Uruchamia sie sama przeglądarka inernetowa.Dlaczego?

Dla specjalistów Bezpieczeństwo
#1

Logfile of HijackThis v1.99.1

Scan saved at 23:11:05, on 2007-11-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Windows\system32\isys32.exe

C:\Program Files\Realtek\InstallShield\RTHDCPL.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

D:\PROGRAMY\CHELLO LIMIT\chelloinfo\chelloinfo.exe

D:\PROGRAMY\ClipCache Plus v2.9 build 349_schowek\ClipCache\clipc.exe

C:\Program Files\Pando Networks\Pando\Pando.exe

D:\PROGRAMY\NETMETER\NetMeter\NetMeter.exe

c:\program files\a-squared free\a2service.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe

C:\Program Files\cFosSpeed\spd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

D:\TOMEK DOKUMENTY\KALENDARZ XP\Kalendarz XP\Kalendarz.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\SiteAdvisor\6172\SAService.exe

D:\PROGRAMY\ALCOHOL\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

D:\PROGRAMY\TEMPERATURA\SpeedFan\speedfan.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\TC PowerPack\totalcmd.exe

E:\INSTALE\procexp.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe

D:\PROGRAMY\WIELKI SŁOWNIK\WielkiSlownik.exe

C:\Program Files\Quick StartUp\startup.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\TOMEK\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

client-193-109-211-184.lf.lv:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando

Networks\Pando\PandoIEPlugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program

Files\SiteAdvisor\6172\SiteAdv.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [kis] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [MonAppli] C:\Windows\system32\isys32.exe

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] C:\Program Files\Realtek\InstallShield\RTHDCPL.exe

O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM…\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe”

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [ChelloInfo] D:\PROGRAMY\CHELLO LIMIT\chelloinfo\chelloinfo.exe

O4 - HKCU…\Run: [ClipCache] D:\PROGRAMY\ClipCache Plus v2.9 build 349_schowek\ClipCache\clipc.exe /wait 3

O4 - HKCU…\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe

O4 - HKCU…\Run: [Pando] “C:\Program Files\Pando Networks\Pando\Pando.exe” /Minimized

O4 - HKCU…\Run: [D] D:\PROGRAMY\NETMETER\NetMeter\NetMeter.exe

O4 - Global Startup: Kalendarz XP.lnk = D:\TOMEK DOKUMENTY\KALENDARZ XP\Kalendarz XP\Kalendarz.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet

Security 6.0\ie_banner_deny.htm

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky

Internet Security 6.0\scieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky

Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service

(file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Usługa SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program

Files\SiteAdvisor\6172\SAService.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\PROGRAMY\ALCOHOL\Alcohol

120\StarWind\StarWindService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Fi

#2

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

Pobierz program SDFix

#3

Dzięki

#4

Nie dzięki tylko czekam na log

#5

Narazie jest ok. Powinno być dobrze przeglądarka nie uruchomiła się.

SDFix: Version 1.114


Run by TOMEK on 2007-11-09 at 07:06


Microsoft Windows XP [Wersja 5.1.2600]


Running From: C:\SDFix


Safe Mode:

Checking Services: 



Restoring Windows Registry Values

Restoring Windows Default Hosts File


Rebooting...



Normal Mode:

Checking Files: 


Trojan Files Found:


C:\WINDOWS\system32\isys32.exe - Deleted




Removing Temp Files...


ADS Check:


C:\WINDOWS

No streams found. 


C:\WINDOWS\system32

No streams found. 


C:\WINDOWS\system32\svchost.exe

No streams found.


C:\WINDOWS\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-09 07:11:12

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


detected NTDLL code modification:

ZwClose


scanning hidden processes ...


scanning hidden services & system hive ...


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg41]


scanning hidden registry entries ...


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]

"OODEFRAG08.00.00.01WORKSTATION"="29A6F6E0307D14125416B46A24FBEFC7F2AD89CDB56CA1427E17A8638FB355724395490236B292485B


2055790CC92DE2A9D0A36857314780F99D3EDA6B9BE2CEA5E7C03BCCA7887DC7D9C49274A975A9060D5499A13DE016630E7E15B2A9CBB1ACA56A


8D1416E6F56A7405CCC2110406E7E1B929D8E1132F4B56C030292DBEAFBAC8748CF3EA87CA151A3ECD1DAA77B6B3C6947783A767D2C5D87D5E59


AB4E313640305D1548246A1E67BDD26F5557CECFA148F26F494C586B6B5366105EEFF107EF17BCE682DC975FE9F1ACE5220AB5A853DF22ABB791


E9D85883A2DDB07E851B2EC2F91B2534E63A28EF3FF75A5C262D29071E0DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E12


7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794BA7FD869164D6794A6A0AC4980AC7933E3F4E8443683


