LOG HIjackthis jeszcze nie był sprawdzany pomimo odpowiedzi

Dla specjalistów Bezpieczeństwo
#1

Witam

Mam kilka problemów narazie nie wklejam logów bo jestem w pracy ale po południu wkleje co tylko sobie zarzyczycie. Tymczasem opisze problemy.

Kilka podejrzanych rzeczy:

  1. Zarówno w katalogu windows i system32 mam np klka bibliotek o tej samej nazwie z tymże z dodanym numerem nazwa(2).dll nazwa(3).dll czy to normalne ?

  2. Mam utorrenta i ustawiony port forwardowany na routerze. No i co zauważyłem nawet przy wyłączonym utorrencie wciąż różne komputery (adresy IP) próbują przez ten własnie port pobierać dane co powoduje że moje łącze ma duży upload i zamula przeglądarkę :frowning:

  3. Po wyłączeniu praktycznie wszsytkich procesów w task managerze nadal jest ruch w sieci na porcie utorrenta

  4. Windows defender kaspersky i spybot nic nie wykrywają. Ale w spybocie w opcjach zaawansowanych są wyszczególnione biblioteki startujące podczas bootowania systemu i mam tam z 10 wpisów mswsock.dll z różnymi parametrami w razie czego poźniej wkleje screen ze spy bota

  5. kolejną dziwną rzeczą są dwa procesy avp.exe w task manager

  6. w kasperskim można podejrzeć ruch sieciowy w opcjach zapory mam tam bardzo długą listę IP :confused:

  7. powoli zaczynam mieć nerwicę bo zrobiłem już raz format i reinstalkę niestety problem znów wrócił

Bardzo Proszę o pomoc TYLKO doświadczonych użytkowników. Tak jak napisałem logi mogę zrobić koło 18 jak wróce z pracy tymczasem licze na jakieś sugestie i wskazania z czego logi po wklejać i co robić.

Z góry dziękuje za pomoc

#2

to że w są dwa procesy avp.exe to normalne w windowsie xp-to procesy kasperskiego natomiast w viście masz zawsze 1 avp.exe

#3

tak też podejrzewałem ale wolałem się upewnić, czekam na informacje dotyczące pozostałych problemów

#4

Połącz się później

#5

Problem wielu plików (ogólnie na dysku) o tych samych nazwach z dodanym przyrostkiem (1) (2)… oznacza, że dość często korzystałeś z przywracania systemu Windwows, a pliki o nazwach z przyrostkiami są plikami, które zostały zmienione pomiędzy przywracaniem systemu.

Podczas przywracania Windows robi ich kopie dodając te przyrostki.

Jeżeli uważasz, że wszystko jest w porządku, możesz je usunąć (te z przyrostkami).

Pozostałe problemy winikają z zasady działąnia klientów sieci Torrent.

By mieć dobry download, musisz mieć otwarty port nasłuchu, a to oznacza, że nawet, jeżeli nic nie pobierasz, ale kiedyś pobierałeć, to teraz na tym porcie masz sporą aktywość ruchu przychodzącego.

Możesz zrezygnować z otwierania portu na nasłuch i po pewnym czasie ruch ustanie. Musisz się jednak liczyć ze znacznym obniżeniem downloadu, szczególnie dla torrentów z małą liczbą seed i peer.

#6

Rozumiem że w przypadku korzystania ze stałego IP ten problem jest bardziej uciążliwy niż jak bym miał zmienne bo klienci pamietają moje IP i dlatego próbują się łaczyć ?

