epäilen että koneellani on Troijalainen tai joku muu tässä hjt-loki Logfile of HijackThis v1.99.1 Scan saved at 20:18:48, on 27.3.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\DC++\DCPlusPlus.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kalumanteri\Työpöytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) Kiitti etukäteen.
Hijack This omaan kansioonsa C:n juureen: C:\hjt\HijackThis.exe Eipä siellä mitään ihmeempää näy, paitsi tietenkin tuo BearShare, joka tykkää sisällyttää itseensä spywarea. Suosittelen hankkiutumaan siitä eroon. Sinulla muuten ei näytä olevan palomuuria ollenkaan. Hae ihmeessä esimerkiksi ZoneAlarm tai Kerio!
Poistahan ohjauspenelista tuo BearShare! Käynnistä kone uudelleen ja poista kansio: C:\Program Files\==>BearShare<==\ Siellä uskoisin se sinun troija/spyware onkin! Ilmeisesti sinulla on kaikenlisäks niinkuin maw sanoi niin käytössä WinXp palomuuri, siksi ei näy kunnon muuria. Aja vielä lopuksi ewido: -> http://keskustelu.afterdawn.com/thread_view.cfm/269186 Lähetä sen jälkeen raportti siittä tänne alle, kaikki oppaassa ohjeet.
ewidon raportti ei visii löytynyt mitää epäilyttävää: ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 19:00:34, 29.3.2006 + Report-Checksum: 1B786E95 + Scan result: C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@ehg-teliasonera.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Kalumanteri\Cookies\kalumanteri@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup ::Report End
Pelkkiä keksejä löysi eli ei tosiaan mitään vaarallisempaa. Ilmeisesti poistit tuon Bearsharen, kuten Aaxxeell suositteli?
