trojany !! ;/

[at]

Witam!
Mam problem z ciągle męczącymi trojanami, przed chwilą robiłem formata ale znów mam trojany itd :|
avast szaleje jak głupi ;/
zobaczcie na screen :|

http://img63.imageshack.us/img63/517/beztytu322uiw4.jpg
i jeszcze 2 pliki jakieś dziwne ;/
http://img58.imageshack.us/img58/8720/dsfsdcz9.jpg

daje logi z

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 15:58:31, on 2007-03-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\at\USTAWI~1\Temp\mexe.com
C:\DOCUME~1\at\USTAWI~1\Temp\ScanningProcess.exe
C:\DOCUME~1\at\USTAWI~1\Temp\ScanningProcess.exe
C:\DOCUME~1\at\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000122 (file missing)

Silent

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"tcpipmon" = "tcpipmon.exe" [MS]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> rpcc\DLLName = "C:\WINDOWS\system32\rpcc.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 53 seconds, including 13 seconds for message boxes)

comboscan

ComboScan v20070306.20 run by Ferson on 2007-03-23 at 16:07:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
7: 2007-03-23 15:05:51 UTC - RP7 - Software Distribution Service 2.0
6: 2007-03-23 14:20:27 UTC - RP6 - Zainstalowano: ATI Parental Control & Encoder
5: 2007-03-23 14:19:10 UTC - RP5 - Zainstalowano: ATI Catalyst Control Center
4: 2007-03-23 14:15:48 UTC - RP4 - Zainstalowano: Marvell Miniport Driver
3: 2007-03-23 14:09:27 UTC - RP3 - Zainstalowano Windows XP KB888111WXPSP2.


-- First Restore Point --
1: 2007-03-23 14:07:42 UTC - RP1 - Punkt kontrolny systemu


Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-23 16:09:09
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Ferson\Ustawienia lokalne\Temp\mexe.com
C:\Documents and Settings\Ferson\Ustawienia lokalne\Temp\ScanningProcess.exe
C:\Documents and Settings\Ferson\Ustawienia lokalne\Temp\ScanningProcess.exe
C:\Documents and Settings\Ferson\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ferson\Pulpit\comboscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.0.0.1 ircer.pl
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Urządzenie alarmowe (Alerter) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: Ati HotKey Poller - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Przeglądarka komputera (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa indeksowania (CiSvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: Client IP-IPX - "C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000122
O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Aplikacja systemowa modelu COM+ (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Usługi kryptograficzne (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Program uruchamiający proces serwera DCOM (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: Klient DHCP (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Menedżer dysków logicznych (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient DNS (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Usługa raportowania błędów (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dziennik zdarzeń (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dostęp do urządzeń interfejsu HID (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: Usługa COM nagrywania dysków CD IMAPI (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: Serwer (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Stacja robocza (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Posłaniec (Messenger) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Instalator Windows (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: DDE sieci (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE sieci (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Logowanie do sieci (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Połączenia sieciowe (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: Usługi IPSEC (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn chroniony (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer sesji pomocy pulpitu zdalnego (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rejestr zdalny (RemoteRegistry) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Menedżer kont zabezpieczeń (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Karta inteligentna (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Harmonogram zadań (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logowanie pomocnicze (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Bufor wydruku (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Usługa przywracania systemu (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa odnajdywania SSDP (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{CB103006-5F2C-4F63-9E4A-E4506CB87CA5}
O23 - Service: Dzienniki wydajności i alerty (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługi terminalowe (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Kompozycje (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Telnet (TlntSvr) - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Host uniwersalnego urządzenia Plug and Play (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Zasilacz awaryjny (UPS) (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Kopiowanie woluminów w tle (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa numeru seryjnego multimediów przenośnych (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozszerzenia sterownika Instrumentacji zarządzania Windows (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Karta wydajności WMI (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centrum zabezpieczeń (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Aktualizacje automatyczne (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa dostarczania sieci (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\system32\drivers\aavmker4.sys
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\system32\drivers\aswmon2.sys
3R aswRdr - C:\WINDOWS\system32\drivers\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\system32\drivers\aswTdi.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3R HDAudBus (Sterownik magistrali Microsoft UAA dla High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
1R intelppm (Sterownik procesora Intel) - C:\WINDOWS\system32\drivers\intelppm.sys
3R MTsensor (ATK0110 ACPI UTILITY) - C:\WINDOWS\system32\drivers\ASACPI.sys
3R usbehci (Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft) - C:\WINDOWS\system32\drivers\usbehci.sys
3R yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - C:\WINDOWS\system32\drivers\yk51x86.sys
1S AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2S aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2S Client IP-IPX - "C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000122


