Outoja asioita Hijack This Logissa...?

Logfile of HijackThis v1.99.1
Scan saved at 17:27:50, on 1.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\Msocket.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\mIRC\mirc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Miikka\Sekalaista 2\rapget124\rapget.exe
D:\Miikka\Programs\HiJackThis\HijackThis.exe
C:\Program Files\Notepad2\Notepad2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F3 - REG:win.ini: run=C:\WINDOWS\SYSTEM32\Msocket.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [Msocket] C:\WINDOWS\SYSTEM32\Msocket.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



F3 - REG:win.ini: run=C:\WINDOWS\SYSTEM32\Msocket.exe
O4 - HKLM\..\Run: [Msocket] C:\WINDOWS\SYSTEM32\Msocket.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
Saako nuo 5 fiksata kun ne vaikuttaa oudoilta, varsinkin tuo Msocket.exe? ^^

 

Mene http://www.virustotal.com/
Paina ylhäältä valitse... tai choose...
Navigoi C:\WINDOWS\SYSTEM32 kansioon ja etsi sieltä tiedosto: Msocket.exe
Tuplaklikkaa sitä ja paina send. Nyt tiedosto skannataan ja siinä voi kestää hetken joten ole kärsivällinen.
Kun skannaus on valmis, lähetä tulokset tähän viestiketjuun

 

Complete scanning result of "Msocket.exe", received in VirusTotal at 12.02.2006, 15:30:26 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.46 12.02.2006 no virus found
Authentium 4.93.8 12.01.2006 no virus found
Avast 4.7.892.0 12.01.2006 no virus found
AVG 386 12.02.2006 no virus found
BitDefender 7.2 12.02.2006 no virus found
CAT-QuickHeal 8.00 12.02.2006 no virus found
ClamAV devel-20060426 12.01.2006 no virus found
DrWeb 4.33 12.02.2006 BACKDOOR.Trojan
eSafe 7.0.14.0 11.30.2006 no virus found
eTrust-InoculateIT 23.73.74 12.02.2006 no virus found
eTrust-Vet 30.3.3225 12.01.2006 no virus found
Ewido 4.0 12.02.2006 no virus found
Fortinet 2.82.0.0 12.02.2006 suspicious
F-Prot 3.16f 12.01.2006 no virus found
F-Prot4 4.2.1.29 12.01.2006 no virus found
Ikarus 0.2.65.0 12.01.2006 no virus found
Kaspersky 4.0.2.24 12.02.2006 no virus found
McAfee 4909 12.01.2006 New Malware.d
Microsoft 1.1804 12.02.2006 no virus found
NOD32v2 1897 12.02.2006 no virus found
Norman 5.80.02 12.01.2006 no virus found
Panda 9.0.0.4 12.02.2006 no virus found
Prevx1 V2 12.02.2006 no virus found
Sophos 4.12.0 12.02.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.127 12.01.2006 no virus found
UNA 1.83 12.01.2006 no virus found
VBA32 3.11.1 12.01.2006 no virus found
VirusBuster 4.3.15:9 12.01.2006 no virus found

Aditional Information
File size: 151552 bytes
MD5: 3c5cf64af72ad7b49aec13162109c1a0
SHA1: 3c413f54bfaf3c1d47f227262bb00613811c81fd

tossa viel linkki siihen jos jotain jäi puuttumaan: http://www.virustotal.com/vt/en/resultadox?55530cf62870c34ddabeec5a2addf271

nyt mun tarttis saada se pois mut miten?

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
niin saako nuo fiksata kun ne vaikuttaa oudoilta?

 

Avaa HijackThis, paina do a system scan only ja merkkaa nämä:

F3 - REG:win.ini: run=C:\WINDOWS\SYSTEM32\Msocket.exe
O4 - HKLM\..\Run: [Msocket] C:\WINDOWS\SYSTEM32\Msocket.exe

Sulje kaikki avoimet ikkunat ja paina fix cheked

Käynnistä tietokoneesi vikasietotilaan näpyttämällä F8:a käynnistyksen yhteydessä.

Vikasietotilassa poista tämä tiedosto:

C:\WINDOWS\SYSTEM32\Msocket.exe

Käynnistä tietokoneesi normaalisti uudelleen ja seuraavaksi skannaa koneesi Kaspersky Online Skannerilla:
http://www.kaspersky.com/downloads/kws/kavwebscan.html

Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä.

Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen.
Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next.
Klikkaa nyt asetuksia, Scan Settings
Tarkista asetuksista, että seuraavat ovat valittuina:

o Scan using the following Anti-Virus database:

+ Extended (Jos valittavissa, muuten valitse Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Klikkaa OK
Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer
Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut.
Klikkaa nyt Save as Text-painiketta.
Tallenna tiedosto työpöydällesi.
Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.

Nimeä HijackThis.exe uudelleen (oikea klikki -> nimeä uudelleen) vaikkapa scanner.exe:ksi ja lähetä myös uusi HijackThis logi.

 

ok kiitoksia paljon avusta jo nyt
. en kerkeä nyt tekemään tuota mutta teen sen tänään ehkä myöhemmin illalla ja laitan vastauksen sitten onnistuiko. kiitos paljon

 

ööh.. tein tuon kaspersky tarkastuksen internet explorer 6:lla ja se löysi 15 infected objectivea ja 5 virusta muistaakseni... kun se scanneri sai tehtyä sen tarkistuksen loppuun niin se latas vaan sen ''Welcome to the Kaspersky Online Scanner'' sivun minkä osote on: http://www.kaspersky.com/kos/english/kavwebscan.html ilman antamatta mitään logia tai kysymättä mitään... elikkä palas tohon alotusnäyttöön missä on accept ja decline.. jokatapauksessa 20 kohdetta se löysi ja nyt mun tarvis saada ne jotenkin pois mutta miten??? tässä tämän hjt logi nyt: Logfile of HijackThis v1.99.1
Scan saved at 22:36:11, on 2.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Miikka\Programs\HiJackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/md5auth.srf?lc=1035
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

1. Lataa combofix.exe tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

sepi - 06-12-03 15:04:23,26 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\sepi\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))


2006-12-02 20:54 <KANSIO> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-12-01 21:06 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-12-01 20:28 <KANSIO> d-------- C:\Program Files\MagicISO
2006-12-01 16:42 <KANSIO> d-------- C:\Program Files\Ping Plotter
2006-11-30 16:16 <KANSIO> d-------- C:\Program Files\BSplayerPro
2006-11-30 16:16 <KANSIO> d-------- C:\Documents and Settings\sepi\Application Data\BSplayer Pro
2006-11-30 16:09 <KANSIO> d-------- C:\Program Files\Setup
2006-11-30 16:00 <KANSIO> d-------- C:\Documents and Settings\sepi\Application Data\BSplayer
2006-11-28 18:51 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2006-11-28 17:57 <KANSIO> d--h----- C:\WINDOWS\msdownld.tmp
2006-11-26 16:10 <KANSIO> d-------- C:\Program Files\uTorrent
2006-11-24 18:50 <KANSIO> d-------- C:\Program Files\TuneUp Utilities 2007
2006-11-21 18:28 <KANSIO> dr-h----- C:\Documents and Settings\sepi\Recent
2006-11-17 15:30 <KANSIO> d-------- C:\Program Files\Teamspeak2_RC2
2006-11-10 14:02 <KANSIO> d-------- C:\Program Files\Bridge Builder
2006-11-09 18:21 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Disney Interactive
2006-11-09 18:19 <KANSIO> d-------- C:\Program Files\Disney Interactive


