13.11.2011, 10:42
"___" - 07-01-18 12:58:30Dodatek Service Pack 2
ComboFix 07-01-18 - Running from: "C
ocuments and Settings___Pulpit"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
Cocuments and
Settings___Pulpitfffgotoweswietokrzyska_07swietokrzyskie2007imageshtmlwgbraki_pli
ki_desktop.ini
Cocuments and
Settings___Pulpitfffgotoweswietokrzyska_07swietokrzyskie2007imageshtmlwglatkowski
_2278175_pliki_desktop.ini
Cocuments and
Settings___Pulpitfffgotoweswietokrzyska_07swietokrzyskie2007imageshtmlwgzto_22780
03_pliki_desktop.ini
((((((((((((((((((((((((((((((( Files Created from 2006-12-18 to 2007-01-18
))))))))))))))))))))))))))))))))))
2007-01-17 08:06 <DIR> d-------- C
rogram FilesElephant Software
2007-01-12 14:33 <DIR> d-------- COCUME~1ALLUSE~1Dane aplikacjiWindows
Genuine Advantage
2007-01-12 13:26 <DIR> d-------- Crogram FilesAutoPatcher
2007-01-10 13:18 <DIR> dr------- C:Tapetki
2007-01-09 08:08 <DIR> d-------- Crogram FilesRogueRemover
2007-01-04 10:44 <DIR> d-------- C:WINDOWSsystem32NtmsData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-18 12:53 -------- d-------- Crogram Filesmozilla
thunderbird
2007-01-18 11:42 -------- d-------- Crogram Filesmozilla firefox
2007-01-18 10:48 -------- d-------- Crogram Fileskalendarz xp
2007-01-12 13:57 -------- d-------- Crogram Filesmessenger
2007-01-11 08:45 -------- d-------- Crogram Filesjava
2007-01-10 06:57 -------- d-------- Crogram Filesantivir
personaledition classic
2006-12-11 13:43 -------- d-------- Crogram Filessygate
2006-12-11 08:34 -------- d-------- Crogram Fileslavasoft
2006-12-07 12:00 -------- d-------- Crogram Filesstartup inspector
for windows
2006-12-07 11:59 -------- d-------- COCUME~1___Dane
aplikacjiwsinspector
2006-12-07 07:40 2362184 --a------ C:WINDOWSsystem32wmvcore.dll
2006-12-01 10:24 -------- d-------- Crogram Filesdavilex games
2006-11-29 09:48 -------- d-------- Crogram Filesniempol
2006-11-27 13:46 -------- d-------- COCUME~1___Dane
aplikacjiskype
2006-11-23 10:56 -------- d-------- Crogram Filesskaneronline
2006-11-22 11:55 -------- d-------- Crogram Filesedgard
2006-11-21 14:17 -------- d-------- Crogram Fileslantricks
2006-11-08 06:07 679424 --a------ C:WINDOWSsystem32inetcomm.dll
2006-10-20 02:39 714240 --a------ C:WINDOWSsystem32sxs.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray"
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start"
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe"
"avgnt"=""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min"
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe"
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe -startgui"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponents]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponentsIMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponentsMAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponentsMSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPDJ Taskbar
Utility]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="hpztsb07"
"hkey"="HKLM"
"command"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared
toolsmsconfigstartupreghpWirelessAssistant]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="HP Wireless Assistant"
"hkey"="HKLM"
"command"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="jusched"
"hkey"="HKLM"
"command"=""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe""
"inimapping"="0"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionSvchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
LocalService REG_MULTI_SZ
AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070112-124415-399
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20070111-144417-873
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram
FilesJavajre1.5.0_10binssv.dll
backup-20070111-144407-616
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20070111-140816-781
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
Crogram FilesJavajre1.5.0_10binnpjpi150_10.dll
backup-20070111-140816-425
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20070111-140815-443
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram
FilesJavajre1.5.0_10binnpjpi150_10.dll
backup-20061207-114305-159
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-112752-956
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-105709-298
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-105653-214
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-105653-641
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) -
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
backup-20060921-071745-615
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20060921-071705-507
O4 - Global Startup: Kalendarz XP.lnk = Crogram FilesKalendarz XPKalendarz.exe
backup-20060921-071705-693
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
O4 - HKLM..Run: [iPlusManager]"Crogram FilesiPlusiPlusChecker.exe"
backup-20060921-071045-182
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram
FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
backup-20060921-071045-224
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20060707-132338-246
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
Witam
Transfer który widziałem pokazywał program Kalendarz. Okazało się że przestawił się w opcjach kalendarza adres IP dla którego będzie przeprowadzana statystyka czyli pokazywany wykres na 127.0.0.1 Przestawienie na IP sieci usunęło to zjawisko.
Antyvir widocznie ma jakąś aktywność na tym wewnętrznym IP.
Swoją drogą to ciekawe czy wszystkie antyviry mają taką cechę?
