Kasperski wyłapał 4 trojany


(Slawek Raz) #1

Kasperski wyłapał mi cztery trojany z czego trzy podaje że wyleczone gdzieś jest czwarty .Od jakiegoś czasu zginęły mi z paska narzędzi ikony takie jak bateria,głośnik,ikona skype .Po skanowaniu Combofix te ikony wróciły, ale po zamknięciu systemu i ponownym otwarciu już ich niema .Program do drukarki zamyka mi się około minuty.Podejrzewam że jeden z trojanów został otworzony ,ale winnego nie ma, Skanowanie Kasperskim pokazuje osiem luk w programach i nic o infekcji.Czy może tak być że jak został wpuszczony trojan to już program go nie wykrywa i czy do skanowania online muszę wyłączyć Kasperskiego?System XP sp3 znajomość komputera bardzo słaba.


(Kapi10072) #2

pokaż log z Combofixa HijackThis i Kasperskiego


(Slawek Raz) #3

ComboFix 09-06-04.A1 - User 2009-06-06 20:23.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3033.2369 [GMT 2:00]

Uruchomiony z: c:\documents and settings\User\Pulpit\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

((((((((((((((((((((((((( Pliki utworzone od 2009-05-06 do 2009-06-06 )))))))))))))))))))))))))))))))

.

2009-06-04 18:59 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-06-04 18:33 . 2009-06-04 18:33 -------- d-----w- c:\program files\Panda Security

2009-05-31 07:13 . 2009-05-31 07:13 -------- d-----w- c:\program files\Network Stumbler

2009-05-13 16:46 . 2009-05-13 16:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MSScanAppDataDir

2009-05-09 18:47 . 2001-10-26 15:05 6912 -c–a-w- c:\windows\system32\dllcache\serscan.sys

2009-05-09 18:47 . 2001-10-26 15:05 6912 ----a-w- c:\windows\system32\drivers\serscan.sys

2009-05-07 20:14 . 2009-05-07 20:14 -------- d-sh–w- c:\documents and settings\User\IECompatCache

2009-05-07 20:13 . 2009-05-07 20:13 -------- d-sh–w- c:\documents and settings\User\PrivacIE

2009-05-07 20:05 . 2009-05-07 20:05 -------- d-sh–w- c:\documents and settings\User\IETldCache

2009-05-07 20:03 . 2009-05-07 20:03 -------- d-----w- c:\windows\ie8updates

2009-05-07 20:02 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-05-07 20:02 . 2009-05-07 20:02 -------- dc-h–w- c:\windows\ie8

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-06 17:45 . 2009-01-11 18:09 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Skype

2009-06-06 17:44 . 2009-01-11 18:13 -------- d-----w- c:\documents and settings\User\Dane aplikacji\skypePM

2009-06-06 17:44 . 2009-01-30 18:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2009-06-05 20:19 . 2009-01-30 18:09 589856 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2009-06-05 20:19 . 2009-01-30 18:09 4144 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2009-06-05 20:19 . 2009-01-30 18:09 3587616 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-05 20:19 . 2009-01-30 18:09 30156 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-06-05 19:07 . 2009-02-13 18:32 -------- d-----w- c:\documents and settings\User\Dane aplikacji\HPAppData

2009-06-05 18:09 . 2009-06-05 18:09 -------- d-----w- c:\program files\Trend Micro

2009-06-01 13:30 . 2008-12-25 17:20 -------- d-----w- c:\program files\eMule

2009-05-20 15:12 . 2009-01-30 18:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-05-20 15:12 . 2009-01-30 18:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-05-09 18:54 . 2009-02-13 18:12 178094 ----a-w- c:\windows\hpoins30.dat

2009-04-18 08:23 . 2008-04-15 12:00 84916 ----a-w- c:\windows\system32\perfc015.dat

2009-04-18 08:23 . 2008-04-15 12:00 493500 ----a-w- c:\windows\system32\perfh015.dat

2009-04-02 17:50 . 2009-04-02 17:50 152576 ----a-w- c:\documents and settings\User\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll

2009-03-31 20:15 . 2008-12-23 08:06 63592 ----a-w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-03-09 03:19 . 2009-01-15 16:39 410984 ----a-w- c:\windows\system32\deploytk.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-06-05_17.52.01 )))))))))))))))))))))))))))))))))))))))))

.

