Mozilla ja muut selaimet avaavat uusia sivuja

Discussion in 'Virukset ja haittaohjelmat' started by Pikkupete, Jan 31, 2006.

  1. Pikkupete

    Pikkupete Regular member

    Joined:
    Jan 31, 2006
    Messages:
    172
    Likes Received:
    0
    Trophy Points:
    26
    Elikkäs ongelmana on tämä että kun formatoisin koneen ja asensin virustorjunta ohjelman , Palomuurin ja adaware ohjelman niin selaimet avaavat sivuja näytölle aika tiuhaan tahtiin ja niin se ei ennen tehnyt. Saattaisiko kyseessä olla Spywareja vai mitä? Kun en oikein näistä asioista tiedä.
     
    Pikkupete, Jan 31, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    -kemisti-, Jan 31, 2006
    #2
  3. Pikkupete

    Pikkupete Regular member

    Joined:
    Jan 31, 2006
    Messages:
    172
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 23:23:11, on 31.1.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Pop up Blocker\pd.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\System32\geedc.dll
    O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\System32\vturo.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
    O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra button: PD - {DBE561FD-8AFA-4BD1-A50D-3EE3A3424045} - C:\Program Files\Pop up Blocker\pd.exe
    O15 - Trusted Zone: *.elitemediagroup.net
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload114a.exe
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
    O20 - Winlogon Notify: geedc - C:\WINDOWS\System32\geedc.dll
    O20 - Winlogon Notify: RunOnce - C:\WINDOWS\
    O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\hrl2053oe.dll
    O20 - Winlogon Notify: vturo - C:\WINDOWS\SYSTEM32\vturo.dll
    O20 - Winlogon Notify: windph32 - windph32.dll (file missing)
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe (file missing)

     
    Pikkupete, Jan 31, 2006
    #3
  4. Pikkupete

    Pikkupete Regular member

    Joined:
    Jan 31, 2006
    Messages:
    172
    Likes Received:
    0
    Trophy Points:
    26
    Tuossa tuo nyt sitten on , toivottavasti mahtui tuohon / edes laitoin oikein :p..
     
    Pikkupete, Jan 31, 2006
    #4
  5. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Ihan sellanen on kun pitäiskin :)

    Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
    O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
    O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
    O15 - Trusted Zone: *.elitemediagroup.net
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/webmasterexe/drsmartload114a.exe
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c18.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O20 - Winlogon Notify: RunOnce - C:\WINDOWS\
    O20 - Winlogon Notify: windph32 - windph32.dll (file missing)
    O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINDOWS\System32\wuapi.exe (file missing)
    O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\axdcfasb.exe (file missing)

    Sitten käynnistä -> suorita -> services.msc -> ok

    Etsi listalta:

    Automatic Update Service
    MicroSoft Media Tools
    Network Monitor
    sdktemp

    Tuplaklikkaa niitä, valitse käynnistymistavaksi "ei käytössä" ja paina seis.

    Poista, jos löytyy:

    C:\WINDOWS\System32\==>wuapi.exe<==
    C:\WINDOWS\==>MSmedia.exe<==
    C:\Program Files\==>Network Monitor<==
    C:\WINDOWS\==>axdcfasb.exe<==
    C:\WINDOWS\System32\==>xvd32.dll<==
    C:\Program Files\==>WinFixer_2006<==

    Hae win32delfkil -> http://users.telenet.be/marcvn/tools/win32delfkil.exe

    Tallenna työpöydälle ja tuplaklikkaa, jolloin se purkaa itsensä win32delfkil-hakemistoon.
    Sulje kaikki ikkunat ja avaa win32delfkil-hakemisto. Tuplaklikkaa fix.bat. Mikäli kone ei käynnisty uudestaan fixin jälkeen, käynnistä se itse.

    Hae VundoFix.exe ->http://www.atribune.org/ccount/click.php?id=4 ja tallenna työpöydälle
    [*]Tuplaklikkaa VundoFix.exe
    [*]Klikkaa Scan for Vundo
    [*]Kun skanni on valmis, klikkaa Remove Vundo -nappulaa
    [*]Kun kysytään, haluatko poistaa tiedostot, vastaa YES
    [*]Kun klikkaat yes, työpöytä häviää, kun Vundon poisto alkaa.
    [*]Kun se on valmis, fixi ilmoittaa, että kone sammutetaan. Klikkaa ok.
    [*]Käynnistä kone uudelleen

    Lähetä uusi HjT-loki,c:\windelf.txt-tiedoston sisältö ja C:\vundofix.txt-tiedoston sisältö tänne.
     
    Last edited: Jan 31, 2006
    -kemisti-, Jan 31, 2006
    #5

Share This Page