-- Files created between 2007-02-23 and 2007-03-23 -----------------------------

2007-03-23 16:06:15 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-23 16:06:07 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-23 16:06:05 0 d-------- C:\WINDOWS\LastGood
2007-03-23 15:57:03 149504 --a------ C:\WINDOWS\system32\TASKMGR.COM
2007-03-23 15:57:03 149504 --a------ C:\WINDOWS\system32\T.COM
2007-03-23 15:57:03 159232 --a------ C:\WINDOWS\REGEDIT.COM
2007-03-23 15:57:03 159232 --a------ C:\WINDOWS\R.COM
2007-03-23 15:56:03 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-23 15:55:12 58624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-23 15:54:35 77312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-23 15:54:18 139264 --a------ C:\WINDOWS\system32\zip.exe
2007-03-23 15:54:18 185344 --a------ C:\WINDOWS\system32\strings.exe
2007-03-23 15:54:18 28672 --a------ C:\WINDOWS\system32\restart.exe
2007-03-23 15:54:18 65536 --a------ C:\WINDOWS\system32\Process.exe
2007-03-23 15:54:18 48912 --a------ C:\WINDOWS\system32\Ntrights.exe
2007-03-23 15:54:18 11254 --a------ C:\WINDOWS\system32\locate.com
2007-03-23 15:53:29 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-23 15:53:29 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-23 15:53:26 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-23 15:53:25 0 dr------- C:\Program Files<PROGRA~1>
2007-03-23 15:53:22 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-23 15:53:22 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-23 15:53:22 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-23 15:53:21 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-23 15:53:21 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-23 15:53:19 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-23 15:53:18 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-23 15:53:18 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-23 15:53:18 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-23 15:53:18 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-23 15:53:18 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-23 15:53:18 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-23 15:53:17 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-23 15:53:17 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-23 15:53:17 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-23 15:53:17 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-23 15:53:17 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-23 15:53:14 6656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-23 15:53:14 6656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-03-23 15:53:13 5632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-03-23 15:53:13 5632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-23 15:53:13 7168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-23 15:53:12 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-23 15:53:12 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-23 15:53:12 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-23 15:53:12 85532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-23 15:53:12 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-23 15:53:11 9168 --a------ C:\WINDOWS\system\VER.DLL
2007-03-23 15:53:11 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-23 15:53:11 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-23 15:53:11 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-23 15:53:11 83456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-23 15:53:11 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-23 15:53:10 25088 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-23 15:53:10 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-23 15:53:10 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-23 15:53:10 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-23 15:53:10 70096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-23 15:53:09 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-23 15:53:09 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-23 15:53:09 69552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-23 15:53:09 79872 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-23 15:53:08 75776 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-23 15:52:49 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-23 15:52:49 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-23 15:52:21 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-23 15:52:20 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-03-23 15:51:00 11725 --a------ C:\whtvhj.exe
2007-03-23 15:50:49 57856 --a------ C:\nyjeldqi.exe
2007-03-23 15:47:09 0 d-------- C:\WINDOWS
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\WinSxS
2007-03-23 15:47:09 0 dr------- C:\WINDOWS\Web
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\twain_32
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\wins
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\wbem
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\usmt
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\spool
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\Setup
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\ras
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\oobe
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\npp
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\mui
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\IME
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\ias
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\export
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\drivers
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-23 15:47:09 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\config
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\3076
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\2052
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1054
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1045
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1042
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1041
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1037
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1033
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1031
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1028
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1025
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\security
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\repair
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\PeerNet
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\pchealth
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\mui
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\msapps
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\msagent
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Media
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\java
2007-03-23 15:47:09 0 d--h----- C:\WINDOWS\inf
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\ime
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Help
2007-03-23 15:47:09 0 dr--s---- C:\WINDOWS\Fonts
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\ehome
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Debug
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Cursors
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Config
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\AppPatch
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\addins
2007-03-23 15:42:37 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-23 15:42:33 0 d-------- C:\Program Files\Grisoft
2007-03-23 15:37:44 40448 --a------ C:\WINDOWS\system32\tcpipmon.exe
2007-03-23 15:37:43 42568 --a------ C:\WINDOWS\system32\msvcrl.dll
2007-03-23 15:37:25 0 d-------- C:\Program Files\Common Files\{001EDCF2-0AF9-1045-0320-060511060030}<{001ED~2>
2007-03-23 15:35:42 58368 -----n--- C:\WINDOWS\system32\VT100.EXE
2007-03-23 15:35:40 12288 --a------ C:\WINDOWS\system32\unsvchosts.exe<UNSVCH~1.EXE>
2007-03-23 15:35:40 0 d-------- C:\Program Files\Common Files\{001EDCF2-0AFA-1045-0320-060511060030}<{001ED~1>
2007-03-23 15:35:37 40448 --a------ C:\WINDOWS\system32\rpcc.dll
2007-03-23 15:35:18 0 d-------- C:\Program Files\SubEdit-Player<SUBEDI~1>
2007-03-23 15:30:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-23 15:29:35 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-23 15:27:53 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-03-23 15:24:54 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-23 15:24:54 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-23 15:24:53 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-23 15:24:53 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-23 15:24:53 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-23 15:24:49 348160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-03-23 15:24:49 499712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-03-23 15:24:49 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-23 15:24:49 102400 -----n--- C:\WINDOWS\system32\AVASTSS.scr
2007-03-23 15:24:49 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-23 15:24:46 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-23 15:20:29 0 d-------- C:\Program Files\Common Files\ATI Technologies<ATITEC~1>
2007-03-23 15:18:30 0 d-------- C:\WINDOWS\pss
2007-03-23 15:17:55 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-03-23 15:17:55 0 dr--s---- C:\WINDOWS\assembly
2007-03-23 15:17:54 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-23 15:17:25 532480 -----n--- C:\WINDOWS\system32\ati2sgag.exe
2007-03-23 15:17:20 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-23 15:17:18 121995 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-03-23 15:17:05 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-03-23 15:15:49 0 d-------- C:\Program Files\Marvell
2007-03-23 15:15:05 0 d-------- C:\WINDOWS\system32\Lang
2007-03-23 15:13:15 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-23 15:13:14 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-23 15:13:13 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-23 15:13:12 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-23 15:13:10 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-23 15:13:09 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-23 15:13:08 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-23 15:13:07 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-23 15:13:06 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-23 15:13:05 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-23 15:13:03 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-23 15:12:47 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-23 15:12:47 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-23 15:09:25 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-23 15:09:23 307200 --a------ C:\WINDOWS\HideWin.exe
2007-03-23 15:09:22 2814976 --a------ C:\WINDOWS\ALCWZRD.EXE
2007-03-23 15:09:22 81920 --a------ C:\WINDOWS\ALCMTR.EXE
2007-03-23 15:09:21 102400 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-03-23 15:09:21 14487040 --a------ C:\WINDOWS\RTHDCPL.EXE
2007-03-23 15:09:21 2041856 --a------ C:\WINDOWS\MicCal.exe
