Dziwny alert – ocencie loga
Przy korzystaniu z IE, najczesciej przy wysylaniu powiedzmy hasla przez ssl pojawia mi sie takie cos :
Coz to moze byc? Wydaje mi sie, ze to jest jakis programik, ktory wgral sie do IE i teraz mu utrudnia zycie.
Co Wy na to?
Jak sie tego pozbyc?[/url]
Coz to moze byc? Wydaje mi sie, ze to jest jakis programik, ktory wgral sie do IE i teraz mu utrudnia zycie.
Co Wy na to?
Jak sie tego pozbyc?[/url]
Odpowiedzi: 7
Dzieki, zadzialalo, respect!
Wklep sciezke w Pocked Killbox
O20 – Winlogon Notify: draw32 – C:\WINDOWS\SYSTEM32\draw32.dll
Tylko tego nie da sie skasowac a alert sie caly czas pokazuje ;/
Notabene Windows go nie widzi – ukryte i systemowe pokazane :(
Do usuniecia:
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 – BHO: (no name) – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:\WINDOWS\System32\porynt.dll (file missing)
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O18 – Filter: text/html – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:\WINDOWS\System32\porynt.dll
O18 – Filter: text/plain – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:\WINDOWS\System32\porynt.dll
O20 – Winlogon Notify: draw32 – C:\WINDOWS\SYSTEM32\draw32.dll
O21 – SSODL: System – {CC8322A1–6B43–4CDF–8D11–E82D40F8BEA8} – memsw.dll (file missing)
Windows XP SP1,
Skaner On–line MKS – czesto
Ad–Aware z update – czesto
Norton Personal Firewall 2004
Oto log :
Czekoam na propozycje :
Skaner On–line MKS – czesto
Ad–Aware z update – czesto
Norton Personal Firewall 2004
Oto log :
Czekoam na propozycje :
Logfile of HijackThis v1.99.1
Scan saved at 16:14:00, on 2005–03–04
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Instalki\Gadu–Gadu\Gadu–Gadu\gg.exe
D:\Instalki\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Komputer\USTAWI~1\Temp\_tc\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:\Instalki\Acrobat\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Web assistant – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 – BHO: (no name) – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:\WINDOWS\System32\porynt.dll (file missing)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Web assistant – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKCU\..\Run: [Gadu–Gadu] "D:\Instalki\Gadu–Gadu\Gadu–Gadu\PowerGG.exe"
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:\Instalki\MICROS~1\Office10\EXCEL.EXE/3000
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.iframedollars.biz
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.searchmiracle.com
O15 – Trusted Zone: *.skoobidoo.com
O15 – Trusted Zone: *.slotchbar.com
O15 – Trusted Zone: *.windupdates.com
O15 – Trusted Zone: *.ysbweb.com
O15 – Trusted Zone: *.clickspring.net (HKLM)
O15 – Trusted Zone: *.iframedollars.biz (HKLM)
O15 – Trusted Zone: *.mt–download.com (HKLM)
O15 – Trusted Zone: *.my–internet.info (HKLM)
O15 – Trusted Zone: *.searchmiracle.com (HKLM)
O15 – Trusted Zone: *.skoobidoo.com (HKLM)
O15 – Trusted Zone: *.slotchbar.com (HKLM)
O15 – Trusted Zone: *.windupdates.com (HKLM)
O15 – Trusted Zone: *.ysbweb.com (HKLM)
O15 – Trusted IP range: 213.159.117.202
O15 – Trusted IP range: 213.159.117.202 (HKLM)
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O18 – Filter: text/html – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:\WINDOWS\System32\porynt.dll
O18 – Filter: text/plain – {B72F75B8–93F3–429D–B13E–660B206D897A} – C:\WINDOWS\System32\porynt.dll
O20 – Winlogon Notify: draw32 – C:\WINDOWS\SYSTEM32\draw32.dll
O21 – SSODL: System – {CC8322A1–6B43–4CDF–8D11–E82D40F8BEA8} – memsw.dll (file missing)
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
WYWAL TO!!! miałem to samo bitdefender zwariował i mi to wposcił a potem sie czepiał ...jakiego masz AV ze to wpuscił...wklejaj loga z HJT pomozemy :)
Nie za bardzo się na tym znam, ale to chyba jakaś wersja keylogera lub innego świństwa. Spyboot, ad–aware, lub hjt ci pomogą w diagnozie i ewentualnyn usunięciu...
Strona 1 / 1