Joo elikkä tässä vanhaa konetta käynnistelin ja tarvis saada tulkintaa hjt lokille. Mitä lähtee? Logfile of HijackThis v1.99.1 Scan saved at 12:49:16, on 5.12.2005 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\FEELITDM.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FSMA32.EXE C:\WINDOWS\EXPLORER.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FSMB32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FCH32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FNRB32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FAMEH32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\ANTI-VIRUS\FSGK32.EXE C:\WINDOWS\TASKMON.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FIH32.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\OHJELMATIEDOSTOT\F-SECURE\ANTI-VIRUS\FSSM32.EXE C:\WINDOWS\LOADQM.EXE C:\OHJELMATIEDOSTOT\F-SECURE\ANTI-VIRUS\FSAV32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FSM32.EXE C:\OHJELMATIEDOSTOT\MSN MESSENGER\MSNMSGR.EXE C:\OHJELMATIEDOSTOT\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE C:\OHJELMATIEDOSTOT\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\OHJELMATIEDOSTOT\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\WINOA386.MOD C:\OHJELMATIEDOSTOT\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE C:\HIJACKTHIS[1]\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tutka.net:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\OHJELMATIEDOSTOT\SIDEFIND\SFBHO.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Ohjelmatiedostot\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file) O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe O4 - HKLM\..\Run: [IrMon] IrMon.exe O4 - HKLM\..\Run: [RealTray] C:\Ohjelmatiedostot\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Ohjelmatiedostot\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\RunServices: [FEELitDeviceManager] C:\WINDOWS\SYSTEM\FEELitDM.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [fsaa] C:\Ohjelmatiedostot\F-Secure\Common\fsaa.exe O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Ohjelmatiedostot\F-Secure\Common\FSMA32.EXE O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Ohjelmatiedostot\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\OHJELMATIEDOSTOT\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Officen käynnistys.lnk = C:\Ohjelmatiedostot\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Office Pikahaku.lnk = C:\Ohjelmatiedostot\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: F-Secure BackWeb.lnk = C:\Ohjelmatiedostot\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\OHJELMATIEDOSTOT\SIDEFIND\SIDEFIND.DLL O12 - Plugin for .spop: C:\OHJELM~1\INTERN~1\Plugins\NPDocBox.dll O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {261EE805-4893-45A3-8E9E-AD90914CB39A} (VacPro.internazionale_98_ver11) - http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB
Poista lisää/poista sovellus-kohdasta (ohjauspaneeli): SideFind Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked): O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\OHJELMATIEDOSTOT\SIDEFIND\SFBHO.DLL O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\OHJELMATIEDOSTOT\SIDEFIND\SIDEFIND.DLL O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentral... O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab O16 - DPF: {261EE805-4893-45A3-8E9E-AD90914CB39A} (VacPro.internazionale_98_ver11) - http://www9.advnt01.com/dialer/internazionale_98_ver11.CAB Laita piilotiedostot näkyviin, ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/248944 Käynnistä vikasietotilaan (Ctrl käynnistyksen yhteydessä) ja poista: C:\OHJELMATIEDOSTOT\==>SIDEFIND<== C:\WINDOWS\web\==>related.htm<== Käynnistä uudelleen ja lähetä uusi HjT-loki.
Vihdoin ja viimein pääsin tämän nopean koneen kanssa yhteisymmärrykseen Logfile of HijackThis v1.99.1 Scan saved at 13:30:59, on 5.12.2005 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\FEELITDM.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FSMA32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FSMB32.EXE C:\WINDOWS\EXPLORER.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FCH32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FNRB32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FAMEH32.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\OHJELMATIEDOSTOT\F-SECURE\ANTI-VIRUS\FSGK32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FIH32.EXE C:\WINDOWS\LOADQM.EXE C:\OHJELMATIEDOSTOT\F-SECURE\COMMON\FSM32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\ANTI-VIRUS\FSSM32.EXE C:\OHJELMATIEDOSTOT\F-SECURE\ANTI-VIRUS\FSAV32.EXE C:\OHJELMATIEDOSTOT\MSN MESSENGER\MSNMSGR.EXE C:\OHJELMATIEDOSTOT\F-SECURE\BACKWEB\7681197\PROGRAM\BACKWEB-7681197.EXE C:\OHJELMATIEDOSTOT\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\OHJELMATIEDOSTOT\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE C:\HIJACKTHIS[1]\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tutka.net:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\OHJELMATIEDOSTOT\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\OHJELM~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [TVWatch] C:\WINDOWS\SYSTEM\TVWatch.exe O4 - HKLM\..\Run: [IrMon] IrMon.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Ohjelmatiedostot\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\RunServices: [FEELitDeviceManager] C:\WINDOWS\SYSTEM\FEELitDM.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [fsaa] C:\Ohjelmatiedostot\F-Secure\Common\fsaa.exe O4 - HKLM\..\RunServices: [F-Secure Management Agent] C:\Ohjelmatiedostot\F-Secure\Common\FSMA32.EXE O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Ohjelmatiedostot\Messenger Plus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\OHJELMATIEDOSTOT\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Officen käynnistys.lnk = C:\Ohjelmatiedostot\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Office Pikahaku.lnk = C:\Ohjelmatiedostot\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: F-Secure BackWeb.lnk = C:\Ohjelmatiedostot\F-Secure\BackWeb\7681197\Program\backweb-7681197.exe O12 - Plugin for .spop: C:\OHJELM~1\INTERN~1\Plugins\NPDocBox.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
jos tänkin kattositte viisaammat Logfile of HijackThis v1.99.1 Scan saved at 15:59:05, on 5.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Borland\InterBase\bin\ibguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Borland\InterBase\bin\ibserver.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\windir32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\windir32.exe C:\Program Files\Samurize\Client.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Opera\Download\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1104492189912 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
@pegi69: HjT-loki siirretty tänne -> http://keskustelu.afterdawn.com/thread_view.cfm/266471 , katso sieltä.