2007-03-23 15:09:20 156672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-03-23 15:09:20 0 d-------- C:\WINDOWS\system32\RTCOM
2007-03-23 15:09:20 3134976 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-03-23 15:09:20 53248 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-03-23 15:09:20 9708544 --a------ C:\WINDOWS\RTLCPL.EXE
2007-03-23 15:09:08 0 d-------- C:\Program Files\Realtek
2007-03-23 15:09:08 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-23 15:09:03 487424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-03-23 15:09:00 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-23 15:08:46 5810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-03-23 15:08:43 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-03-23 15:06:30 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-23 15:06:28 0 d-------- C:\WINDOWS\Prefetch
2007-03-23 15:02:51 0 d-------- C:\WINDOWS\system32\xircom
2007-03-23 15:02:51 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-23 15:02:31 0 -rahs---- C:\MSDOS.SYS
2007-03-23 15:02:31 0 -rahs---- C:\IO.SYS
2007-03-23 15:02:31 0 --a------ C:\CONFIG.SYS
2007-03-23 15:02:31 0 --a------ C:\AUTOEXEC.BAT
2007-03-23 15:02:17 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-23 15:01:27 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-23 15:01:27 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-23 15:01:17 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-03-23 15:01:13 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-23 15:00:58 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-23 15:00:40 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-23 15:00:31 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-23 15:00:30 67584 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-23 15:00:27 0 d---s---- C:\WINDOWS\Tasks
2007-03-23 15:00:27 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-23 15:00:26 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-23 15:00:23 0 d-------- C:\WINDOWS\srchasst
2007-03-23 15:00:22 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-23 15:00:19 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-23 15:00:19 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-23 15:00:19 128280 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-23 15:00:19 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-23 15:00:19 195352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-23 15:00:19 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-23 15:00:19 175384 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-23 15:00:19 125208 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-23 15:00:19 466200 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-23 15:00:18 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-23 15:00:18 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-23 15:00:18 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-23 15:00:18 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-23 15:00:15 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-23 15:00:11 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-23 15:00:11 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-23 15:00:11 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-23 15:00:11 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-23 15:00:08 240128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-23 15:00:08 0 d-------- C:\WINDOWS\system32\Restore
2007-03-23 15:00:08 32256 --a------ C:\WINDOWS\system32\fltMc.exe
2007-03-23 15:00:08 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-23 15:00:08 124800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-03-23 15:00:07 171008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-23 15:00:07 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-23 15:00:07 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-23 15:00:07 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-23 15:00:07 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-23 15:00:07 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-23 15:00:07 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-23 15:00:06 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-23 15:00:06 45056 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-23 15:00:04 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-23 15:00:04 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-23 15:00:03 49664 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-23 15:00:03 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-23 15:00:02 192000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-23 15:00:01 21504 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-23 15:00:01 278528 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-23 15:00:01 86016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-23 15:00:01 278528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-23 15:00:01 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-23 15:00:01 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-23 14:59:29 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-23 14:59:15 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-23 14:59:04 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-23 14:59:01 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-23 14:59:00 15360 --a------ C:\WINDOWS\system32\write.exe
2007-03-23 14:58:52 148992 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-23 14:58:52 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-23 14:58:52 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-23 14:58:52 231424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-23 14:58:52 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-23 14:58:51 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-23 14:58:46 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-23 14:58:45 129536 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-23 14:58:45 67072 --a------ C:\WINDOWS\system32\sol.exe
2007-03-23 14:58:45 90624 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-23 14:58:45 124928 --a------ C:\WINDOWS\system32\calc.exe
2007-03-23 14:58:44 1225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-23 14:58:44 27648 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-23 14:58:44 26112 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-23 14:58:44 25088 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-23 14:58:44 25088 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-23 14:58:44 25088 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-23 14:58:44 26112 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-23 14:58:44 19456 --a------ C:\WINDOWS\system32\reset.exe
2007-03-23 14:58:44 43520 --a------ C:\WINDOWS\system32\regini.exe
2007-03-23 14:58:44 4608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-23 14:58:44 32256 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-23 14:58:44 137728 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-23 14:58:44 65536 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-23 14:58:43 27136 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-23 14:58:43 31744 --a------ C:\WINDOWS\system32\msg.exe
2007-03-23 14:58:43 25600 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-23 14:58:43 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-23 14:58:42 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-23 14:58:42 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-23 14:58:42 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-23 14:58:42 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-23 14:58:42 14848 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-23 14:58:42 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-23 14:58:42 82432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-23 14:58:42 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-23 14:58:36 142336 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-23 14:58:36 134144 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-23 14:58:36 349696 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-23 14:58:36 197632 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-23 14:58:35 94720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-23 14:58:35 548864 --a------ C:\WINDOWS\system32\spider.exe
2007-03-23 14:58:35 354816 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-23 14:58:35 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-23 14:58:35 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-23 14:58:35 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-23 14:58:35 113152 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-23 14:58:35 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-23 14:58:34 54272 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-23 14:58:34 296448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-23 14:58:34 151552 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-23 14:58:34 60928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-23 14:58:34 76800 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-23 14:58:34 23552 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-23 14:58:34 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-23 14:58:34 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-23 14:58:34 418304 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-23 14:58:33 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-23 14:58:33 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-23 14:58:33 72192 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-23 14:58:33 30720 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-23 14:58:33 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-23 14:58:33 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-23 14:58:33 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-23 14:58:33 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-23 14:58:33 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-23 14:58:33 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-23 14:58:32 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-23 14:58:32 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-23 14:58:32 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-23 14:58:32 15872 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-23 14:58:31 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-23 14:58:31 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-23 14:58:31 0 d-------- C:\WINDOWS\system32\Com
2007-03-23 14:58:31 62464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-23 14:58:31 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-23 14:58:31 628224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-23 14:58:31 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-23 14:58:31 229888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-23 14:58:30 501248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-23 14:58:24 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-23 14:58:24 17920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-23 14:58:24 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-23 14:58:24 187904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-23 14:58:19 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-23 14:58:19 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys


