Formatoin just koneen ja sitte latasin yhen tiedoston joka ei toiminu, mut toimi ennen, ni aattelin et se saatto olla joku piilotettu keylogger tj.. ni joku vois tsekata eikös vain? =) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:36:51, on 28.7.2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Tibia\Tibia.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 4683 bytes
Lataa Deckard's System Scanner Työpöydällesi. Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman. [*]Sulje kaikki avoimet ikkunat ja ohjelmat. [*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita. [*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt [*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V ) [*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
"Avasti varoittaa että tuossa on troijalainen >.<" Eikun lähettämään palautetta ja näyte tiedostosta niille.. näin sitä menetellään..
Scannasin sen ekaks ja tuli kummatki notepadit mut suljin vahingossa sen extra txt:n.. ni nyt ku laitoin uuden scannin ni tuli vaa se main Mut tässä se main.txt. Deckard's System Scanner v20070729.57 Run by Jarno on 2007-08-02 at 12:42:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Jarno.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:42:24, on 2.8.2007 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\Program Files (x86)\MSN Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\SysWOW64\conime.exe C:\Users\Jarno\Desktop\dss.exe C:\PROGRA~2\TRENDM~1\HIJACK~1\Jarno.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5096 bytes -- Files created between 2007-07-02 and 2007-08-02 ----------------------------- 2007-07-31 10:20:54 0 d-------- C:\Tibia 2007-07-31 10:10:31 0 d-------- C:\Automap 2007-07-30 21:29:53 0 d-------- C:\Program Files (x86)\Realtek 2007-07-30 21:29:52 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information 2007-07-30 21:29:45 499712 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2007-07-30 21:29:37 0 d-------- C:\Program Files (x86)\Common Files\InstallShield 2007-07-30 13:11:53 0 d-------- C:\Windows\PCHEALTH 2007-07-30 13:11:53 0 d-------- C:\Program Files (x86)\MSN Messenger 2007-07-29 20:58:24 5824 --a------ C:\Windows\system32\drivers\ASUSHWIO.SYS 2007-07-28 22:14:31 0 d-------- C:\Users\All Users\Google 2007-07-28 21:36:39 0 d-------- C:\Program Files (x86)\Trend Micro 2007-07-28 21:27:41 0 d-------- C:\Program Files (x86)\Asprate 2007-07-28 20:56:21 0 d-------- C:\Python25 2007-07-28 20:54:35 0 d--hs---- C:\Windows\Installer 2007-07-28 20:45:36 0 d-a------ C:\Users\All Users\TEMP 2007-07-28 20:41:38 0 --a------ C:\Windows\nsreg.dat 2007-07-28 13:09:37 0 d-------- C:\Windows\system32\Macromed 2007-07-28 12:41:34 0 d-------- C:\Windows\Panther 2007-07-28 12:41:19 0 d--hs---- C:\Boot 2007-07-28 11:58:51 0 dr------- C:\Users\Jarno\Searches 2007-07-28 11:58:01 0 dr------- C:\Users\Jarno\Contacts 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\Verkkoympäristö 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\Tulostinympäristö 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\SendTo 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\Recent 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\Omat tiedostot 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\Mallit 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\Local Settings 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\Käynnistä-valikko 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\Cookies 2007-07-28 11:57:24 0 d--hs---- C:\Users\Jarno\Application Data 2007-07-28 11:57:17 0 dr------- C:\Users\Jarno\Pictures 2007-07-28 11:57:17 0 dr------- C:\Users\Jarno\Music 2007-07-28 11:57:17 0 dr------- C:\Users\Jarno\Links 2007-07-28 11:57:17 0 dr------- C:\Users\Jarno\Favorites 2007-07-28 11:57:17 0 dr------- C:\Users\Jarno\Downloads 2007-07-28 11:57:17 0 dr------- C:\Users\Jarno\Documents 2007-07-28 11:57:17 0 dr------- C:\Users\Jarno\Desktop 2007-07-28 11:57:17 0 d--h----- C:\Users\Jarno\AppData 2007-07-28 11:57:16 0 dr------- C:\Users\Jarno\Videos 2007-07-28 11:57:16 0 dr------- C:\Users\Jarno\Saved Games 2007-07-28 11:57:15 1048576 --ahs---- C:\Users\Jarno\NTUSER.DAT 2007-07-28 11:52:36 0 d--hs---- C:\Users\Default\Verkkoympäristö 2007-07-28 11:52:36 0 d--hs---- C:\Users\Default\Tulostinympäristö 2007-07-28 11:52:36 0 d--hs---- C:\Users\Default\Omat tiedostot 2007-07-28 11:52:36 0 d--hs---- C:\Users\Default\Mallit 2007-07-28 11:52:36 0 d--hs---- C:\Users\Default\Käynnistä-valikko 2007-07-28 11:52:36 0 d--hs---- C:\Users\All Users\Työpöytä 2007-07-28 11:52:36 0 d--hs---- C:\Users\All Users\Tiedostot 2007-07-28 11:52:36 0 d--hs---- C:\Users\All Users\Suosikit 2007-07-28 11:52:36 0 d--hs---- C:\Users\All Users\Mallit 2007-07-28 11:52:36 0 d--hs---- C:\Users\All Users\Käynnistä-valikko 2007-07-28 11:46:36 0 d-------- C:\Windows\SoftwareDistribution 2007-07-28 11:44:20 0 d-------- C:\Windows\Debug 2007-07-28 11:42:05 0 d-------- C:\Windows\Prefetch 2007-07-28 11:41:57 0 d--hs---- C:\System Volume Information -- Find3M Report --------------------------------------------------------------- 2007-07-31 10:22:01 0 d-------- C:\Users\Jarno\AppData\Roaming\Tibia 2007-07-30 21:29:37 0 d-------- C:\Program Files (x86)\Common Files 2007-07-28 20:41:30 0 d-------- C:\Users\Jarno\AppData\Roaming\Mozilla 2007-07-28 13:09:50 0 d-------- C:\Users\Jarno\AppData\Roaming\Macromedia 2007-07-28 12:35:34 0 d-------- C:\Program Files (x86)\Windows Mail 2007-07-28 11:58:17 0 d-------- C:\Users\Jarno\AppData\Roaming\Identities -- Registry Dump --------------------------------------------------------------- -- End of Deckard's System Scanner: finished at 2007-08-02 at 12:42:40 ---------
juups.. ekalla kerralla tulee vaan extra.. Lataa Dr.Web CureIt työpöydälle: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe [*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan [*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan. [*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata. [*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu. [*]Klikaa vihreää nuolta oikealla ja scan alkaa. [*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston. [*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: [*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa: Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon. [*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list [*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv [*]Sulje Dr.Web Cureit. [*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä. [*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
Se sanoo että "Done-no viruses found". Ni en voi painaa sitä kuvaa minkä näytit enkä save report list