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-03 15:02 -------- d-------- C:\Program Files\cFosSpeed
2006-12-03 14:53 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-02 20:28 -------- d-------- C:\Documents and Settings\sepi\Application Data\uTorrent
2006-12-02 17:26 4674541 --a------ C:\WINDOWS\system32\koti.dll
2006-12-02 17:08 -------- d-------- C:\Documents and Settings\sepi\Application Data\foobar2000
2006-12-01 21:06 -------- d---s---- C:\Documents and Settings\sepi\Application Data\Microsoft
2006-12-01 19:32 -------- d-------- C:\Program Files\mIRC
2006-12-01 17:36 -------- d--h----- C:\Program Files\Zero G Registry
2006-12-01 17:31 -------- d-------- C:\Program Files\No-IP
2006-12-01 12:32 -------- d-------- C:\Documents and Settings\sepi\Application Data\teamspeak2
2006-11-28 17:06 -------- d-------- C:\Program Files\IconChanger
2006-11-27 17:54 -------- d-------- C:\Program Files\Advanced System Optimizer
2006-11-26 17:19 -------- d-------- C:\Program Files\WinRAR
2006-11-24 18:56 -------- d-------- C:\Program Files\BitComet
2006-11-24 15:37 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-23 20:17 -------- d-------- C:\Documents and Settings\sepi\Application Data\Azureus
2006-11-19 21:01 -------- d-------- C:\Program Files\Internet Explorer
2006-11-19 14:59 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-11-16 20:58 -------- d-------- C:\Program Files\SpeedFan
2006-11-15 11:21 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-11-14 19:22 -------- d-------- C:\Program Files\CCleaner
2006-11-09 18:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 20:50 -------- d-------- C:\Program Files\GanymedeNet
2006-11-01 20:43 -------- d-------- C:\Documents and Settings\sepi\Application Data\AdShield
2006-11-01 20:23 -------- d-------- C:\Program Files\AllStar
2006-10-29 18:40 -------- d-------- C:\Documents and Settings\sepi\Application Data\Talkback
2006-10-29 17:12 -------- d-------- C:\Program Files\Webteh
2006-10-26 19:05 -------- d-------- C:\Documents and Settings\sepi\Application Data\dvdcss
2006-10-24 14:39 -------- d-------- C:\Documents and Settings\sepi\Application Data\Adobe
2006-10-23 21:08 -------- d-------- C:\Program Files\foobar2000
2006-10-21 20:22 -------- d-------- C:\Program Files\The All-Seeing Eye
2006-10-20 20:05 -------- d-------- C:\Documents and Settings\sepi\Application Data\Mozilla
2006-10-13 14:37 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 14:37 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 12:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-10 16:31 -------- d-------- C:\Documents and Settings\sepi\Application Data\Seven Zip
2006-10-10 16:17 -------- d-------- C:\Program Files\RM Converter
2006-10-06 15:37 -------- d-------- C:\Program Files\Stabenfeldt
2006-10-03 18:06 -------- d-------- C:\Documents and Settings\sepi\Application Data\vtcmovies
2006-10-03 18:06 -------- d-------- C:\Documents and Settings\sepi\Application Data\vtc_demo_setup
2006-09-24 15:28 5248 --a------ C:\WINDOWS\system32\speedfan.sys
2006-09-14 14:33 2314 --a------ C:\Program Files\uninstal.log
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-09 01:29 715776 --------- C:\WINDOWS\system32\WindowsCodecs.dll
2006-09-09 01:29 411648 --------- C:\WINDOWS\system32\photometadatahandler.dll
2006-09-09 01:29 352256 --------- C:\WINDOWS\system32\WindowsCodecsExt.dll
2006-09-09 01:29 274432 --------- C:\WINDOWS\system32\WMPhoto.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"cFosSpeed"="C:\\Program Files\\cFosSpeed\\cFosSpeed.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,72,03,00,00,23,00,00,00,fc,00,00,00,f2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"C:\\QuickTimePlayer\\qttask.exe\" -atboottime"
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061202-203314-233
F3 - REG:win.ini: run=C:\WINDOWS\SYSTEM32\Msocket.exe
backup-20061202-203314-681
O4 - HKLM\..\Run: [Msocket] C:\WINDOWS\SYSTEM32\Msocket.exe
backup-20061201-174223-211
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20061201-174223-204
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
backup-20061201-174223-865
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20061201-172547-114
O18 - Protocol: msnim - 0 - (no file)
backup-20061201-172522-312
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
backup-20061201-171901-685
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
backup-20061201-171901-786
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
backup-20061126-155749-511
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
backup-20061126-155749-568
O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AllStar\AdShield\restrict.htm
backup-20061126-155749-433
O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AllStar\AdShield\settings.htm
backup-20061126-155749-627
O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AllStar\AdShield\suppress.htm
backup-20061126-155749-902
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
backup-20061126-155749-634
O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AllStar\AdShield\maintain.htm
backup-20061126-155626-162
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
backup-20061126-155626-771
O4 - HKCU\..\Run: [Driver Development Kit] C:\WINDOWS\system32\ddk.exe
backup-20061126-155626-509
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
backup-20061126-155626-451
O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AllStar\AdShield\AdShield.dll
backup-20061126-155506-950
O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\PROGRA~1\AllStar\AdShield\AdShield.dll (HKCU)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 06-12-03 15:05:12.26
C:\ComboFix.txt ... 06-12-03 15:05


tuossa olis tuo loki nyt ^^

 

Ei siinä mitään ihmeempää ole. Onko vielä jotain ongelmia?

 

ei enää ongelmia ja se Msocket olis joku Tea Cup homma.. mut puhdistiko tuo combofix jotain?

 

ei