-- Find3M Report ---------------------------------------------------------------

2007-03-23 15:53:01 62 --ahs---- C:\Documents and Settings\Ferson\Dane aplikacji\desktop.ini
2007-03-23 15:50:11 0 d-------- C:\Documents and Settings\Ferson\Dane aplikacji\Macromedia<MACROM~1>
2007-03-23 15:30:38 0 d-------- C:\Documents and Settings\Ferson\Dane aplikacji\Mozilla
2007-03-23 15:22:26 0 d---s---- C:\Documents and Settings\Ferson\Dane aplikacji\Microsoft<MICROS~1>
2007-03-23 15:22:26 0 d-------- C:\Documents and Settings\Ferson\Dane aplikacji\ATI
2007-03-23 15:18:43 495436 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-23 15:18:43 73532 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-23 15:07:30 0 d-------- C:\Documents and Settings\Ferson\Dane aplikacji\Identities<IDENTI~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"tcpipmon"="tcpipmon.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{001EDCF2-0AF9-1045-0320-060511060030}"="\"C:\\Program Files\\Common Files\\{001EDCF2-0AF9-1045-0320-060511060030}\\Update.exe\" te-110-12-0000122"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{001EDCF2-0AF9-1045-0320-060511060030}"="\"C:\\Program Files\\Common Files\\{001EDCF2-0AF9-1045-0320-060511060030}\\Update.exe\" te-110-12-0000122"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- Hosts -----------------------------------------------------------------------

127.0.0.1 ircer.pl


-- End of ComboScan: finished at 2007-03-23 at 16:10:06 ------------------------

jak narazie się nic nie dzieje ale raczej potem znów będzie lypa ;/

[wojtas]

sciagnij:

ATF_Cleaner
http://www.atribune.org/ccount/click.php?id=1
zaznacz
Windows Temp
Temporary internet files
i wcisnij EMPTY SELECTED

sciagnij killbox`a:

http://www.wiruskill.pl/forum/viewtopic.php?t=58

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę :

C:\WINDOWS\system32\rpcc.dll

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)


Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach)
Start do awaryjnego ( F8 ) przy starcie komputera.

Start -> uruchom -> services.msc -> zatrzymaj i wyłącz usługe Client IP-IPX

C:\WINDOWS\REGEDIT.COM
C:\whtvhj.exe
C:\nyjeldqi.exe
C:\WINDOWS\system32\msvcrl.dll
C:\Program Files\Common Files\{001EDCF2-0AF9-1045-0320-060511060030}
C:\WINDOWS\system32\VT100.EXE
C:\WINDOWS\system32\unsvchosts.exe
C:\Program Files\Common Files\{001EDCF2-0AFA-1045-0320-060511060030}
C:\Program Files\Common Files\{001EDCF2-0AF9-1045-0320-060511060030}\Update.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000122 (file missing)

Odpalasz hijackthis i zaznaczasz ptaszkami powyższe wpisy i dajesz Fix checked.
Pogrubione pliki usuwasz ręcznie z dysku
potem nowe logi z Hijack This oraz Silent runners i combo

[at]

zrobiłem wszystko co napisałeś powyżej, lecz jednak gdy włączyłem komputer normalnie trojany jak by saię odrodziły :|
wszystko jest jak wtedy :|
tcpipmon.exe
powrócił :|
mam dialog 2mb, może powinienem zadzwonić po nowe IP ??
hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 17:12:19, on 2007-03-23
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Documents and Settings\Ferson\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

SILENT

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" [file not found]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"tcpipmon" = "tcpipmon.exe" [MS]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> rpcc\DLLName = "C:\WINDOWS\system32\rpcc.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 38 seconds, including 10 seconds for message boxes)

