DZiękuję za wszystkie porady
przesyłam logi
-
po Combnofixem - coś się zawiesiło i nie do końca działał program, ale po ponownym włączeniu komputera, nie było juz programu XP Antivirus 2008 są tylko shlwapi.dll i wininet.dll i nie wszystkie programy z nich dało się uwolnic
-
log hijackthis
-
log System Repair Engineer
-
ComboFix 08-07-26.1 - brzezoo 2008-07-26 21:26:22.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.162 [GMT 2:00]
Running from: C:\Documents and Settings\brzezoo\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\brzezoo\Pulpit\CFScript.txt.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\DOCUME~1\brzezoo\USTAWI~1\Temp\scksexde.exe
C:\WINDOWS\eqvwamkl.dll
C:\WINDOWS\fdkowvbp.dll
C:\WINDOWS\system32\khfFUOii.dll
C:\WINDOWS\system32\lphcgm6j0ea4l.exe
C:\WINDOWS\SYSTEM32\WinCtrl32.dll
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:25, on 2008-07-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Avast4\ashDisp.exe
D:\odtwarzacze\Winamp 5.5\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Opera\opera.exe
D:\odtwarzacze\Winamp 5.5\winamp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\brzezoo\Moje dokumenty\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM…\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM…\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM…\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [WinampAgent] “D:\odtwarzacze\Winamp 5.5\winampa.exe”
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU…\Run: [HDDHealth] C:\Program Files\HDD Health-DIAGNOSTA DYSKÓW\hddhealth.exe -wl
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
–
End of file - 6684 bytes
-
2008-07-27,09:33:04
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Dodatek Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Microsoft Windows Publisher]
[Logitech]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [File is missing]
[File is missing]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [(Verified)Skype Technologies SA]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[(Verified)Canon Inc.]
[Creative Technology Ltd]
[Creative Technology Ltd.]
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" []
[Logitech Inc.]
[Logitech Inc.]
[Logitech Inc.]
[(Verified)ALWIL Software]
"D:\odtwarzacze\Winamp 5.5\winampa.exe" []
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [(Verified)"Sun Microsystems, Inc."]
"C:\Program Files\Unlocker\UnlockerAssistant.exe" []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Component Publisher]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{39DC821C-FE03-415F-8F47-B50ADA5D7D1A} [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
[File is missing]
==================================
Startup Folders
[Adobe Reader Synchronizer]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE []
[Logitech Desktop Messenger]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]
[Microsoft Office]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]
==================================
Services
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
"C:\Program Files\Avast4\aswUpdSv.exe"
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
[ATI Smart / ATI Smart][Stopped/Auto Start]
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
"C:\Program Files\Avast4\ashServ.exe"
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
"C:\Program Files\Avast4\ashMaiSv.exe" /service
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
"C:\Program Files\Avast4\ashWebSv.exe" /service
[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]
[Dostęp do urządzeń interfejsu HID / HidServ][Stopped/Disabled]
%SystemRoot%\System32\hidserv.dll
[PIXMA Extended Survey Program / IJPLMSVC][Stopped/Manual Start]
[STI Simulator / STI Simulator][Running/Auto Start]
[WMDM PMSP Service / WMDM PMSP Service][Running/Auto Start]
==================================
Drivers
[aswFsBlk / aswFsBlk][Running/Auto Start]
[ati2mtag / ati2mtag][Running/Manual Start]
[catchme / catchme][Stopped/Manual Start]
\??\C:\ComboFix\catchme.sys
[Creative AC3 Software Decoder / ctac32k][Running/Manual Start]
[Creative Audio Driver (WDM) / ctaud2k][Running/Manual Start]
[Creative DVD-Audio Device Driver / ctdvda2k][Stopped/Manual Start]
[Port gier dla karty Creative SB Live! / ctljystk][Stopped/Manual Start]
[Creative Proxy Driver / ctprxy2k][Running/Manual Start]
[Creative SoundFont Management Device Driver / ctsfm2k][Running/Manual Start]
[E-mu Plug-in Architecture Driver / emupia][Running/Manual Start]
[Creative Hardware Abstract Layer Driver / ha10kx2k][Running/Manual Start]
[Creative P16V HAL Driver / hap16v2k][Stopped/Manual Start]
[Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start]
[Creative OS Services Driver / ossrv][Running/Manual Start]
[Volume Adapter / pepifilter][Running/Manual Start]
[PfModNT / PfModNT][Running/Auto Start]
\??\C:\WINDOWS\system32\drivers\PfModNT.sys
[QuickCam IM(PID_08A0) / PID_08A0][Running/Manual Start]
[Sterownik bezpośredniego połączenia kablowego / Ptilink][Running/Manual Start]
[PxHelp20 / PxHelp20][Running/Boot Start]
\SystemRoot\System32\Drivers\PxHelp20.sys
[Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet / rtl8139][Running/Manual Start]
[Secdrv / Secdrv][Stopped/Manual Start]
[Filtr magistrali AGP SIS / sisagp][Running/Boot Start]
\SystemRoot\system32\DRIVERS\sisagp.sys
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
\SystemRoot\System32\Drivers\vulfnth.sys
[VIA USB Roothub Lower Filter / vulfntrs][Stopped/Manual Start]
\SystemRoot\System32\Drivers\vulfntr.sys
[Winbg82 / Winbg82][Stopped/Boot Start]
\SystemRoot\System32\Drivers\Winbg82.sys
[Winfk82 / Winfk82][Stopped/Boot Start]
\SystemRoot\System32\Drivers\Winfk82.sys
==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[Java Plug-in 1.6.0_07]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} %windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683}
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
[Java Plug-in 1.6.0_07]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[SignActivX Control]
{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}
[Java Plug-in 1.6.0_05]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[Java Plug-in 1.6.0_07]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[Java Plug-in 1.6.0_07]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[]
{00011268-E188-40DF-A514-835FCD78B1BF} ,
[]
{0026439F-A980-4F18-8C95-4F1CBBF9C1D8} ,
[IDMIEHlprObj Class]
{0055C089-8582-441B-A0BF-17B458C2A3A8}
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} ,
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
[]
{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} ,
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} %SystemRoot%\system32\msxml3.dll, (Signed) N/A
[]
{39DC821C-FE03-415F-8F47-B50ADA5D7D1A} ,
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} %SystemRoot%\system32\msxml3.dll, (Signed) N/A
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}
[]
{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} ,
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547}
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6}
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} %SystemRoot%\system32\SHELL32.dll, (Signed) N/A
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2}
[SignActivX Control]
{92ECE6FA-AC2E-4042-BFAE-0C8608E52A43}
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36}
[fdkowvbp]
{CB43E6DF-F6E4-4464-8AE2-F680AD49185E}
[]
{D187A56B-A33F-4CBE-9D77-459FC0BAE012} ,
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} ,
[WebViewFolderIcon Class]
{E5DF9D10-3B52-11D1-83E8-00A0C90DC849}
[]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} ,
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} %SystemRoot%\system32\msxml3.dll, (Signed) N/A
[Free Threaded XML DOM Document]
{F6D90F12-9C73-11D3-B32E-00C04F990BB4} %SystemRoot%\system32\msxml3.dll, (Signed) N/A
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} %SystemRoot%\system32\msxml3.dll, (Signed) N/A
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} ,
==================================
Running Processes
[PID][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [ATI Technologies Inc., 6.14.10.4132]
[C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [ATI Technologies Inc., 6.14.10.4132]
[C] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [ALWIL Software, 4, 8, 1227, 0]
[PID][C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1201, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[PID][C] [ATI Technologies Inc., 6.14.10.4132]
