"standardowy" problem .....

a wiec mam problem bo wyskakuja mi okienka popupow;/
i nie moge sie ich pozbyc...
postepowalem zgodnie z tematem przyklejonym wyzej
i zrobilem Hijacka i analize ale to nic nie dalo;/

wyskakuje mi strona o adresie:

http://www.ad–w–a–r–e.com/cgi–bin/PopupV3?ID={806EBDC1–6C10–8C0F–22C0–FD7B57F99927}&type=normal&mSkip=1&rnd=8687

juz robilem spybotem i innymi i to nic nie daje...
zostaliscie mi tylko wy...

a o to log:

Logfile of HijackThis v1.99.1
Scan saved at 14:20:27, on 05–11–05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\PULPIT\ANTY\HIJACKTHIS1.99.1\HIJACKTHIS.EXE

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 – HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 – HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 – HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" –reg
O4 – HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 – HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 – Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 – Extra button: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O12 – Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 – DPF: {EB387D2F–E27B–4D36–979E–847D1036C65D} (QDiagHUpdateObj Class) – http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?316
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_22.cab
O16 – DPF: {644E432F–49D3–41A1–8DD5–E099162EEEC5} (Symantec RuFSI Utility Class) – http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {2BC66F54–93A8–11D3–BEB6–00105AA9B6AE} (Symantec AntiVirus scanner) – http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 – DPF: {2A32B14F–4D29–4EA3–AC54–E9B19F436CE7} (Scanner Class) – http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {E23FABEE–12E3–33DA–DA12–195DAC123984} (GameDesire Mahjong) – http://67.15.101.3/g_bin/pl/mahjong_2_0_0_18.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O17 – HKLM\System\CCS\Services\VxD\MSTCP: Domain = po.pl
O17 – HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.14.18.2

czekam na wasza pomoc.

Trzeba sie pozbyć

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{806EBDC1–6C10–8C0F–22C0–FD7B57F99927}"=–

Ten tekst wklejasz do notatnika, zapisujesz z rozszerzeniem reg i dodajesz do rejestru, wystarczy kliknąc 2x i potwierdzic.

Bobi

Dodano: 06.11.2005 14:56:05

oto ten plik:

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

––––––– System Files in System Directory –––––––

Wolumin w stacji dyskw C nie ma etykiety
Numer seryjny woluminu: 075F–15F2
Katalog C:\WINDOWS\SYSTEM

KGYGAAVL SYS 10 856 05.10.22 23:15 KGyGaAvL.sys
1EAF94~1 SYS 56 05.06.30 23:35 1EAF94610D.sys
2 plik(w) 10 912 bajtw
0 katalog(w) 2 811,25 MB wolnych

––––––– System Files in System Directory –––––––

Wolumin w stacji dyskw C nie ma etykiety
Numer seryjny woluminu: 075F–15F2
Katalog C:\WINDOWS\SYSTEM

KGYGAAVL SYS 10 856 05.10.22 23:15 KGyGaAvL.sys
1EAF94~1 SYS 56 05.06.30 23:35 1EAF94610D.sys
2 plik(w) 10 912 bajtw
0 katalog(w) 2 799,91 MB wolnych

––––––– System Files in System Directory –––––––

Wolumin w stacji dyskw C nie ma etykiety
Numer seryjny woluminu: 075F–15F2
Katalog C:\WINDOWS\SYSTEM

KGYGAAVL SYS 10 856 05.10.22 23:15 KGyGaAvL.sys
1EAF94~1 SYS 56 05.06.30 23:35 1EAF94610D.sys
2 plik(w) 10 912 bajtw
0 katalog(w) 2 599,77 MB wolnych

––––––– System Files in System Directory –––––––

Wolumin w stacji dyskw C nie ma etykiety
Numer seryjny woluminu: 075F–15F2
Katalog C:\WINDOWS\SYSTEM

KGYGAAVL SYS 10 856 05.10.22 23:15 KGyGaAvL.sys
1EAF94~1 SYS 56 05.06.30 23:35 1EAF94610D.sys
2 plik(w) 10 912 bajtw
0 katalog(w) 2 381,25 MB wolnych

––––––– Hidden Files in System Directory –––––––

Wolumin w stacji dyskw C nie ma etykiety
Numer seryjny woluminu: 075F–15F2
Katalog C:\WINDOWS\SYSTEM

KGYGAAVL SYS 10 856 05.10.22 23:15 KGyGaAvL.sys
1EAF94~1 SYS 56 05.06.30 23:35 1EAF94610D.sys
HPFUIH04 GID 8 628 05.04.06 20:25 hpfuih04.GID
FOLDER HTT 13 264 04.09.08 19:23 folder.htt
DESKTOP INI 266 04.09.08 19:23 desktop.ini
5 plik(w) 33 070 bajtw
0 katalog(w) 2 811,23 MB wolnych

–––––––––––––––– User Agent ––––––––––––

––––––– Hidden Files in System Directory –––––––

Wolumin w stacji dyskw C nie ma etykiety
Numer seryjny woluminu: 075F–15F2
Katalog C:\WINDOWS\SYSTEM

KGYGAAVL SYS 10 856 05.10.22 23:15 KGyGaAvL.sys
1EAF94~1 SYS 56 05.06.30 23:35 1EAF94610D.sys
HPFUIH04 GID 8 628 05.04.06 20:25 hpfuih04.GID
FOLDER HTT 13 264 04.09.08 19:23 folder.htt
DESKTOP INI 266 04.09.08 19:23 desktop.ini
5 plik(w) 33 070 bajtw
0 katalog(w) 2 799,91 MB wolnych

–––––––––––––––– User Agent ––––––––––––

––––––– Hidden Files in System Directory –––––––

Wolumin w stacji dyskw C nie ma etykiety
Numer seryjny woluminu: 075F–15F2
Katalog C:\WINDOWS\SYSTEM

KGYGAAVL SYS 10 856 05.10.22 23:15 KGyGaAvL.sys
1EAF94~1 SYS 56 05.06.30 23:35 1EAF94610D.sys
HPFUIH04 GID 8 628 05.04.06 20:25 hpfuih04.GID
FOLDER HTT 13 264 04.09.08 19:23 folder.htt
DESKTOP INI 266 04.09.08 19:23 desktop.ini
5 plik(w) 33 070 bajtw
0 katalog(w) 2 599,77 MB wolnych

–––––––––––––––– User Agent ––––––––––––

––––––– Hidden Files in System Directory –––––––

Wolumin w stacji dyskw C nie ma etykiety
Numer seryjny woluminu: 075F–15F2
Katalog C:\WINDOWS\SYSTEM

KGYGAAVL SYS 10 856 05.10.22 23:15 KGyGaAvL.sys
1EAF94~1 SYS 56 05.06.30 23:35 1EAF94610D.sys
HPFUIH04 GID 8 628 05.04.06 20:25 hpfuih04.GID
FOLDER HTT 13 264 04.09.08 19:23 folder.htt
DESKTOP INI 266 04.09.08 19:23 desktop.ini
5 plik(w) 33 070 bajtw
0 katalog(w) 2 381,25 MB wolnych

–––––––––––––––– User Agent ––––––––––––

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{806EBDC1–6C10–8C0F–22C0–FD7B57F99927}"=""

–––––––––––––––––– Locate.com Results ––––––––––––––––––

C:\WINDOWS\SYSTEM\
kgygaavl.sys Sat 2005–10–22 23:15:02 A.SH. 10 856 10,60 K

1 item found: 1 file, 0 directories.
Total of file sizes: 10 856 bytes 10,60 K

–––––––––––––––––– Locate.com Results ––––––––––––––––––

C:\WINDOWS\SYSTEM\
kgygaavl.sys Sat 2005–10–22 23:15:02 A.SH. 10 856 10,60 K

1 item found: 1 file, 0 directories.
Total of file sizes: 10 856 bytes 10,60 K

–––––––––––––––––– Locate.com Results ––––––––––––––––––

C:\WINDOWS\SYSTEM\
kgygaavl.sys Sat 2005–10–22 23:15:02 A.SH. 10 856 10,60 K

1 item found: 1 file, 0 directories.
Total of file sizes: 10 856 bytes 10,60 K

–––––––––––––––––– Locate.com Results ––––––––––––––––––

C:\WINDOWS\SYSTEM\
kgygaavl.sys Sat 2005–10–22 23:15:02 A.SH. 10 856 10,60 K

1 item found: 1 file, 0 directories.
Total of file sizes: 10 856 bytes 10,60 K

–––––––––––– Strings.exe Qoologic Results ––––––––––––

C:\WINDOWS\hosts.bak: 127.0.0.1 www.qoologic.com
C:\WINDOWS\hosts: 127.0.0.1 www.qoologic.com

–––––––––––––– Strings.exe Aspack Results –––––––––––––

––––––––––––––––– HKLM Run Key ––––––––––––––––––

–––––––––––––– Strings.exe Umonitor Results –––––––––––––
–––––––––––––– Strings.exe Umonitor Results –––––––––––––
–––––––––––––– Strings.exe Umonitor Results –––––––––––––
–––––––––––––– Strings.exe Umonitor Results –––––––––––––

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"internat.exe"="internat.exe"
"SystemTray"="SysTray.Exe"
"Zasobnik systemowy"="SysTray.Exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\SYSTEM\\hpztsb04.exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMON.EXE"
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]

emaies

Dodano: 05.11.2005 16:35:22

Masz VX2, czyli bardzo popularnego ostatnio szpiega.
Usuwanie pod 9x/Me jest nieco inne niź w nowszych systemach. Istaniją automaty, ale z reguły moźna je kant rozbić.
Sciągnij FindIt9xme, rozpakuj i uruchom bata. Powstanie plik teksowy ktorego chciałbym zobaczyć.

Bobi

Dodano: 05.11.2005 15:40:03

&quot;standardowy&quot; problem .....

Odpowiedzi: 3

"standardowy" problem .....