COMBO

ComboScan v20070306.20 run by Ferson on 2007-03-23 at 17:14:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-03-23 17:14:35
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ferson\Pulpit\comboscan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 127.0.0.1 ircer.pl
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Urządzenie alarmowe (Alerter) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Zarządzanie aplikacjami (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: Ati HotKey Poller - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: Usługa inteligentnego transferu w tle (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Przeglądarka komputera (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa indeksowania (CiSvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: Client IP-IPX - "C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000122
O23 - Service: ClipBook (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: Aplikacja systemowa modelu COM+ (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Usługi kryptograficzne (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Program uruchamiający proces serwera DCOM (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: Klient DHCP (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Menedżer dysków logicznych (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Klient DNS (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Usługa raportowania błędów (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dziennik zdarzeń (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: System zdarzeń COM+ (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zgodność szybkiego przełączania użytkowników (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Pomoc i obsługa techniczna (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Dostęp do urządzeń interfejsu HID (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: Usługa COM nagrywania dysków CD IMAPI (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: Serwer (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Stacja robocza (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Pomoc TCP/IP NetBIOS (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Posłaniec (Messenger) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Instalator Windows (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: DDE sieci (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE sieci (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Logowanie do sieci (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Połączenia sieciowe (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozpoznawanie lokalizacji w sieci (NLA) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa NT LM Security Support Provider (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn wymienny (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Plug and Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: Usługi IPSEC (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Magazyn chroniony (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Menedżer autopołączenia dostępu zdalnego (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer połączeń usługi Dostęp zdalny (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Menedżer sesji pomocy pulpitu zdalnego (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing i dostęp zdalny (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rejestr zdalny (RemoteRegistry) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Lokalizator usługi zdalnego wywołania procedury (RPC) (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Zdalne wywoływanie procedur (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Menedżer kont zabezpieczeń (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Karta inteligentna (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Harmonogram zadań (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Logowanie pomocnicze (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Zawiadomienie o zdarzeniu systemowym (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Zapora systemu Windows/Udostępnianie połączenia internetowego (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Wykrywanie sprzętu powłoki (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Bufor wydruku (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Usługa przywracania systemu (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa odnajdywania SSDP (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{CB103006-5F2C-4F63-9E4A-E4506CB87CA5}
O23 - Service: Dzienniki wydajności i alerty (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługi terminalowe (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Kompozycje (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Telnet (TlntSvr) - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Klient śledzenia łączy rozproszonych (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Host uniwersalnego urządzenia Plug and Play (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Zasilacz awaryjny (UPS) (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Kopiowanie woluminów w tle (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Usługa Czas systemu Windows (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Instrumentacja zarządzania Windows (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Usługa numeru seryjnego multimediów przenośnych (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Rozszerzenia sterownika Instrumentacji zarządzania Windows (Wmi) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Karta wydajności WMI (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Centrum zabezpieczeń (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Aktualizacje automatyczne (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Konfiguracja zerowej sieci bezprzewodowej (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Usługa dostarczania sieci (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Files created between 2007-02-23 and 2007-03-23 -----------------------------

