Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Automatic Web Page Opener


  • This topic is locked This topic is locked
2 replies to this topic

#1 tonecas

tonecas

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 26 March 2008 - 06:35 PM

So the problem is that internet pages are being opened automatically with this sites

<http://cc-student-loans.blogspot.com/>
<http://ci-resources.blogspot.com/>
<http://ccard.blogspot.com/>
<http://smart-antivirus.blogspot.com>
<http://www.google-analytics.com>
<http://scripts.addpub.com>
<http://phone-mobile.blogspot.com>
www.c.la/
<http://pourinfo.c.la>
<http://smartgame.uni.cc>
<http://smart4.my10gb.com>
<http://realmoviezone.com>
<www.pharmacyonlineshop.com>
<http://hosting-domains.blogspot.com>
<http://hugevideozone.com>
<http://www.hugevideozone.com>




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:25:40, on 26-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programas\eBoostr\EBstrSvc.exe
C:\Programas\CDBurnerXP\NMSAccessU.exe
C:\Programas\OutSystems\Service Center\CompilerService.exe
C:\Programas\OutSystems\Service Center\DeployService.exe
C:\Programas\OutSystems\Service Center\Scheduler.exe
C:\Programas\OutSystems\Service Center\SMSConnector.exe
C:\Programas\Spyware Terminator\sp_rsser.exe
c:\Programas\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\XSP Web Server\xsp.exe
C:\Programas\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\isys32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Administrador\Definições locais\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programas\Launchy\Launchy.exe
C:\Programas\eBoostr\eBoostrCP.exe
C:\Documents and Settings\Administrador\Definições locais\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Steam\Steam.exe
C:\Programas\BitTorrent\bittorrent.exe
C:\Programas\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programas\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programas\My Lockbox\flockbox.exe
E:\winPenPack.exe
C:\Programas\OutSystems\Service Center\LogServer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programas\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/hydravision
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 193.188.96.93:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: "
O1 - Hosts: "127.0.0.1 myomemo.com"
O1 - Hosts: "127.0.0.1 www.myomemo.com"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programas\TextAloud\TAForIE.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHEI~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winPenPack] E:\winPenPack.exe
O4 - HKLM\..\Run: [MonAppli] C:\Windows\system32\isys32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DesktopPhone] C:\Programas\Vodafone\Vodafone web phone\AppStart.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Definições locais\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\Run: [KeePass Password Safe] "E:\winPenPack\Bin\KeePass\KeePass.exe"
O4 - HKCU\..\Run: [TrueCrypt] "C:\Programas\TrueCrypt\TrueCrypt.exe" /q preferences /a devices
O4 - HKCU\..\Run: [PSwitch] C:\Programas\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: YouTube Uploader.lnk = ?
O4 - Global Startup: Launchy.lnk = C:\Programas\Launchy\Launchy.exe
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Programas\eBoostr\eBoostrCP.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Purple Lounge Poker - {701FD202-200A-4bd1-9380-BC8A722B43A5} - C:\Microgaming\Poker\PurpleloungeMPP\MPPoker.exe
O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Programas\Gnuf\Casino\casinogame.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Programas\Gnuf\Poker\MPPoker.exe
O9 - Extra button: Battlefield Poker - {B736E0DC-CCE3-4e3c-B14F-403FC1569583} - C:\Microgaming\Poker\BattleFieldPokerMPP\MPPoker.exe
O9 - Extra button: your Poker Room Poker - {FB389F33-303A-4490-9E18-B301A493FBF2} - C:\Microgaming\Poker\PokerMetroMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202409240812
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - C:\Programas\eBoostr\EBstrSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: OutSystems Deployment Controller Service - Unknown owner - C:\Programas\OutSystems\Service Center\CompilerService.exe
O23 - Service: OutSystems Deployment Service - Unknown owner - C:\Programas\OutSystems\Service Center\DeployService.exe
O23 - Service: OutSystems Log Service - Unknown owner - C:\Programas\OutSystems\Service Center\LogServer.exe
O23 - Service: OutSystems Scheduler Service - Unknown owner - C:\Programas\OutSystems\Service Center\Scheduler.exe
O23 - Service: OutSystems SMS Connector Service - Unknown owner - C:\Programas\OutSystems\Service Center\SMSConnector.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe
O23 - Service: XSP Web Server (XSP) - Novell, Inc. - C:\Programas\XSP Web Server\xsp.exe

--
End of file - 9783 bytes

This is the log of my hijack. Please take a look and tell me what can I do .
;)

Edited by Orange Blossom, 01 April 2008 - 12:09 AM.
To disable hot link URLs above


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:30 AM

Posted 07 April 2008 - 03:36 PM

Hello tonecas,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:30 AM

Posted 18 April 2008 - 12:46 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users