log HijackThis - podezřelé dvojí přihlášení do Windows

[Pontiac_CZ]

Na inkriminovaném PC mě překvapilo, že chtěl dvakrát přihlásit do win (poprvé se sníženým rozlišením 640 x 480) - divné.
Tu je log, jestli v něm nenajdete něco podezřelého:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:26, on 28.4.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
E:\Windows\system32\taskeng.exe
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Windows\OEM02Mon.exe
E:\Program Files\DellTPad\Apoint.exe
E:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Windows\System32\rundll32.exe
E:\Windows\System32\rundll32.exe
E:\Program Files\QIP\qip.exe
E:\Windows\ehome\ehtray.exe
E:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
E:\Program Files\Dell\QuickSet\quickset.exe
E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
E:\Windows\System32\rundll32.exe
E:\Windows\ehome\ehmsas.exe
E:\Windows\system32\conime.exe
E:\Program Files\DellTPad\ApMsgFwd.exe
E:\Program Files\DellTPad\HidFind.exe
E:\Program Files\DellTPad\Apntex.exe
E:\Windows\System32\WLTRAY.EXE
E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
E:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
E:\Windows\system32\Taskmgr.exe
E:\Program Files\Far\Plugins\drgndrop_release_8\HOLDER.DND
E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
G:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM02Mon.exe] E:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] E:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] E:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] E:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE E:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe E:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [QIP2005] E:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [ehTray.exe] E:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DELL Webcam Manager] "E:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WCAntiSpy.lnk = E:\Program Files\blcorp\WinCleaner AntiSpyware\WCAntiSpy.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = E:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: FAR Background Copy Service (FARBCopy) - Unknown owner - E:\Program Files\Far\Plugins\bc_1_2_54\bin\bcsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - E:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - E:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - E:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - E:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7816 bytes



Děkuju dopředu

[Reklama]

[memphisto]

prosím odstraň na začátku a konci logu značky [code ][ /code].strašně špatně se to z toho kódu luští

[Pontiac_CZ]

OK.

[memphisto]

v logu nic špatného vidět není.chybí základní zabezpečení jako je antivir a firewall. v logu lze fixnout:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

[Pontiac_CZ]

OK, děkuju.

[memphisto]

není zač.to byly jen zbytečnosti.problém s přihlašováním to nevyřeší

[Pontiac_CZ]

No, on se po dalším restartu už neopakoval. Čertví, co to bylo...

[memphisto]

aha.no hlavně, že to funguje jak má.v případě dalších problémů víš kam se obrátit (nemyslím konkrétně na mě ale na fórum )