#7

No i wróciłem z pracy i moge w końcu wkleić loga proszę o sprawdzenie

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:32:40, on 2008-04-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - 

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe


--

End of file - 7585 bytes

Spybot:

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---


2008-01-28 blindman.exe (1.0.0.7)

2008-01-28 SDDelFile.exe (1.0.2.4)

2008-01-28 SDMain.exe (1.0.0.5)

2007-10-07 SDShred.exe (1.0.1.2)

2008-01-28 SDUpdate.exe (1.0.8.8)

2008-01-28 SDWinSec.exe (1.0.0.11)

2008-01-28 SpybotSD.exe (1.5.2.20)

2008-01-28 TeaTimer.exe (1.5.2.16)

2008-03-20 unins000.exe (51.49.0.0)

2008-01-28 Update.exe (1.4.0.6)

2008-01-28 advcheck.dll (1.5.4.5)

2007-04-02 aports.dll (2.1.0.0)

2007-11-17 DelZip179.dll (1.79.7.4)

2008-01-28 SDFiles.dll (1.5.1.19)

2008-01-28 SDHelper.dll (1.5.0.11)

2008-01-28 Tools.dll (2.1.3.3)

2008-04-02 Includes\Cookies.sbi

2007-12-26 Includes\Dialer.sbi

2008-04-02 Includes\DialerC.sbi

2008-04-02 Includes\HeavyDuty.sbi

2008-03-19 Includes\Hijackers.sbi

2008-04-02 Includes\HijackersC.sbi

2008-02-27 Includes\Keyloggers.sbi

2008-04-02 Includes\KeyloggersC.sbi

2004-11-29 Includes\LSP.sbi

2008-03-26 Includes\Malware.sbi

2008-04-02 Includes\MalwareC.sbi

2008-03-26 Includes\PUPS.sbi

2008-04-02 Includes\PUPSC.sbi

2008-04-02 Includes\Revision.sbi

2008-01-09 Includes\Security.sbi

2008-04-02 Includes\SecurityC.sbi

2008-04-02 Includes\Spybots.sbi

2008-04-02 Includes\SpybotsC.sbi

2007-11-06 Includes\Tracks.uti

2008-04-02 Includes\Trojans.sbi

2008-04-02 Includes\TrojansC.sbi

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll


Located: HK_LM:Run, Alcmtr

command: ALCMTR.EXE

   file: C:\WINDOWS\ALCMTR.EXE

   size: 69632

    MD5: 8B4CBBA1EA526830C7F97E7822E2493A


Located: HK_LM:Run, ANIWZCS2Service

command: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

   file: 

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: HK_LM:Run, AVP

command: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

   file: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

   size: 227856

    MD5: 7519905CD74F26E9385B83BF2EF242C2


Located: HK_LM:Run, Gainward

command: C:\WINDOWS\TBPanel.exe /A

   file: C:\WINDOWS\TBPanel.exe

   size: 2177576

    MD5: F341B24808300D734408DBD19BC2D700


Located: HK_LM:Run, Kernel and Hardware Abstraction Layer

command: KHALMNPR.EXE

   file: C:\WINDOWS\KHALMNPR.EXE

   size: 56080

    MD5: F6D01B49CEFE36286A1FD8BAE8F2D6A3


Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

   file: 

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: HK_LM:Run, NvMediaCenter

command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

   file: 

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: HK_LM:Run, nwiz

command: nwiz.exe /install

   file: C:\WINDOWS\system32\nwiz.exe

   size: 1626112

    MD5: 9493BFFB9F82EFEC742F5C56A279BD5B


Located: HK_LM:Run, RTHDCPL

command: RTHDCPL.EXE

   file: C:\WINDOWS\RTHDCPL.EXE

   size: 16858112

    MD5: D9A546F736F9C4C2C95D8D686E195010


Located: HK_LM:Run, Windows Defender

command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide

   file: C:\Program Files\Windows Defender\MSASCui.exe

   size: 866584

    MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC


Located: HK_CU:Run, ctfmon.exe

  where: S-1-5-21-796845957-813497703-839522115-1003...

command: C:\WINDOWS\system32\ctfmon.exe

   file: C:\WINDOWS\system32\ctfmon.exe

   size: 15360

    MD5: CBFA30492D70CE3938D8A7783D0C0436


Located: HK_CU:Run, SpybotSD TeaTimer

  where: S-1-5-21-796845957-813497703-839522115-1003...

command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

   file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

   size: 2097488

    MD5: A9A5DB6AC3721BE698B996913693D73F


Located: Autostart (wspólny), Logitech SetPoint.lnk

  where: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart...

command: C:\Program Files\Logitech\SetPoint\SetPoint.exe

   file: C:\Program Files\Logitech\SetPoint\SetPoint.exe

   size: 692224

    MD5: 8E6DD7BC88200935A6927FFC5E003D42


Located: Autostart (wyłączony), Rejestracja produktu Logitech (DISABLED)

command: C:\PROGRA~1\COMMON~1\LOGISH~1\eReg\SetPoint\eReg.exe /remind /language=PLK /PRNM="Logitech"

   file: C:\PROGRA~1\COMMON~1\LOGISH~1\eReg\SetPoint\eReg.exe

   size: 3036688

    MD5: D0BD3670DE8F65599CA60B7604831A83


Located: WinLogon, ckpNotify

command: ckpNotify.dll

   file: ckpNotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, crypt32chain

command: crypt32.dll

   file: crypt32.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, cryptnet

command: cryptnet.dll

   file: cryptnet.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, cscdll

command: cscdll.dll

   file: cscdll.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, klogon

command: C:\WINDOWS\system32\klogon.dll

   file: C:\WINDOWS\system32\klogon.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, ScCertProp

command: wlnotify.dll

   file: wlnotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, Schedule

command: wlnotify.dll

   file: wlnotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, sclgntfy

command: sclgntfy.dll

   file: sclgntfy.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, SensLogn

command: WlNotify.dll

   file: WlNotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, termsrv

command: wlnotify.dll

   file: wlnotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, WgaLogon

command: WgaLogon.dll

   file: WgaLogon.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, wlballoon

command: wlnotify.dll

   file: wlnotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!

Spybot2

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---


2008-01-28 blindman.exe (1.0.0.7)

2008-01-28 SDDelFile.exe (1.0.2.4)

2008-01-28 SDMain.exe (1.0.0.5)

2007-10-07 SDShred.exe (1.0.1.2)

2008-01-28 SDUpdate.exe (1.0.8.8)

2008-01-28 SDWinSec.exe (1.0.0.11)

2008-01-28 SpybotSD.exe (1.5.2.20)

2008-01-28 TeaTimer.exe (1.5.2.16)

2008-03-20 unins000.exe (51.49.0.0)

2008-01-28 Update.exe (1.4.0.6)

2008-01-28 advcheck.dll (1.5.4.5)

2007-04-02 aports.dll (2.1.0.0)

2007-11-17 DelZip179.dll (1.79.7.4)

2008-01-28 SDFiles.dll (1.5.1.19)

2008-01-28 SDHelper.dll (1.5.0.11)

2008-01-28 Tools.dll (2.1.3.3)

2008-04-02 Includes\Cookies.sbi

2007-12-26 Includes\Dialer.sbi

2008-04-02 Includes\DialerC.sbi

2008-04-02 Includes\HeavyDuty.sbi

2008-03-19 Includes\Hijackers.sbi

2008-04-02 Includes\HijackersC.sbi

2008-02-27 Includes\Keyloggers.sbi

2008-04-02 Includes\KeyloggersC.sbi

2004-11-29 Includes\LSP.sbi

2008-03-26 Includes\Malware.sbi

2008-04-02 Includes\MalwareC.sbi

2008-03-26 Includes\PUPS.sbi

2008-04-02 Includes\PUPSC.sbi

2008-04-02 Includes\Revision.sbi

2008-01-09 Includes\Security.sbi

2008-04-02 Includes\SecurityC.sbi

2008-04-02 Includes\Spybots.sbi

2008-04-02 Includes\SpybotsC.sbi

2007-11-06 Includes\Tracks.uti

2008-04-02 Includes\Trojans.sbi

2008-04-02 Includes\TrojansC.sbi

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll


Protocol 0: MSAFD Tcpip [TCP/IP]

        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP IP protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD Tcpip [*]


Protocol 1: MSAFD Tcpip [UDP/IP]

        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP IP protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD Tcpip [*]


Protocol 2: MSAFD Tcpip [RAW/IP]