2007-03-23 17:09:36 11725 --a------ C:\whtvhj.exe
2007-03-23 17:09:15 0 d-------- C:\WINDOWS\LastGood
2007-03-23 17:08:48 40448 --a------ C:\WINDOWS\system32\tcpipmon.exe
2007-03-23 16:36:37 40448 -----n--- C:\WINDOWS\system32\rpcc.dll
2007-03-23 16:33:45 0 d-------- C:\!KillBox
2007-03-23 16:06:15 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-23 16:06:07 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-23 15:57:03 149504 --a------ C:\WINDOWS\system32\TASKMGR.COM
2007-03-23 15:57:03 149504 --a------ C:\WINDOWS\system32\T.COM
2007-03-23 15:56:03 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-23 15:55:12 58624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-23 15:54:35 77312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-23 15:54:18 139264 --a------ C:\WINDOWS\system32\zip.exe
2007-03-23 15:54:18 185344 --a------ C:\WINDOWS\system32\strings.exe
2007-03-23 15:54:18 28672 --a------ C:\WINDOWS\system32\restart.exe
2007-03-23 15:54:18 65536 --a------ C:\WINDOWS\system32\Process.exe
2007-03-23 15:54:18 48912 --a------ C:\WINDOWS\system32\Ntrights.exe
2007-03-23 15:54:18 11254 --a------ C:\WINDOWS\system32\locate.com
2007-03-23 15:53:29 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-23 15:53:29 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-23 15:53:26 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-23 15:53:25 0 dr------- C:\Program Files<PROGRA~1>
2007-03-23 15:53:22 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-23 15:53:22 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-23 15:53:22 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-23 15:53:21 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-23 15:53:21 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-23 15:53:19 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-23 15:53:18 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-23 15:53:18 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-23 15:53:18 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-23 15:53:18 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-23 15:53:18 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-23 15:53:18 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-23 15:53:17 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-23 15:53:17 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-23 15:53:17 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-23 15:53:17 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-23 15:53:17 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-23 15:53:14 6656 --a------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-23 15:53:14 6656 --a------ C:\WINDOWS\system32\kbdsl.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdycl.dll
2007-03-23 15:53:13 5632 --a------ C:\WINDOWS\system32\kbdro.dll
2007-03-23 15:53:13 5632 --a------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdhu.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-23 15:53:13 7168 --a------ C:\WINDOWS\system32\kbdcz.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\kbdcr.dll
2007-03-23 15:53:13 6656 --a------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-23 15:53:12 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-23 15:53:12 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-23 15:53:12 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-23 15:53:12 85532 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-23 15:53:12 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-23 15:53:11 9168 --a------ C:\WINDOWS\system\VER.DLL
2007-03-23 15:53:11 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-23 15:53:11 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-23 15:53:11 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-23 15:53:11 83456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-23 15:53:11 127008 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-23 15:53:10 25088 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-23 15:53:10 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-23 15:53:10 33376 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-23 15:53:10 109488 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-23 15:53:10 70096 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-23 15:53:09 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-23 15:53:09 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-23 15:53:09 69552 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-23 15:53:09 79872 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-23 15:53:08 75776 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-23 15:52:49 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-23 15:52:49 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-23 15:52:21 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-23 15:52:20 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-03-23 15:47:09 0 d-------- C:\WINDOWS
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\WinSxS
2007-03-23 15:47:09 0 dr------- C:\WINDOWS\Web
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\twain_32
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\wins
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\wbem
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\usmt
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\spool
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\Setup
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\ras
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\oobe
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\npp
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\mui
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\IME
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\ias
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\export
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\drivers
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-23 15:47:09 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\config
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\3076
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\2052
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1054
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1045
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1042
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1041
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1037
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1033
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1031
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1028
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system32\1025
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\system
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\security
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\repair
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\PeerNet
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\pchealth
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\mui
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\msapps
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\msagent
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Media
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\java
2007-03-23 15:47:09 0 d--h----- C:\WINDOWS\inf
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\ime
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Help
2007-03-23 15:47:09 0 dr--s---- C:\WINDOWS\Fonts
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\ehome
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Debug
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Cursors
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\Config
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\AppPatch
2007-03-23 15:47:09 0 d-------- C:\WINDOWS\addins
2007-03-23 15:42:37 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-23 15:42:33 0 d-------- C:\Program Files\Grisoft
2007-03-23 15:35:18 0 d-------- C:\Program Files\SubEdit-Player<SUBEDI~1>
2007-03-23 15:30:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-23 15:29:35 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-23 15:27:53 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-03-23 15:24:54 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-23 15:24:54 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-23 15:24:53 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-23 15:24:53 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-23 15:24:53 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-23 15:24:49 348160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-03-23 15:24:49 499712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-03-23 15:24:49 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-23 15:24:49 102400 -----n--- C:\WINDOWS\system32\AVASTSS.scr
2007-03-23 15:24:49 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-23 15:24:46 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-23 15:20:29 0 d-------- C:\Program Files\Common Files\ATI Technologies<ATITEC~1>
2007-03-23 15:18:30 0 d-------- C:\WINDOWS\pss
2007-03-23 15:17:55 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-03-23 15:17:55 0 dr--s---- C:\WINDOWS\assembly
2007-03-23 15:17:54 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-23 15:17:25 532480 -----n--- C:\WINDOWS\system32\ati2sgag.exe
2007-03-23 15:17:20 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-23 15:17:18 121995 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-03-23 15:17:05 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-03-23 15:15:49 0 d-------- C:\Program Files\Marvell
2007-03-23 15:15:05 0 d-------- C:\WINDOWS\system32\Lang
2007-03-23 15:13:15 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-23 15:13:14 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-23 15:13:13 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-23 15:13:12 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-23 15:13:10 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-23 15:13:09 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-23 15:13:08 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-23 15:13:07 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-23 15:13:06 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-23 15:13:05 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-23 15:13:03 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-23 15:12:47 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-23 15:12:47 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-23 15:09:25 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-23 15:09:23 307200 --a------ C:\WINDOWS\HideWin.exe
2007-03-23 15:09:22 2814976 --a------ C:\WINDOWS\ALCWZRD.EXE
2007-03-23 15:09:21 102400 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-03-23 15:09:21 14487040 --a------ C:\WINDOWS\RTHDCPL.EXE
2007-03-23 15:09:21 2041856 --a------ C:\WINDOWS\MicCal.exe
2007-03-23 15:09:20 156672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-03-23 15:09:20 0 d-------- C:\WINDOWS\system32\RTCOM
