kotisivun vaihto

Discussion in 'Windows -ongelmat' started by JaPeVu, Nov 22, 2004.

  1. JaPeVu

    JaPeVu Regular member

    Joined:
    Sep 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    26
    Hei.
    Mikäköhän on vikana, kun netiä avatessa aukeaa aina joku *.biz loppuinen sivu. Vaihdoin asetuksista uuden, mutta turhaan.

    Poistin ylmääräiset ohjelmat ctrl-alt-del ja add/remove brograms. Käytin myös regcleanerin

    Kokeilin myös ad aware, spybot ja CWShredder.

    Vaikea ladata ohjelmia, kun sivu vaihtuu itsekseen tuohon yllä mainittuun.

    Vaihdoin selaimeksi netscape niin ongelma katosi, mutta olisi ihan jees jos sais IE:n toimimaan.

    Luin joitain keskusteluja ja niissä oli mainittu hijackthis, olisiko siitä apua?
     
    JaPeVu, Nov 22, 2004
    #1
  2. turska

    turska Regular member

    Joined:
    Oct 20, 2004
    Messages:
    4,040
    Likes Received:
    0
    Trophy Points:
    46
    Sulla on pöpö koneella.Aja Hijackthis ja postaa tänne.
     
    turska, Nov 23, 2004
    #2
  3. JaPeVu

    JaPeVu Regular member

    Joined:
    Sep 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    26
    Tässä loki:

    Logfile of HijackThis v1.98.2
    Scan saved at 16:51:59, on 23.11.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\iau.exe
    C:\WINDOWS\stisvsq.exe
    C:\WINDOWS\svshost.exe
    C:\WINDOWS\lssas.exe
    C:\WINDOWS\mservice.exe
    C:\WINDOWS\msqdevl.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\WINDOWS\System32\wuauclt.exe
    D:\Jani\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.mtv3.fi
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Marita & Pojat\Application Data\Mozilla\Profiles\default\kpdj55xa.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Marita & Pojat\Application Data\Mozilla\Profiles\default\kpdj55xa.slt\prefs.js)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: (no name) - {01822570-43E7-3BB4-310B-C31D3DD82409} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {37782E1D-932F-43C8-9DC6-A4862EC2B9F7} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
    O2 - BHO: (no name) - {DB1EC062-FA0E-7E65-4CAE-4DB588BE5CF1} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
    O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
    O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
    O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
    O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Marita\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O15 - Trusted Zone: http://*.easy-search.biz
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.windupdates.com
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fi/games4.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab

     
    JaPeVu, Nov 23, 2004
    #3
  4. turska

    turska Regular member

    Joined:
    Oct 20, 2004
    Messages:
    4,040
    Likes Received:
    0
    Trophy Points:
    46
    Pikasesti vilkaistuna löyty yksi,toi on kökkö:svshost.exe,tollasta ei olekaan Winukassa.
    Ajappas virustarkisjtus,veikkaan että löytyy sitä ja tätä.Kannattaa lukasta toi:
    http://koti.mbnet.fi/pattaya1/hjt7_ohjeita.htm

    Käy poistamasta rekisteristä ton aloitussivun tiedot:
    käynnistä->suorita->kirjoita regedit->ok.aukeaa rekisterieditori,sieltä HKEY Current User ja seuraa sitten tota polkua:\Software\Microsoft\Internet Explorer\Main,Start Page jossa lukee toi sun ongelmasivun nimi,poista se.
     
    turska, Nov 23, 2004
    #4
  5. JaPeVu

    JaPeVu Regular member

    Joined:
    Sep 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    26
    Suoritin kyseiset toimenpiteet ja se sama aloitus sivu tulee edelleenkin. Viiruksia löytyi:

    Worm_rbot.b
    troy_dialui.b
    troy_small.vn
    troy_wintrim.cd
    troy_holica.c
    html_winshow.a

    Yritin poistaa tota svs****.exe mutta se tulee takaisin

    Laitan uuden login:

    Logfile of HijackThis v1.98.2
    Scan saved at 20:38:30, on 23.11.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\iau.exe
    C:\WINDOWS\stisvsq.exe
    C:\WINDOWS\msqdevl.exe
    C:\WINDOWS\mservice.exe
    C:\WINDOWS\lssas.exe
    C:\WINDOWS\svshost.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Netscape\Netscape\Netscp.exe
    C:\WINDOWS\regedit.exe
    D:\Jani\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.biz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - Default URLSearchHook is missing
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Marita & Pojat\Application Data\Mozilla\Profiles\default\kpdj55xa.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Marita & Pojat\Application Data\Mozilla\Profiles\default\kpdj55xa.slt\prefs.js)
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
    O2 - BHO: (no name) - {01822570-43E7-3BB4-310B-C31D3DD82409} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {37782E1D-932F-43C8-9DC6-A4862EC2B9F7} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
    O2 - BHO: (no name) - {DB1EC062-FA0E-7E65-4CAE-4DB588BE5CF1} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
    O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKLM\..\Run: [Games Acceleration] svshost.exe
    O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
    O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
    O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
    O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
    O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
    O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Marita\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
    O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/fi/games4.cab
    O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_EN_XP.cab

     
    JaPeVu, Nov 23, 2004
    #5
  6. turska

    turska Regular member

    Joined:
    Oct 20, 2004
    Messages:
    4,040
    Likes Received:
    0
    Trophy Points:
    46
    Last edited: Nov 23, 2004
    turska, Nov 23, 2004
    #6
  7. JaPeVu

    JaPeVu Regular member

    Joined:
    Sep 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    26
    Kiitoksi nyt lähti toi aloitussivu ongelma, mutta tuli joku vika ilmoitus. ...Running activeX controls on this page... Liitty jotenkin kuviin.
     
    JaPeVu, Nov 24, 2004
    #7
  8. Agent_007

    Agent_007 Senior member

    Joined:
    May 5, 2003
    Messages:
    29,936
    Likes Received:
    124
    Trophy Points:
    143
    Vaihda selain Mozilla Firefox:iin tai Opera:an ja unohda IE ja ActiveX.
     
    Agent_007, Nov 24, 2004
    #8
  9. LaLLi80

    LaLLi80 Senior member

    Joined:
    Nov 23, 2003
    Messages:
    5,010
    Likes Received:
    0
    Trophy Points:
    116
    Tossa on lisätietoa svshost.exe prosessista...eli P2P softan mukana tullut mato. Pitäsi varmaan lähteä ajantasalla olevalla virus scannilla.

    http://www.liutilities.com/products/wintaskspro/processlibrary/svshost/

    Sulla näytti olevan joku dialer ohjelma tossa hijackthis login lopulla. Onko puhdistus softat ajantasalla? Vaihda selain Mozillaan/Operaan.
     
    Last edited: Nov 24, 2004
    LaLLi80, Nov 24, 2004
    #9
  10. JaPeVu

    JaPeVu Regular member

    Joined:
    Sep 30, 2004
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    26
    Harkitaan selaimen vahtoa..

    Onko tässä mitään kökkö jutskia?

    Logfile of HijackThis v1.98.2
    Scan saved at 20:55:54, on 24.11.2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Toi svchost vähä askarruttaa.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    H:\Uudet ajurit\Virus\AVWUPSRV.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\Ajurit\DC++\DCPlusPlus.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\taskmgr.exe
    D:\Kiva ku kävit! Mut nähää..jooko\Muuta\HijackThis19802.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

     
    Last edited: Nov 24, 2004
    JaPeVu, Nov 24, 2004
    #10

Share This Page