        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP IP protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD Tcpip [*]


Protocol 3: RSVP UDP Service Provider

        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

    Filename: %SystemRoot%\system32\rsvpsp.dll

 Description: Microsoft Windows NT/2k/XP RVSP

 DB filename: %SystemRoot%\system32\rsvpsp.dll

 DB protocol: RSVP * Service Provider


Protocol 4: RSVP TCP Service Provider

        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

    Filename: %SystemRoot%\system32\rsvpsp.dll

 Description: Microsoft Windows NT/2k/XP RVSP

 DB filename: %SystemRoot%\system32\rsvpsp.dll

 DB protocol: RSVP * Service Provider


Protocol 5: MSAFD nwlnkipx [IPX]

        GUID: {11058240-BE47-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP Novell Netware UPX protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD nwlnkipx *


Protocol 6: MSAFD nwlnkspx [SPX]

        GUID: {11058241-BE47-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD nwlnkspx *


Protocol 7: MSAFD nwlnkspx [SPX] [Pseudo Stream]

        GUID: {11058241-BE47-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD nwlnkspx *


Protocol 8: MSAFD nwlnkspx [SPX II]

        GUID: {11058241-BE47-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD nwlnkspx *


Protocol 9: MSAFD nwlnkspx [SPX II] [Pseudo Stream]

        GUID: {11058241-BE47-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP Novell Netware SPX protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD nwlnkspx *


Protocol 10: MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 7

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 11: MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 7

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CFB2CCF8-DDAE-4029-BFFF-B3539CC9D01B}] SEQPACKET 6

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CFB2CCF8-DDAE-4029-BFFF-B3539CC9D01B}] DATAGRAM 6

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7788C11B-0A3B-4459-B09B-9AD702BFF257}] SEQPACKET 5

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7788C11B-0A3B-4459-B09B-9AD702BFF257}] DATAGRAM 5

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1780824E-8E68-46A4-8976-572A7F945C82}] SEQPACKET 4

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1780824E-8E68-46A4-8976-572A7F945C82}] DATAGRAM 4

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF4C2967-CAE2-4E7D-B01C-FE94BEAB36F3}] SEQPACKET 3

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DF4C2967-CAE2-4E7D-B01C-FE94BEAB36F3}] DATAGRAM 3

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D530002-6FA7-4CB5-AB71-60A7FB71050F}] SEQPACKET 0

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D530002-6FA7-4CB5-AB71-60A7FB71050F}] DATAGRAM 0

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{940DA138-3916-46D9-B77D-403CA7BBD05F}] SEQPACKET 1

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{940DA138-3916-46D9-B77D-403CA7BBD05F}] DATAGRAM 1

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E49A6FD4-5649-48BB-BE31-BAF099FC1C0A}] SEQPACKET 2

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E49A6FD4-5649-48BB-BE31-BAF099FC1C0A}] DATAGRAM 2

        GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

    Filename: %SystemRoot%\system32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP NetBios protocol

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: MSAFD NetBIOS *


Namespace Provider 0: TCP/IP

        GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

    Filename: %SystemRoot%\System32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: TCP/IP


Namespace Provider 1: NTDS

        GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

    Filename: %SystemRoot%\System32\winrnr.dll

 Description: Microsoft Windows NT/2k/XP name space provider

 DB filename: %SystemRoot%\system32\winrnr.dll

 DB protocol: NTDS


Namespace Provider 2: Obszar nazw rozpoznawania lokalizacji w sieci (NLA)

        GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

    Filename: %SystemRoot%\System32\mswsock.dll

 Description: Microsoft Windows NT/2k/XP name space provider

 DB filename: %SystemRoot%\system32\mswsock.dll

 DB protocol: NLA-Namespace


Namespace Provider 3: Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS

        GUID: {E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}

    Filename: %SystemRoot%\System32\nwprovau.dll

 Description: Microsoft Windows NT/2k/XP Novell Netware name space provider

 DB filename: %SystemRoot%\system32\nwprovau.dll

 DB protocol: NWLink IPX/SPX/NetBIOS*