2007-03-23 15:09:20 3134976 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-03-23 15:09:20 53248 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-03-23 15:09:20 9708544 --a------ C:\WINDOWS\RTLCPL.EXE
2007-03-23 15:09:08 0 d-------- C:\Program Files\Realtek
2007-03-23 15:09:08 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-23 15:09:03 487424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-03-23 15:09:00 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-23 15:08:46 5810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-03-23 15:08:43 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-03-23 15:06:30 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-23 15:06:28 0 d-------- C:\WINDOWS\Prefetch
2007-03-23 15:02:51 0 d-------- C:\WINDOWS\system32\xircom
2007-03-23 15:02:51 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-23 15:02:31 0 -rahs---- C:\MSDOS.SYS
2007-03-23 15:02:31 0 -rahs---- C:\IO.SYS
2007-03-23 15:02:31 0 --a------ C:\CONFIG.SYS
2007-03-23 15:02:31 0 --a------ C:\AUTOEXEC.BAT
2007-03-23 15:02:17 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-23 15:01:27 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-23 15:01:27 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-23 15:01:17 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-03-23 15:01:13 0 d-------- C:\Program Files\Usługi online<USUGIO~1>
2007-03-23 15:00:58 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-23 15:00:40 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-23 15:00:31 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-23 15:00:30 67584 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-23 15:00:27 0 d---s---- C:\WINDOWS\Tasks
2007-03-23 15:00:27 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-23 15:00:26 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-23 15:00:23 0 d-------- C:\WINDOWS\srchasst
2007-03-23 15:00:22 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-23 15:00:19 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-23 15:00:19 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-23 15:00:19 128280 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-23 15:00:19 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-23 15:00:19 195352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-23 15:00:19 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-23 15:00:19 175384 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-23 15:00:19 125208 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-23 15:00:19 466200 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-23 15:00:18 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-23 15:00:18 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-23 15:00:18 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-23 15:00:18 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-23 15:00:15 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-23 15:00:11 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-23 15:00:11 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-23 15:00:11 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-23 15:00:11 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-23 15:00:08 240128 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-23 15:00:08 0 d-------- C:\WINDOWS\system32\Restore
2007-03-23 15:00:08 32256 --a------ C:\WINDOWS\system32\fltMc.exe
2007-03-23 15:00:08 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-23 15:00:08 124800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-03-23 15:00:07 171008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-23 15:00:07 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-23 15:00:07 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-23 15:00:07 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-23 15:00:07 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-23 15:00:07 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-23 15:00:07 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-23 15:00:06 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-23 15:00:06 45056 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-23 15:00:04 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-23 15:00:04 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-23 15:00:03 49664 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-23 15:00:03 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-23 15:00:02 192000 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-23 15:00:01 21504 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-23 15:00:01 278528 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-23 15:00:01 86016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-23 15:00:01 278528 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-23 15:00:01 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-23 15:00:01 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-23 14:59:29 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-23 14:59:15 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-23 14:59:04 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-23 14:59:01 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-23 14:59:00 15360 --a------ C:\WINDOWS\system32\write.exe
2007-03-23 14:58:52 148992 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-23 14:58:52 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-23 14:58:52 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-23 14:58:52 231424 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-23 14:58:52 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-23 14:58:51 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-23 14:58:46 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-23 14:58:45 129536 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-23 14:58:45 67072 --a------ C:\WINDOWS\system32\sol.exe
2007-03-23 14:58:45 90624 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-23 14:58:45 124928 --a------ C:\WINDOWS\system32\calc.exe
2007-03-23 14:58:44 1225 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-23 14:58:44 27648 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-23 14:58:44 26112 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-23 14:58:44 25088 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-23 14:58:44 25088 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-23 14:58:44 25088 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-23 14:58:44 26112 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-23 14:58:44 19456 --a------ C:\WINDOWS\system32\reset.exe
2007-03-23 14:58:44 43520 --a------ C:\WINDOWS\system32\regini.exe
2007-03-23 14:58:44 4608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-23 14:58:44 32256 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-23 14:58:44 137728 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-23 14:58:44 65536 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-23 14:58:43 27136 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-23 14:58:43 31744 --a------ C:\WINDOWS\system32\msg.exe
2007-03-23 14:58:43 25600 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-23 14:58:43 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-23 14:58:42 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-23 14:58:42 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-23 14:58:42 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-23 14:58:42 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-23 14:58:42 14848 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-23 14:58:42 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-23 14:58:42 82432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-23 14:58:42 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-23 14:58:36 142336 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-23 14:58:36 134144 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-23 14:58:36 349696 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-23 14:58:36 197632 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-23 14:58:35 94720 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-23 14:58:35 548864 --a------ C:\WINDOWS\system32\spider.exe
2007-03-23 14:58:35 354816 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-23 14:58:35 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-23 14:58:35 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-23 14:58:35 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-23 14:58:35 113152 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-23 14:58:35 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-23 14:58:34 54272 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-23 14:58:34 296448 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-23 14:58:34 151552 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-23 14:58:34 60928 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-23 14:58:34 76800 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-23 14:58:34 23552 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-23 14:58:34 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-23 14:58:34 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-23 14:58:34 418304 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-23 14:58:33 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-23 14:58:33 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-23 14:58:33 72192 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-23 14:58:33 30720 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-23 14:58:33 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-23 14:58:33 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-23 14:58:33 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-23 14:58:33 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-23 14:58:33 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-23 14:58:33 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-23 14:58:32 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-23 14:58:32 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-23 14:58:32 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-23 14:58:32 15872 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-23 14:58:31 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-23 14:58:31 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-23 14:58:31 0 d-------- C:\WINDOWS\system32\Com
2007-03-23 14:58:31 62464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-23 14:58:31 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-23 14:58:31 628224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-23 14:58:31 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-23 14:58:31 229888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-23 14:58:30 501248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-23 14:58:24 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-23 14:58:24 17920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-23 14:58:24 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-23 14:58:24 187904 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-23 14:58:19 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-23 14:58:19 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys


-- Find3M Report ---------------------------------------------------------------

2007-03-23 15:53:01 62 --ahs---- C:\Documents and Settings\Ferson\Dane aplikacji\desktop.ini
2007-03-23 15:50:11 0 d-------- C:\Documents and Settings\Ferson\Dane aplikacji\Macromedia<MACROM~1>
2007-03-23 15:30:38 0 d-------- C:\Documents and Settings\Ferson\Dane aplikacji\Mozilla
2007-03-23 15:22:26 0 d---s---- C:\Documents and Settings\Ferson\Dane aplikacji\Microsoft<MICROS~1>
2007-03-23 15:22:26 0 d-------- C:\Documents and Settings\Ferson\Dane aplikacji\ATI
2007-03-23 15:18:43 495436 --a------ C:\WINDOWS\system32\perfh015.dat
2007-03-23 15:18:43 73532 --a------ C:\WINDOWS\system32\perfc015.dat
2007-03-23 15:07:30 0 d-------- C:\Documents and Settings\Ferson\Dane aplikacji\Identities<IDENTI~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"tcpipmon"="tcpipmon.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{001EDCF2-0AF9-1045-0320-060511060030}"="\"C:\\Program Files\\Common Files\\{001EDCF2-0AF9-1045-0320-060511060030}\\Update.exe\" te-110-12-0000122"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{001EDCF2-0AF9-1045-0320-060511060030}"="\"C:\\Program Files\\Common Files\\{001EDCF2-0AF9-1045-0320-060511060030}\\Update.exe\" te-110-12-0000122"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-03-23 at 17:15:01 ------------------------

[wojtas]

zainstaluj:

http://www.programosy.pl/program,kerio-personal-firewall.html


czy masz zamkniete porty w WWDC??

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\tcpipmon.exe
C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\svchosts.exe
C:\whtvhj.exe

Drivers to unload:

Client IP-IPX-

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Po restarcie w HijackThis usuwasz wpis/y

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

otwierasz notatnik wklejasz:

Windows Registry Editor Version 5.00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{001EDCF2-0AF9-1045-0320-060511060030}"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{001EDCF2-0AF9-1045-0320-060511060030}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc]

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z HijackThis + log z Silent Runners i combo

Autor postu otrzymał pochwałę

[at]

wojtas19162
wielkie dzięki za pomoc ofcooz pluss ;]

jeszcze jedno

zainstalowałem teraz Kasprzaka i avp.exe
żre mi 48 % procka w zwyż ;/
dlaczeo tak się dzieje ? ;/

log z HJT

Logfile of HijackThis v1.99.1
Scan saved at 22:00:54, on 2007-03-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Progsy\utorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\WapSter\AQQ\AQQ.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Native Instruments\Traktor DJ Studio 2\TraktorDJStudio2.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bogdan\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [VS Online] "C:\Program Files\VS Online\VSOnline.exe" /tray
O4 - Startup: Budzik.lnk = C:\Program Files\Budzik\budzik.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174722510484
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[wojtas]

log z silent runners i comboscana pokaz:
http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
http://forum.programosy.pl/dodatkowe-narzedzia-do-usuwania-i-ochrony-vt42021.html

[at]

Silent

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"AQQ" = "C:\PROGRA~1\WapSter\AQQ\AQQ.exe" ["AQQ Sp. z o.o."]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"VS Online" = ""C:\Program Files\VS Online\VSOnline.exe" /tray" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"Flashget" = "C:\Program Files\FlashGet\FlashGet.exe /min" ["FlashGet.com"]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = "flashget urlcatch"
-> {HKLM...CLSID} = "FGCatchUrl"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\(Default) = "Ask Search Assistant BHO"
-> {HKLM...CLSID} = "Ask Search Assistant BHO"
\InProcServer32\(Default) = "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" ["Ask.com"]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FlashGet GetFlash Class"
\InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" ["www.flashget.com"]
{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\(Default) = "Ask Toolbar BHO"
-> {HKLM...CLSID} = "Ask Toolbar BHO"
\InProcServer32\(Default) = "C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL" ["Ask.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}" = "AQQ File Transfer Shell Extension"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus statistics"
-> {HKLM...CLSID} = "Web Anti-Virus statistics"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{46E22146-59C0-4136-9233-FB7720E777B2}" = "EzCddax extension"
-> {HKLM...CLSID} = "EzCddax Class"
\InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 10\ezcddax10.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AQQFileTransfer\(Default) = "{453D1B6D-BD6A-4FA1-B876-9E4DD848D434}"
-> {HKLM...CLSID} = "AQQ File Transfer Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\WapSter\AQQ\System\AQQSHE~1.DLL" [null data]
EzCddax\(Default) = "{46E22146-59C0-4136-9233-FB7720E777B2}"
-> {HKLM...CLSID} = "EzCddax Class"
\InProcServer32\(Default) = "C:\Program Files\Easy CD-DA Extractor 10\ezcddax10.dll" [null data]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "Bogdan" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\Bogdan\Menu Start\Programy\Autostart
"Budzik" -> shortcut to: "C:\Program Files\Budzik\budzik.exe" ["BLITZ-ART"]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{FE063DB9-4EC0-403E-8DD8-394C54984B2C}"
-> {HKLM...CLSID} = "Ask Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL" ["Ask.com"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{FE063DB9-4EC0-403E-8DD8-394C54984B2C}" = (no title provided)
-> {HKLM...CLSID} = "Ask Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL" ["Ask.com"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{72FE8681-0BFA-471B-9B2A-B37ED68DD09E}\(Default) = "Ask PopSwatter"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web Anti-Virus statistics"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Web Anti-Virus statistics"

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:\Program Files\FlashGet\FlashGet.exe" ["FlashGet.com"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" ["Ask.com"]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Kaspersky Anti-Virus 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r" ["Kaspersky Lab"]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 39 seconds, including 3 seconds for message boxes)

COMBO
zawiesił się jak AQQ i GG ;]
potem dam

[wojtas]

to czekamt na combo