[C] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID][C] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C] [Adobe Systems, Inc., 8.0.0.0]
[C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
[C] [N/A,]
[C] [N/A,]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C] [CANON INC., 2.10.2.10]
[C] [CANON INC., 2.10.2.10]
[PID][C] [Logitech Inc., 8.4.1.1092]
[C] [Logitech Inc., 8.4.1.1092]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [Logitech Inc., 8.4.1.1092]
[PID][C] [Logitech Inc., 8.4.6.1012]
[C] [Logitech Inc., 8.4.6.1012]
[C] [LEAD Technologies, Inc., 12.1.0.058]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [LEAD Technologies, Inc., 12.1.0.058]
[C] [LEAD Technologies, Inc., 12.1.0.058]
[C] [Logitech Inc., 8.4.6.1012]
[C] [Logitech Inc., 8.4.6.1012]
[C] [LEAD Technologies, Inc., 12.1.0.058]
[C] [LEAD Technologies, Inc., 12.1.0.058]
[C] [LEAD Technologies, Inc., 12.1.0.058]
[C] [LEAD Technologies, Inc., 12.1.0.020]
[C] [LEAD Technologies, Inc., 12.1.0.058]
[C] [LEAD Technologies, Inc., 12.1.0.058]
[C] [LEAD Technologies, Inc., 12.1.0.058]
[C] [Logitech Inc., 8.4.1.1092]
[C] [Logitech Inc., 8.4.1.1092]
[C] [Logitech Inc., 8.4.6.1012]
[PID][C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1201, 0]
[C] [ALWIL Software, 4, 8, 1201, 0]
[C] [Microsoft Corporation, 7.10.3077.0]
[c] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [Codejock Software, 1, 9, 4, 0]
[c] [ALWIL Software, 4, 8, 1227, 0]
[c] [ALWIL Software, 4, 8, 1227, 0]
[c] [ALWIL Software, 4, 8, 1227, 0]
[C] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c] [ALWIL Software, 4, 8, 1227, 0]
[c] [ALWIL Software, 4, 8, 1227, 0]
[c] [ALWIL Software, 4, 8, 1227, 0]
[C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID][D] [N/A,]
[D] [Nullsoft, Inc., 7.10.0000]
[C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID][C] [Sun Microsystems, Inc., 6.0.70.6]
[C] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Creative Technology Ltd, 1.0.1.0]
[PID][C] [N/A,]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID][C] [Microsoft Corporation, 7.00.00.1954]
[PID][C] [Logitech Inc., 8.4.6.1012]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Logitech Inc., 8.4.1.1092]
[C] [Logitech Inc., 8.4.1.1092]
[C] [Logitech Inc., 8.4.6.1012]
[PID][C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1201, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1201, 0]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [ALWIL Software, 4, 8, 1201, 0]
[PID][C] [ALWIL Software, 4, 8, 1229, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [Microsoft Corporation, 7.10.3077.0]
[C] [Microsoft Corporation, 7.10.3052.4]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1201, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[C] [ALWIL Software, 4, 8, 1227, 0]
[PID][C] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID][C] [Opera Software, 10063]
[C] [Opera Software, 10063]
[C] [,]
[C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID][D] [Nullsoft, 5,5,0,1640]
[D] [N/A,]
[D] [Nullsoft, Inc., 7.10.0000]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[C] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[D] [N/A,]
[C] [,]
[PID][C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C] [BackWeb, Version 6.1.4 (Build 68R)]
[C] [N/A,]
[C] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID][C] [Smallfrogs Studio, 2.6.12.1018]
[PID][C] [Smallfrogs Studio, 2.6.12.1018]
[C] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C] [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[C] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1892, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1924, C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1956, D:\ODTWARZACZE\WINAMP 5.5\WINAMPA.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1716, C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3356, C:\PROGRAM FILES\OPERA\OPERA.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3380, D:\ODTWARZACZE\WINAMP 5.5\WINAMP.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1884, C:\DOCUMENTS AND SETTINGS\BRZEZOO\PULPIT\SRENG2\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================