"___" - 07-01-18 12:58:30Dodatek Service Pack 2
ComboFix 07-01-18 - Running from: "C
ocuments and Settings___Pulpit"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
C
ocuments and
Settings___Pulpitfffgotoweswietokrzyska_07swietokrzyskie2007imageshtmlwgbraki_pli
ki_desktop.ini
C
ocuments and
Settings___Pulpitfffgotoweswietokrzyska_07swietokrzyskie2007imageshtmlwglatkowski
_2278175_pliki_desktop.ini
C
ocuments and
Settings___Pulpitfffgotoweswietokrzyska_07swietokrzyskie2007imageshtmlwgzto_22780
03_pliki_desktop.ini
((((((((((((((((((((((((((((((( Files Created from 2006-12-18 to 2007-01-18
))))))))))))))))))))))))))))))))))
2007-01-17 08:06 <DIR> d-------- C
rogram FilesElephant Software
2007-01-12 14:33 <DIR> d-------- C
OCUME~1ALLUSE~1Dane aplikacjiWindows
Genuine Advantage
2007-01-12 13:26 <DIR> d-------- C
rogram FilesAutoPatcher
2007-01-10 13:18 <DIR> dr------- C:Tapetki
2007-01-09 08:08 <DIR> d-------- C
rogram FilesRogueRemover
2007-01-04 10:44 <DIR> d-------- C:WINDOWSsystem32NtmsData
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-18 12:53 -------- d-------- C
rogram Filesmozilla
thunderbird
2007-01-18 11:42 -------- d-------- C
rogram Filesmozilla firefox
2007-01-18 10:48 -------- d-------- C
rogram Fileskalendarz xp
2007-01-12 13:57 -------- d-------- C
rogram Filesmessenger
2007-01-11 08:45 -------- d-------- C
rogram Filesjava
2007-01-10 06:57 -------- d-------- C
rogram Filesantivir
personaledition classic
2006-12-11 13:43 -------- d-------- C
rogram Filessygate
2006-12-11 08:34 -------- d-------- C
rogram Fileslavasoft
2006-12-07 12:00 -------- d-------- C
rogram Filesstartup inspector
for windows
2006-12-07 11:59 -------- d-------- C
OCUME~1___Dane
aplikacjiwsinspector
2006-12-07 07:40 2362184 --a------ C:WINDOWSsystem32wmvcore.dll
2006-12-01 10:24 -------- d-------- C
rogram Filesdavilex games
2006-11-29 09:48 -------- d-------- C
rogram Filesniempol
2006-11-27 13:46 -------- d-------- C
OCUME~1___Dane
aplikacjiskype
2006-11-23 10:56 -------- d-------- C
rogram Filesskaneronline
2006-11-22 11:55 -------- d-------- C
rogram Filesedgard
2006-11-21 14:17 -------- d-------- C
rogram Fileslantricks
2006-11-08 06:07 679424 --a------ C:WINDOWSsystem32inetcomm.dll
2006-10-20 02:39 714240 --a------ C:WINDOWSsystem32sxs.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray"
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start"
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start"
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe"
"avgnt"=""C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min"
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe"
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe -startgui"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponents]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponentsIMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponentsMAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunOptionalComponentsMSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupreg]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHPDJ Taskbar
Utility]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="hpztsb07"
"hkey"="HKLM"
"command"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared
toolsmsconfigstartupreghpWirelessAssistant]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="HP Wireless Assistant"
"hkey"="HKLM"
"command"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="jusched"
"hkey"="HKLM"
"command"=""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe""
"inimapping"="0"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionSvchost]
HTTPFilter REG_MULTI_SZ HTTPFilter
LocalService REG_MULTI_SZ
AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20070112-124415-399
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20070111-144417-873
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C
rogram
FilesJavajre1.5.0_10binssv.dll
backup-20070111-144407-616
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20070111-140816-781
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C
rogram FilesJavajre1.5.0_10binnpjpi150_10.dll
backup-20070111-140816-425
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20070111-140815-443
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C
rogram
FilesJavajre1.5.0_10binnpjpi150_10.dll
backup-20061207-114305-159
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-112752-956
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-105709-298
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-105653-214
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20061123-105653-641
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) -
[Aby zobaczyć linki, zarejestruj się tutaj]
backup-20061123-105650-137
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
[Aby zobaczyć linki, zarejestruj się tutaj]
backup-20061123-105650-158
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
backup-20060921-071745-615
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20060921-071705-507
O4 - Global Startup: Kalendarz XP.lnk = C
rogram FilesKalendarz XPKalendarz.exe
backup-20060921-071705-693
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
[Aby zobaczyć linki, zarejestruj się tutaj]
backup-20060921-071129-389
O4 - HKLM..Run: [iPlusManager]"C
rogram FilesiPlusiPlusChecker.exe"
backup-20060921-071045-182
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C
rogram
FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
backup-20060921-071045-224
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -
%ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
backup-20060707-132338-246
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
[Aby zobaczyć linki, zarejestruj się tutaj]
Completion time: 07-01-18 13:00:54
Witam
Transfer który widziałem pokazywał program Kalendarz. Okazało się że przestawił się w opcjach kalendarza adres IP dla którego będzie przeprowadzana statystyka czyli pokazywany wykres na 127.0.0.1 Przestawienie na IP sieci usunęło to zjawisko.
Antyvir widocznie ma jakąś aktywność na tym wewnętrznym IP.
Swoją drogą to ciekawe czy wszystkie antyviry mają taką cechę?