ComboFix 07-01-18 - Running from: "C
ocuments and Settings___Pulpit"(((((((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
C
ocuments and Settings___Pulpitfffgotoweswietokrzyska_07swietokrzyskie2007imageshtmlwgbraki_pli
ki_desktop.ini
C
ocuments and Settings___Pulpitfffgotoweswietokrzyska_07swietokrzyskie2007imageshtmlwglatkowski
_2278175_pliki_desktop.ini
C
ocuments and Settings___Pulpitfffgotoweswietokrzyska_07swietokrzyskie2007imageshtmlwgzto_22780
03_pliki_desktop.ini
((((((((((((((((((((((((((((((( Files Created from 2006-12-18 to 2007-01-18
))))))))))))))))))))))))))))))))))
2007-01-17 08:06 <DIR> d-------- C
rogram FilesElephant Software2007-01-12 14:33 <DIR> d-------- C
OCUME~1ALLUSE~1Dane aplikacjiWindows Genuine Advantage
2007-01-12 13:26 <DIR> d-------- C
rogram FilesAutoPatcher2007-01-10 13:18 <DIR> dr------- C:Tapetki
2007-01-09 08:08 <DIR> d-------- C
rogram FilesRogueRemover2007-01-04 10:44 <DIR> d-------- C:WINDOWSsystem32NtmsData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-18 12:53 -------- d-------- C
rogram Filesmozilla thunderbird
2007-01-18 11:42 -------- d-------- C
rogram Filesmozilla firefox2007-01-18 10:48 -------- d-------- C
rogram Fileskalendarz xp2007-01-12 13:57 -------- d-------- C
rogram Filesmessenger2007-01-11 08:45 -------- d-------- C
rogram Filesjava2007-01-10 06:57 -------- d-------- C
rogram Filesantivir personaledition classic
2006-12-11 13:43 -------- d-------- C
rogram Filessygate2006-12-11 08:34 -------- d-------- C
rogram Fileslavasoft2006-12-07 12:00 -------- d-------- C
rogram Filesstartup inspector for windows
2006-12-07 11:59 -------- d-------- C
OCUME~1___Dane aplikacjiwsinspector
2006-12-07 07:40 2362184 --a------ C:WINDOWSsystem32wmvcore.dll
2006-12-01 10:24 -------- d-------- C
rogram Filesdavilex games2006-11-29 09:48 -------- d-------- C
rogram Filesniempol2006-11-27 13:46 -------- d-------- C
OCUME~1___Dane aplikacjiskype
2006-11-23 10:56 -------- d-------- C
rogram Filesskaneronline2006-11-22 11:55 -------- d-------- C
rogram Filesedgard2006-11-21 14:17 -------- d-------- C
rogram Fileslantricks2006-11-08 06:07 679424 --a------ C:WINDOWSsystem32inetcomm.dll
2006-10-20 02:39 714240 --a------ C:WINDOWSsystem32sxs.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray"
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start"
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe"
"avgnt"=""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min"
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe"
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe -startgui"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponents]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponentsIMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponentsMAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponentsMSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPDJ Taskbar
Utility]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="hpztsb07"
"hkey"="HKLM"
"command"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared
toolsmsconfigstartupreghpWirelessAssistant]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="HP Wireless Assistant"
"hkey"="HKLM"
"command"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="jusched"
"hkey"="HKLM"
"command"=""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe""
"inimapping"="0"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionSvchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
LocalService REG_MULTI_SZ
AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070112-124415-399
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20070111-144417-873
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C
rogram FilesJavajre1.5.0_10binssv.dll
backup-20070111-144407-616
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20070111-140816-781
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C
rogram FilesJavajre1.5.0_10binnpjpi150_10.dllbackup-20070111-140816-425
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20070111-140815-443
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C
rogram FilesJavajre1.5.0_10binnpjpi150_10.dll
backup-20061207-114305-159
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-112752-956
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-105709-298
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-105653-214
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-105653-641
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) -
[Aby zobaczyć linki, zarejestruj się tutaj]
backup-20061123-105650-137O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
[Aby zobaczyć linki, zarejestruj się tutaj]
backup-20061123-105650-158O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
backup-20060921-071745-615
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20060921-071705-507
O4 - Global Startup: Kalendarz XP.lnk = C
rogram FilesKalendarz XPKalendarz.exebackup-20060921-071705-693
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
[Aby zobaczyć linki, zarejestruj się tutaj]
backup-20060921-071129-389O4 - HKLM..Run: [iPlusManager]"C
rogram FilesiPlusiPlusChecker.exe"backup-20060921-071045-182
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C
rogram FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
backup-20060921-071045-224
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20060707-132338-246
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
[Aby zobaczyć linki, zarejestruj się tutaj]
Completion time: 07-01-18 13:00:54Witam
Transfer który widziałem pokazywał program Kalendarz. Okazało się że przestawił się w opcjach kalendarza adres IP dla którego będzie przeprowadzana statystyka czyli pokazywany wykres na 127.0.0.1 Przestawienie na IP sieci usunęło to zjawisko.
Antyvir widocznie ma jakąś aktywność na tym wewnętrznym IP.
Swoją drogą to ciekawe czy wszystkie antyviry mają taką cechę?