DF40C86A63DC86B888D3BB791DAA35E2E322D1B7C6B063A605F9923BAB01173D4F067987533FAE3044624B957C3A97A12A323DDFE690612AF755


E30E6AE9934018A17F9E5E37DDB3F7B608AD549215BA66D497C7A11B7B87C7D49AC832F566F6181EDAD4364E9C49B23CCD529B6A21EB7DF63985


525937D6D0052B2BE322BFF2BDCABE30630EE8989CA3ABF21E00A817EAC9AE1329D7885101B8BF57B6E9C3E68E398F20BF08336E6CE1E4E47C93


08423DC1B9CFADA8DC575D0734D534D10B2B234169F1F94EDF3D722EF162A969129616994EFCB763916B7BC81C113A60A1BCA67E1B5C1579C918


8C84FD08EC4B0D64AC4C1542F19E7AB3879C3CD9F9A086395AD0257668263C393126E8576205B11ACA1DE9A85FFADE7CBF640EE27A202FE51159


40BD1D71787CEA9645367AE630CF4D10DD205417793479C63F42937103AB3501D6123380B4E3551D5BEEF8C5283F286EB479789BF8EB1A2DB075


F32C5E1441F105B6FDFB1914A3C7A5AC74FA31C56146686D4A30005D9E46F8DA1EEA8F51451C2056220D425599E455025A6255E513E724931982


A7E19405E0B5E6CB5CB567B12D7B1D66C1159089CCE4E8DC1145EA68C86C0B45F8F81F1EE52EF7717CB9DEAA6718BC391DE3758D242DB45058AC


ACA06BD8972E74C4778CB9CED0031CF9F7C23DFE223D4CF64B0DA61A2523100C2DAE54210D750C0DE60E428741AADA349277506946AFBDA62569


D34CF6C3137457F27F6D0B5AA6BB4F2598AB6F17CCCEA30D77F3F2CF51702E45DE4839A1AE9B29139ECD069D1FE021970B72567B7AD0330ABE9F


C6DFDBF4A2882FF84F32A4DAB57895B44705462EE4EF9978C10F5F655D3AE2CEB5A8A6795460612BF1ED2B31224FFB77EB5B5D7CB47CFABAD58A


6B5D532CD6CA8476EFE5A8BD458F2C516DBF29881F50646C9C44C2CE191E062E822CD73342C14F17E64997D35CBCDCDC88CC19DB00DEF5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]

"DisplayName"="Alcohol 120%"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..


scanning hidden files ...


scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0



Remaining Services:

------------------




Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authori


zedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network 


Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorize


dapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network 


Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:

---------------


File Backups: - C:\SDFix\backups\backups.zip


Files with Hidden Attributes:


Tue 16 Oct 2007 0 A..H. --- 


"C:\WINDOWS\SoftwareDistribution\Download\6d09d0f1482adb9cdbb79b3d45a002d6\download\BIT29.tmp"


Finished!

Dzięki za pomoc. :smiley:

#6

Daj jeszcze log z ComboFix

#7

Podczas skanowania combofix kaspersky zgłosił trojan.Win32.Inject.jt

W C:\Document settings\tomek\ustawienia lokalne\Temp\jjenlmna2X8Z8W9.dll

Kaspersky został rozłączony.

LOG z COMBOFIX

ComboFix 07-11-08.1 - TOMEK 2007-11-09 21:58:53.1 - NTFSx86
#8

Już powinno być Ok

#9

Przez 24 godz jest ok. Zainstalowałem dodatkowo AVG-Anti Spyware 7.5 .

THANK YOU. :smiley: :slight_smile: :mrgreen:

Złączono Posta : 10.11.2007 (Sob) 2:28

AVG Anti-Spyware - Scan Report

---------------------------------------------------------


 + Created at:	02:25:36 2007-11-10


 + Scan result:	




C:\WINDOWS\system32\Sys\microsoft.006 -> Not-A-Virus.Monitor.Win32.Ardamax.24 : No action taken.

C:\WINDOWS\system32\Sys\microsoft.007 -> Not-A-Virus.Monitor.Win32.Ardamax.24 : No action taken.

C:\WINDOWS\system32\Sys\microsoft.exe -> Not-A-Virus.Monitor.Win32.Ardamax.25 : No action taken.

C:\Documents and Settings\TOMEK\Cookies\tomek@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\TOMEK\Cookies\tomek@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.

C:\Documents and Settings\TOMEK\Cookies\tomek@advertising[1].txt -> TrackingCookie.Advertising : No action taken.

C:\Documents and Settings\TOMEK\Cookies\tomek@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.

:mozilla.91:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Firefox\Profiles\c5fyenx1.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.

:mozilla.92:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Firefox\Profiles\c5fyenx1.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.

:mozilla.93:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Firefox\Profiles\c5fyenx1.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.

:mozilla.94:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Firefox\Profiles\c5fyenx1.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.

:mozilla.61:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Firefox\Profiles\c5fyenx1.default\cookies.txt -> TrackingCookie.Netflame : No action taken.

:mozilla.30:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Firefox\Profiles\c5fyenx1.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.

C:\Documents and Settings\TOMEK\Cookies\tomek@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.

:mozilla.136:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Firefox\Profiles\c5fyenx1.default\cookies.txt -> TrackingCookie.Yadro : No action taken.

:mozilla.26:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Profiles\default\m4q6tue4.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.27:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Profiles\default\m4q6tue4.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.28:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Profiles\default\m4q6tue4.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.29:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Profiles\default\m4q6tue4.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.30:C:\Documents and Settings\TOMEK\Dane aplikacji\Mozilla\Profiles\default\m4q6tue4.slt\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.

C:\Documents and Settings\TOMEK\Cookies\tomek@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.



::Report end