Długie uruchamianie kompa, dziwny komunikat z kaspersky


(Kond82) #1

Tak jak w temacie komunikat z kasperskego:

2008-08-29 07:40:03	Proces D:\WINXP\explorer.exe (PID: 3048): podejrzane dzia³anie. Próba modyfikacji lista modu³ów uruchamianych podczas ³adowania systemu (key HKEY_USERS\S-1-5-21-2052111302-1532298954-725345543-1004\Software\Microsoft\Internet Explorer\Desktop\Components\0, wartoœæ Position, dane 2c 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 02 03 00 00 00 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00).

pojawia się takie coś po każdym uruchomieniu komputera poniżej log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:22:35, on 2008-08-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal


Running processes:

D:\WINXP\System32\smss.exe

D:\WINXP\system32\winlogon.exe

D:\WINXP\system32\services.exe

D:\WINXP\system32\lsass.exe

D:\WINXP\system32\svchost.exe

D:\WINXP\System32\svchost.exe

D:\WINXP\system32\svchost.exe

D:\WINXP\System32\WLTRYSVC.EXE

D:\WINXP\System32\bcmwltry.exe

D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

D:\WINXP\system32\spoolsv.exe

D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

D:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

D:\Program Files\Softex\OmniPass\Omniserv.exe

D:\WINXP\system32\PMSveH.exe

D:\WINXP\system32\svchost.exe

D:\Program Files\Softex\OmniPass\OPXPApp.exe

D:\WINXP\Explorer.EXE

D:\WINXP\system32\hkcmd.exe

D:\WINXP\system32\igfxpers.exe

D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

D:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe

D:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

D:\WINXP\AGRSMMSG.exe

D:\WINXP\system32\PMHandler.exe

D:\WINXP\system32\WLTRAY.exe

D:\Program Files\Softex\OmniPass\scureapp.exe

D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

D:\WINXP\system32\ctfmon.exe

D:\Program Files\Tlen.pl\tlen.exe

D:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

D:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.wspa.edu.pl:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [igfxtray] D:\WINXP\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] D:\WINXP\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] D:\WINXP\system32\igfxpers.exe

O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPHOTKEY] D:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TPWAUDAP] D:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe

O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PMHandler] D:\WINXP\system32\PMHandler.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] D:\WINXP\system32\WLTRAY.exe

O4 - HKLM\..\Run: [OmniPass] D:\Program Files\Softex\OmniPass\scureapp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINXP\system32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] D:\WINXP\system32\ctfmon.exe

O4 - HKCU\..\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - D:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINXP\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINXP\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - D:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - D:\Program Files\Softex\OmniPass\Omniserv.exe

O23 - Service: PMSveH - Lenovo - D:\WINXP\system32\PMSveH.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - D:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - D:\WINXP\System32\WLTRYSVC.EXE


--

End of file - 8387 bytes

Nie wiem czy nie przyniosłem czegoś od koleżanki bo miała problem z otwarciem explorera windows i internet explorer nie miała dostępu do żadnego dysku / katalogu


(huber2t) #2

W logu nic nie widzę

Podaj log z Combofix


(Gutek) #3

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052


(Kond82) #4

log z ComboFix - > http://wklejto.pl/9343


(huber2t) #5

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!