Kasperski wyłapał mi cztery trojany z czego trzy podaje że wyleczone gdzieś jest czwarty .Od jakiegoś czasu zginęły mi z paska narzędzi ikony takie jak bateria,głośnik,ikona skype .Po skanowaniu Combofix te ikony wróciły, ale po zamknięciu systemu i ponownym otwarciu już ich niema .Program do drukarki zamyka mi się około minuty.Podejrzewam że jeden z trojanów został otworzony ,ale winnego nie ma, Skanowanie Kasperskim pokazuje osiem luk w programach i nic o infekcji.Czy może tak być że jak został wpuszczony trojan to już program go nie wykrywa i czy do skanowania online muszę wyłączyć Kasperskiego?System XP sp3 znajomość komputera bardzo słaba.
pokaż log z Combofixa HijackThis i Kasperskiego
ComboFix 09-06-04.A1 - User 2009-06-06 20:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.3033.2369 [GMT 2:00]
Uruchomiony z: c:\documents and settings\User\Pulpit\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((( Pliki utworzone od 2009-05-06 do 2009-06-06 )))))))))))))))))))))))))))))))
.
2009-06-04 18:59 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-04 18:33 . 2009-06-04 18:33 -------- d-----w- c:\program files\Panda Security
2009-05-31 07:13 . 2009-05-31 07:13 -------- d-----w- c:\program files\Network Stumbler
2009-05-13 16:46 . 2009-05-13 16:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MSScanAppDataDir
2009-05-09 18:47 . 2001-10-26 15:05 6912 -c–a-w- c:\windows\system32\dllcache\serscan.sys
2009-05-09 18:47 . 2001-10-26 15:05 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-05-07 20:14 . 2009-05-07 20:14 -------- d-sh–w- c:\documents and settings\User\IECompatCache
2009-05-07 20:13 . 2009-05-07 20:13 -------- d-sh–w- c:\documents and settings\User\PrivacIE
2009-05-07 20:05 . 2009-05-07 20:05 -------- d-sh–w- c:\documents and settings\User\IETldCache
2009-05-07 20:03 . 2009-05-07 20:03 -------- d-----w- c:\windows\ie8updates
2009-05-07 20:02 . 2009-04-25 05:30 102400 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 20:02 . 2009-05-07 20:02 -------- dc-h–w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-06 17:45 . 2009-01-11 18:09 -------- d-----w- c:\documents and settings\User\Dane aplikacji\Skype
2009-06-06 17:44 . 2009-01-11 18:13 -------- d-----w- c:\documents and settings\User\Dane aplikacji\skypePM
2009-06-06 17:44 . 2009-01-30 18:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2009-06-05 20:19 . 2009-01-30 18:09 589856 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-05 20:19 . 2009-01-30 18:09 4144 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-05 20:19 . 2009-01-30 18:09 3587616 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-05 20:19 . 2009-01-30 18:09 30156 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-05 19:07 . 2009-02-13 18:32 -------- d-----w- c:\documents and settings\User\Dane aplikacji\HPAppData
2009-06-05 18:09 . 2009-06-05 18:09 -------- d-----w- c:\program files\Trend Micro
2009-06-01 13:30 . 2008-12-25 17:20 -------- d-----w- c:\program files\eMule
2009-05-20 15:12 . 2009-01-30 18:10 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-05-20 15:12 . 2009-01-30 18:10 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-05-09 18:54 . 2009-02-13 18:12 178094 ----a-w- c:\windows\hpoins30.dat
2009-04-18 08:23 . 2008-04-15 12:00 84916 ----a-w- c:\windows\system32\perfc015.dat
2009-04-18 08:23 . 2008-04-15 12:00 493500 ----a-w- c:\windows\system32\perfh015.dat
2009-04-02 17:50 . 2009-04-02 17:50 152576 ----a-w- c:\documents and settings\User\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-31 20:15 . 2008-12-23 08:06 63592 ----a-w- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-09 03:19 . 2009-01-15 16:39 410984 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-05_17.52.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-06 17:43 . 2009-06-06 17:43 16384 c:\windows\Temp\Perflib_Perfdata_350.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-01 153136]
“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-15 15360]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2009-03-16 24095528]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-12-01 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-07-17 150040]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-07-17 178712]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-07-17 150040]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2008-05-08 1105920]
“ITSecMng”=“c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe” [2007-09-28 75136]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2008-03-25 49152]
