 53,248 --a------ D:\WINDOWS\Sti303.exe
2007-09-24 18:41 49,152 --a------ D:\WINDOWS\VMSnap3.EXE
2007-09-24 18:41 49,152 --a------ D:\WINDOWS\Domino.EXE
2007-09-24 18:41 392,058 --a------ D:\WINDOWS\system32\drivers\usbVM303.sys
2007-09-24 18:41 32,768 --a------ D:\WINDOWS\VMZoom.exe
2007-09-24 18:41 24,576 --a------ D:\WINDOWS\VMPipe.dll
2007-09-24 18:41 176,128 --a------ D:\WINDOWS\amcap.exe
2007-09-24 18:41 102,400 --a------ D:\WINDOWS\VM303Cap.exe
2007-09-24 18:41 <DIR> d-------- D:\WINDOWS\CatRoot
2007-09-24 18:41 <DIR> d-------- D:\Program Files\Vimicro
2007-09-24 18:39 36,864 --a------ D:\WINDOWS\system32\KRCapture.dll
2007-09-24 18:39 32,768 --a------ D:\WINDOWS\system32\KRProcess.dll
2007-09-24 18:39 32,768 --a------ D:\WINDOWS\system32\KRDetector.dll
2007-09-24 18:00 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Tlen.pl
2007-09-24 17:40 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Apple Computer
2007-09-24 17:27 2,302 --a------ D:\WINDOWS\mozver.dat
2007-09-24 17:21 <DIR> d-------- D:\Program Files\Common Files\xing shared
2007-09-24 17:20 <DIR> d-------- D:\Program Files\Common Files\Real
2007-09-24 17:20 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Real
2007-09-24 17:18 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy
2007-09-24 17:16 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer
2007-09-24 16:38 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Ahead
2007-09-24 16:38 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Ahead
2007-09-24 16:35 <DIR> d-------- D:\Program Files\Nero
2007-09-24 16:35 <DIR> d-------- D:\Program Files\Common Files\Ahead
2007-09-24 16:35 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Nero
2007-09-24 16:20 86,016 --a------ D:\WINDOWS\system32\AddiTunes.exe
2007-09-24 16:20 764,416 --a------ D:\WINDOWS\system32\NCTRMFile.dll
2007-09-24 16:20 626,688 --a------ D:\WINDOWS\system32\NCTImageFile.dll
2007-09-24 16:20 61,440 --a------ D:\WINDOWS\system32\cygz.dll
2007-09-24 16:20 4,755,968 --a------ D:\WINDOWS\system32\apexconverter.exe
2007-09-24 16:20 249,856 --a------ D:\WINDOWS\system32\NCTQuickTimeFile.dll
2007-09-24 16:20 120,320 --a------ D:\WINDOWS\system32\apexchanger.exe
2007-09-24 16:20 109,568 --a------ D:\WINDOWS\system32\apex3gp.exe
2007-09-24 16:20 1,295,582 --a------ D:\WINDOWS\system32\cygwin1.dll
2007-09-24 16:19 90,112 --a------ D:\WINDOWS\system32\NCTAudioFormatSettings3.dll
2007-09-24 16:19 780,288 --a------ D:\WINDOWS\system32\NCTVideoCompress.dll
2007-09-24 16:19 495,104 --a------ D:\WINDOWS\system32\NCTVideoCoreM.dll
2007-09-24 16:19 382,464 --a------ D:\WINDOWS\system32\NCTAVIFile.dll
2007-09-24 16:19 312,320 --a------ D:\WINDOWS\system32\NCTVideoView.dll
2007-09-24 16:19 2,846,720 --a------ D:\WINDOWS\system32\NCTAudioCompress3.dll
2007-09-24 16:19 188,416 --a------ D:\WINDOWS\system32\NCTVideoFile.dll
2007-09-24 16:18 81,920 --a------ D:\WINDOWS\system32\viscomwave.dll
2007-09-24 16:18 778,240 --a------ D:\WINDOWS\system32\NCTAudioCompress2.dll
2007-09-24 16:18 487,424 --a------ D:\WINDOWS\system32\msvcp70.dll
2007-09-24 16:18 344,064 --a------ D:\WINDOWS\system32\msvcr70.dll
2007-09-24 16:18 237,568 --a------ D:\WINDOWS\system32\lame_enc.dll
2007-09-24 16:18 215,552 --a------ D:\WINDOWS\system32\NCTWMVFile.dll
2007-09-24 16:18 147,456 --a------ D:\WINDOWS\system32\viscomqtenc.dll
2007-09-24 16:18 139,264 --a------ D:\WINDOWS\system32\viscomqtde.dll
2007-09-24 16:18 1,700,352 --a------ D:\WINDOWS\system32\gdiplus.dll
2007-09-24 16:18 <DIR> d-------- D:\WINDOWS\system32\RMBin
2007-09-24 15:40 <DIR> d-------- D:\WINDOWS\Cache
2007-09-24 15:38 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Lavasoft
2007-09-24 14:50 51,611 --a------ D:\WINDOWS\BricoPackUninst.cmd
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-10-02 05:44 38276 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-02 05:44 105764 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2007-09-29 15:45 87188 --a------ D:\WINDOWS\system32\perfc015.dat
2007-09-29 15:45 494652 --a------ D:\WINDOWS\system32\perfh015.dat
2007-09-24 14:50 219648 --a------ D:\WINDOWS\system32\uxtheme.dll
2007-07-30 19:19 92504 --a------ D:\WINDOWS\system32\cdm.dll
--------- D:\Program Files\Usługi online
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-06-29 00:43 D:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 15:38 D:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 D:\WINDOWS\Alcmtr.exe]
"SpywareTerminator"="D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-24 11:31]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]
"ISUSPM Startup"="D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 06:03]
"ISUSScheduler"="D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\programy\Quiktim\qttask.exe" [2007-04-27 09:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [2007-07-23 19:31]
"CursorXP"="C:\programy\cursor powre pack\CursorXP.exe" [2005-01-19 17:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"RocketDock"="D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 22:47]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
D:\Documents and Settings\van Helsing\Menu Start\Programy\Autostart\
PopTray.lnk - C:\programy\POP3 tray\PopTray.exe [2006-09-16 15:01:16]
RocketDock.lnk - D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48]
Stardock ObjectDock.lnk - C:\programy\ObjectDock\ObjectDock.exe [2007-07-04 18:15:32]
UberIcon.lnk - D:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14]
Y'z Shadow.lnk - D:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 21:09:06]
Y'z Toolbar.lnk - D:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 14:41:10]
D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Kaspersky Anti-Hacker.lnk - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe [2006-05-11 16:05:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\programy\supera\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\programy\supera\SASWINLO.dll 2007-04-19 13:41 294912 C:\programy\supera\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^WinZip Quick Pick.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WinZip Quick Pick.lnk
backup=D:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^van Helsing^Menu Start^Programy^Autostart^AntiCrash.lnk]
path=D:\Documents and Settings\van Helsing\Menu Start\Programy\Autostart\AntiCrash.lnk
backup=D:\WINDOWS\pss\AntiCrash.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
D:\WINDOWS\Domino.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
D:\WINDOWS\VMSnap3.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\programy\winamp\winampa.exe
R0 Klpf;Klpf;D:\WINDOWS\system32\drivers\Klpf.sys
R0 Klpid;Klpid;D:\WINDOWS\system32\drivers\Klpid.sys
R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 AmdK8;Sterownik procesora AMD;D:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 SASDIFSV;SASDIFSV;\??\C:\programy\supera\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\programy\supera\SASKUTIL.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R2 atksgt;atksgt;D:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 lirsgt;lirsgt;D:\WINDOWS\system32\DRIVERS\lirsgt.sys
R3 netrcacm;RCA USB Digital Cable Modem Driver;D:\WINDOWS\system32\DRIVERS\netrcacm.sys
R3 SASENUM;SASENUM;\??\C:\programy\supera\SASENUM.SYS
R3 vmfilter303;vmfilter303;D:\WINDOWS\system32\drivers\vmfilter303.sys
R3 ZSMC303;X-calibur USB PC Camera (Vimicro301 Neptune);D:\WINDOWS\system32\Drivers\usbVM303.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
S3 TVICHW32;TVICHW32;\??\D:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 05:52:26
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-10-02 5:53:04
--- E O F ---
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SkinClock" = "C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe" [null data]
"CursorXP" = "C:\programy\cursor powre pack\CursorXP.exe" [" "]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"RocketDock" = ""D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"" [null data]
"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"SpywareTerminator" = ""D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]
"AVP" = ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
"ISUSPM Startup" = "D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\programy\Quiktim\qttask.exe" -atboottime" ["Apple Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
{HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\programy\adobereader\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\(Default) = (no title provided)
{HKLM...CLSID} = "*i*i?***" (unwritable string)
\InProcServer32\(Default) = "D:\PROGRA~1\Crawler\Toolbar\ctbr.dll" ["Crawler.com"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
{HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
{HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
{HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler"
{HKLM...CLSID} = "SPTHandler"
\InProcServer32\(Default) = "D:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]
Z góry dziękuje.
...lecz jesli chcesz to usun tylko Spyware Terminator (usun pogrubione wpisy jezeli zostawisz reszte lecz i tak radze wszystko usunac)