  • 2009-06-06 17:43 . 2009-06-06 17:43 16384 c:\windows\Temp\Perflib_Perfdata_350.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-01 153136]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-15 15360]

“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]

“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2009-03-16 24095528]

“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-12-01 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-07-17 150040]

“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-07-17 178712]

“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-07-17 150040]

“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2008-05-08 1105920]

“ITSecMng”=“c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe” [2007-09-28 75136]

“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2008-03-25 49152]

“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-02-04 206088]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]

“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-03-09 148888]

“BluetoothAuthenticationAgent”=“bthprops.cpl” - c:\windows\system32\bthprops.cpl [2008-04-15 110592]

“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2008-03-26 16859136]

“SoundMan”=“SOUNDMAN.EXE” - c:\windows\SoundMan.exe [2006-07-21 86016]

“AlcWzrd”=“ALCWZRD.EXE” - c:\windows\alcwzrd.exe [2006-05-04 2808832]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“UpdatesDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“c:\WINDOWS\system32\sessmgr.exe”=

“c:\Program Files\eMule\emule.exe”=

“c:\Program Files\uTorrent\uTorrent.exe”=

“c:\Program Files\Bonjour\mDNSResponder.exe”=

“c:\WINDOWS\system32\dpvsetup.exe”=

“c:\Program Files\NovaLogic\Delta Force Xtreme\dfx.exe”=

“c:\Program Files\Messenger\msmsgs.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe”=

“c:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009

“8461:TCP”= 8461:TCP:GoD High Port

“8462:TCP”= 8462:TCP:GoD Low Port

“427:UDP”= 427:UDP:SLP_Port(427)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-04 28544]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-23 84240]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP

.

Zawartość folderu ‘Zaplanowane zadania’

2009-06-06 c:\windows\Tasks\User_Feed_Synchronization-{81DC4F34-58CF-4F2E-A782-2409E8DA03EB}.job

  • c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://search.bearshare.com/pl/

uInternet Settings,ProxyOverride = *.local

IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {C2C8E5AF-82F1-438A-9341-F0BFB6C1E226} = 194.204.159.1,192.168.1.1

TCP: {D18C2F08-99A0-4473-9C43-22CCD2E12607} = 213.158.194.1,213.158.193.38

FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\u7dx8qiy.default\

FF - prefs.js: browser.search.selectedEngine - Allegro

FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-06 20:25

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • > ‘explorer.exe’(2416)

c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll

c:\program files\Common Files\Ahead\Lib\MFC71U.DLL

c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Czas ukończenia: 2009-06-06 20:25

ComboFix-quarantined-files.txt 2009-06-06 18:25

Przed: 33 794 347 008 bajtów wolnych

Po: 33 843 924 992 bajtów wolnych

163 — E O F — 2009-05-13 16:51

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:08:27, on 2009-06-06

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238526955671

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2C8E5AF-82F1-438A-9341-F0BFB6C1E226}: NameServer = 194.204.159.1,192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{D18C2F08-99A0-4473-9C43-22CCD2E12607}: NameServer = 213.158.194.1,213.158.193.38

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe


--

End of file - 8551 bytes

[code]

http://www.viruslist.com/pl/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll 2009-06-05 20:57:27 Zagrożenie: http://www.viruslist.com/pl/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll 2009-06-05 20:55:03 Zagrożenie: http://www.viruslist.com/pl/advisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe 2009-06-05 20:50:43 Zagrożenie: http://www.viruslist.com/pl/advisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe 2009-06-05 20:50:37 Zagrożenie: http://www.viruslist.com/pl/advisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe 2009-06-05 20:57:21 Zagrożenie: http://www.viruslist.com/pl/advisories/34012 C:\WINDOWS\system32\Macromed\Flash\FlDbg9c.ocx 2009-06-05 20:57:21 Zagrożenie: http://www.viruslist.com/pl/advisories/34012 C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx 2009-06-05 20:57:00 Zagrożenie: http://www.viruslist.com/pl/advisories/34012 C:\WINDOWS\system32\NPSWF32.dll 2009-06-05 20:50:34 Zagrożenie: http://www.viruslist.com/pl/advisories/34012 C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx 2009-06-05 20:55:30 Zagrożenie: http://www.viruslist.com/pl/advisories/34451 C:\Program Files\Java\jre1.6.0_07\bin\java.exe

Dodane 07.06.2009 (N) 11:13

Czy ktoś mógłby mi coś powiedzieć na temat tych log.

Dodane 06.06.2009 (So) 22:48 – Nie wiem jak wstawić log z Kasperskiego|? – Dodane 06.06.2009 (So) 23:02 – Pełne skanowanie: zakończono 2009-06-05 20:57:29 (zdarzeń: 12, obiektów: 84295, czas: 00:07:08) Pełne skanowanie: zakończono 2009-06-05 20:57:29 (zdarzeń: 12, obiektów: 84295, czas: 00:07:08) Pełne skanowanie: zakończono 2009-06-05 20:57:29 (zdarzeń: 12, obiektów: 84295, czas: 00:07:08) Pełne skanowanie: zakończono 2009-06-05 20:57:29 (zdarzeń: 12, obiektów: 84295, czas: 00:07:08) 2009-06-05 20:50:21 Zadanie zostało uruchomione 2009-06-05 20:57:29 Zadanie zostało zakończone 2009-06-05 20:57:27 Zagrożenie: