Firefox +mainosikkuna ponnahtaa

Discussion in 'Virukset ja haittaohjelmat' started by niarve00, Jan 3, 2007.

  1. niarve00

    niarve00 Member

    Joined:
    Sep 22, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    11
    Joka kerta kun firefoxin käynnistää niin ponnahtaa explorerin ikkuna auki jaa siihen mainos osoitteesta ad.adserverplus.com/..., joku Unibetin mainos.. Mitenköhän tästä pääsee eroon?
     
    niarve00, Jan 3, 2007
    #1
  2. Jupsu

    Jupsu Active member

    Joined:
    Dec 30, 2005
    Messages:
    1,459
    Likes Received:
    2
    Trophy Points:
    68
    Käy hae HijackThis 1.99.1 ohjelma:

    Asenna ohjelma omaan kansioon, nimeä HijackThis.exe--> Skanneri.exe:si.
    Avaa ohjelma, valitse sieltä "Do a system scan and save a logfile", ohjelma tuottaa muistion jossa on logitiedosto, kopioi logi kokonaisuudessaan ja liitä se tänne seuraavaan vastaukseesi.
     
    Jupsu, Jan 5, 2007
    #2
  3. niarve00

    niarve00 Member

    Joined:
    Sep 22, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 15:40:39, on 6.1.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    F:\Catia\intel_a\code\bin\CATSysDemon.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\SDRC\I-DEAS9\Iona\bin\orbixd.exe
    C:\SDRC\I-DEAS9\sec\lmgrd.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\uTorrent\utorrent.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Api\Työpöytä\Uusi kansio\skanneri.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6C4AA721-4E01-43CF-BF5E-5103470A1EFF} - (no file)
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Shim one move jugs] "C:\Documents and Settings\All Users\Application Data\mode16shimone\Four Tick.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Poke Save] "C:\DOCUME~1\Api\APPLIC~1\WMABIT~1\TONS BOWS.exe"
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125857480716
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160572588031
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: vtutr - C:\WINDOWS\system32\vtutr.dll (file missing)
    O20 - Winlogon Notify: winwga32 - winwga32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Backbone Service (BBDemon) - Unknown owner - F:\Catia\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: I-DEAS 9 Open I-DEAS Server - Unknown owner - C:\SDRC\I-DEAS9\Iona\bin\orbixd.exe
    O23 - Service: I-DEAS License Manager 9.0 - Unknown owner - C:\SDRC\I-DEAS9\sec\lmgrd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDExchange - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDExchange.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

     
    niarve00, Jan 6, 2007
    #3
  4. Jupsu

    Jupsu Active member

    Joined:
    Dec 30, 2005
    Messages:
    1,459
    Likes Received:
    2
    Trophy Points:
    68
    Lataa VundoFix.exe työpöydällesi.
    http://www.atribune.org/ccount/click.php?id=4
    [*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    [*]Klikkaa Scan for Vundo valintaa.
    [*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    [*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    [*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    [*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.

    [*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.

    Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta Klikkaa Scan for Vundo valintaa.
     
    Jupsu, Jan 6, 2007
    #4
  5. niarve00

    niarve00 Member

    Joined:
    Sep 22, 2004
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    11
    Yritin ajaa tuota ohjelmaa, niin kuinkahan kauan tuo normaalisti kestää kun 5 tunnin jälkeen lopetin kun näytti samat 3 tiedostoa vain pyörivän mitä skannaa. Yks oli ainakin update.exe, muita en muista..
     
    niarve00, Jan 7, 2007
    #5

Share This Page