Auttakaa mulla haittaohjelma!!!

Discussion in 'Virukset ja haittaohjelmat' started by Hannu11, Mar 31, 2006.

  1. Hannu11

    Hannu11 Guest

    Eli mun näytöllä on sellane punane razespyware juttu jossa välkkyy osa teksteistä eli haittaohjelma miten saan sen pois ad-awarella oon koittanu eikä sitä näy ohjauspaneelissa jne auttakaa ny joku!!!!!!
     
    Hannu11, Mar 31, 2006
    #1
  2. kairis

    kairis Regular member

    Joined:
    Jun 1, 2003
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    Laita HjT-loki, ohjelman saat täältä.http://koti.mbnet.fi/pattaya1/HijackThis.exe Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.
     
    Last edited: Mar 31, 2006
    kairis, Mar 31, 2006
    #2
  3. Hannu11

    Hannu11 Guest

    Meinaatko tätä :

    Logfile of HijackThis v1.99.1
    Scan saved at 8:48:03, on 1.4.2006
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROBE\ASUSPROB.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\AVG\AVGCC.EXE
    C:\AVG\AVGAMSVR.EXE
    C:\WINDOWS\MIXER.EXE
    C:\OHJELMATIEDOSTOT\D-TOOLS\DAEMON.EXE
    C:\WINDOWS\SYSTEM\ZOZIFZNXY.EXE
    C:\WINDOWS\SYSTEM\COMMCTRL.EXE
    C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WUTEMP\ZONEALARM\ZLCLIENT.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\OHJELMATIEDOSTOT\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\TYöPöYTä\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.elisa.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://elisa.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Ohjelmatiedostot\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ASUS Probe] c:\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] "c:\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG7_CC] c:\AVG\AVGCC.EXE /STARTUP
    O4 - HKLM\..\Run: [AVG7_AMSVR] c:\AVG\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [Ato9mz] C:\WINDOWS\TEMP\ATO9MZ.EXE
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Ohjelmatiedostot\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ZOZIFZNXY] C:\WINDOWS\SYSTEM\ZOZIFZNXY.EXE
    O4 - HKLM\..\Run: [cfbd6e0c2cc3] C:\WINDOWS\SYSTEM\COMMCTRL.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Ohjelmatiedostot\Yhteiset tiedostot\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Hot_Tarts_mc] C:\Program Files\Mpb\Dialers\Hot_Tarts_mc\Hot_Tarts_mc.exe /dontdial
    O4 - HKLM\..\Run: [BearShare] "C:\OHJELMATIEDOSTOT\BEARSHARE\BEARSHARE.EXE" /pause
    O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [d0o9Rgb3e] JGM0_QC.EXE
    O4 - Startup: Zone Labs Security.lnk = C:\WUTemp\ZoneAlarm\zlclient.exe
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\SYSTEM\maxspeed.exe (file missing)
    O9 - Extra button: Palvelut - {9A097680-BFDF-11D3-8AED-0000E884CF82} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Tuki - {9A097681-BFDF-11D3-8AED-0000E884CF82} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {9A097682-BFDF-11D3-8AED-0000E884CF82} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/25ade6cc367b2d462205/netzip/RdxIE601.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.56,85.255.112.146

    Ja seuraavaks?
     
    Hannu11, Apr 1, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Just sitä meinaan :)

    Poista ohjauspaneelista (lisää/poista sovellus), jos on:

    Hot_Tarts_mc

    Hae fixwareout -> http://downloads.subratam.org/Fixwareout.exe
    Tallenna johonkin hakemistoon ja käynnistä se. Seuraa ohjeita, käynnistä kone uudestaan kun fixi pyytää sitä. Fixi avaa HjT:n.

    Siirrä HjT omaan kansioonsa -> C:\hjt

    Fixaa silloin nämä rivit (do a system scan only, merkkaa ja paina fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\SearchBar.htm
    O4 - HKLM\..\Run: [Ato9mz] C:\WINDOWS\TEMP\ATO9MZ.EXE
    O4 - HKLM\..\Run: [ZOZIFZNXY] C:\WINDOWS\SYSTEM\ZOZIFZNXY.EXE
    O4 - HKLM\..\Run: [cfbd6e0c2cc3] C:\WINDOWS\SYSTEM\COMMCTRL.exe
    O4 - HKLM\..\Run: [Hot_Tarts_mc] C:\Program
    O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\SYSTEM\msmsgs.exe Files\Mpb\Dialers\Hot_Tarts_mc\Hot_Tarts_mc.exe /dontdial
    O4 - HKCU\..\Run: [d0o9Rgb3e] JGM0_QC.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/25ade6cc367b2d462205/netzip/RdxIE601.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
    O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.116.56,85.255.112.146

    Poista jos löytyy:

    C:\WINDOWS\TEMP\ATO9MZ.EXE
    C:\WINDOWS\SYSTEM\ZOZIFZNXY.EXE
    C:\WINDOWS\SYSTEM\COMMCTRL.exe
    C:\Program Files\Mpb
    C:\WINDOWS\SYSTEM\msmsgs.exe
    JGM0_QC.EXE (etsi Etsi-toiminnolla)

    Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm .
    Asenna, päivitä, skannaa sivulla olevien ohjeiden mukaan. Lähetä sitten "örkkitulokset" tänne (ohje tuolla sivulla, alin kuva ja sen yläpuolella oleva teksti).

    Lähetä uusi HjT-loki, eScanin tulokset ja C:\fixwareout\report.txt-tiedoston sisältö tänne.
     
    Last edited: Apr 1, 2006
    -kemisti-, Apr 1, 2006
    #4

Share This Page