“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-02-04 206088]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
“NeroFilterCheck”=“c:\program files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-03-09 148888]
“BluetoothAuthenticationAgent”=“bthprops.cpl” - c:\windows\system32\bthprops.cpl [2008-04-15 110592]
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2008-03-26 16859136]
“SoundMan”=“SOUNDMAN.EXE” - c:\windows\SoundMan.exe [2006-07-21 86016]
“AlcWzrd”=“ALCWZRD.EXE” - c:\windows\alcwzrd.exe [2006-05-04 2808832]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\WINDOWS\system32\sessmgr.exe”=
“c:\Program Files\eMule\emule.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“c:\WINDOWS\system32\dpvsetup.exe”=
“c:\Program Files\NovaLogic\Delta Force Xtreme\dfx.exe”=
“c:\Program Files\Messenger\msmsgs.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3389:TCP”= 3389:TCP:@xpsp2res.dll,-22009
“8461:TCP”= 8461:TCP:GoD High Port
“8462:TCP”= 8462:TCP:GoD Low Port
“427:UDP”= 427:UDP:SLP_Port(427)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-04 28544]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-23 84240]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Zawartość folderu ‘Zaplanowane zadania’
2009-06-06 c:\windows\Tasks\User_Feed_Synchronization-{81DC4F34-58CF-4F2E-A782-2409E8DA03EB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.bearshare.com/pl/
uInternet Settings,ProxyOverride = *.local
IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {C2C8E5AF-82F1-438A-9341-F0BFB6C1E226} = 194.204.159.1,192.168.1.1
TCP: {D18C2F08-99A0-4473-9C43-22CCD2E12607} = 213.158.194.1,213.158.193.38
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\u7dx8qiy.default\
FF - prefs.js: browser.search.selectedEngine - Allegro
FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 20:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘explorer.exe’(2416)
-
-
-
-
-
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2009-06-06 20:25
ComboFix-quarantined-files.txt 2009-06-06 18:25
Przed: 33 794 347 008 bajtów wolnych
Po: 33 843 924 992 bajtów wolnych
163 — E O F — 2009-05-13 16:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:27, on 2009-06-06
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238526955671
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2C8E5AF-82F1-438A-9341-F0BFB6C1E226}: NameServer = 194.204.159.1,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D18C2F08-99A0-4473-9C43-22CCD2E12607}: NameServer = 213.158.194.1,213.158.193.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 8551 bytes
[code]
http://www.viruslist.com/pl/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll 2009-06-05 20:57:27 Zagrożenie: http://www.viruslist.com/pl/advisories/23655 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll 2009-06-05 20:55:03 Zagrożenie: http://www.viruslist.com/pl/advisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe 2009-06-05 20:50:43 Zagrożenie: http://www.viruslist.com/pl/advisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe 2009-06-05 20:50:37 Zagrożenie: http://www.viruslist.com/pl/advisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe 2009-06-05 20:57:21 Zagrożenie: http://www.viruslist.com/pl/advisories/34012 C:\WINDOWS\system32\Macromed\Flash\FlDbg9c.ocx 2009-06-05 20:57:21 Zagrożenie: http://www.viruslist.com/pl/advisories/34012 C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx 2009-06-05 20:57:00 Zagrożenie: http://www.viruslist.com/pl/advisories/34012 C:\WINDOWS\system32\NPSWF32.dll 2009-06-05 20:50:34 Zagrożenie: http://www.viruslist.com/pl/advisories/34012 C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx 2009-06-05 20:55:30 Zagrożenie: http://www.viruslist.com/pl/advisories/34451 C:\Program Files\Java\jre1.6.0_07\bin\java.exe
– Dodane 07.06.2009 (N) 11:13 –
Czy ktoś mógłby mi coś powiedzieć na temat tych log.
– Dodane 06.06.2009 (So) 22:48 – Nie wiem jak wstawić log z Kasperskiego|? – Dodane 06.06.2009 (So) 23:02 – Pełne skanowanie: zakończono 2009-06-05 20:57:29 (zdarzeń: 12, obiektów: 84295, czas: 00:07:08) Pełne skanowanie: zakończono 2009-06-05 20:57:29 (zdarzeń: 12, obiektów: 84295, czas: 00:07:08) Pełne skanowanie: zakończono 2009-06-05 20:57:29 (zdarzeń: 12, obiektów: 84295, czas: 00:07:08) Pełne skanowanie: zakończono 2009-06-05 20:57:29 (zdarzeń: 12, obiektów: 84295, czas: 00:07:08) 2009-06-05 20:50:21 Zadanie zostało uruchomione 2009-06-05 20:57:29 Zadanie zostało zakończone 2009-06-05 20:57:27 Zagrożenie: