Hijackthis-logini tarkistusta, joku?

sonjaa · Jun 10, 2008

Selvä, poistanko myös kaikki Java(TM) Updatet, mitkä sieltä löytyy? Niissä on kyl sitte vähä erilainen kuva Javasta, kun mitä mainitsit...

Hujo · Jun 10, 2008

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

sonjaa · Jun 10, 2008

Noniin..

--

123 Free Solitaire
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0 - Suomi
Apple Mobile Device Support -tuki
Apple Software Update
ArcSoft Panorama Maker 3.5
ArcSoft PhotoStudio 5.5
AVG Anti-Spyware 7.5
Avira AntiVir Personal – Free Antivirus
Bonjour
Canon MP Navigator 2.0
Canon MP150
Creative MediaSource
Creative MuVo V200
Creative System Information
HijackThis 2.0.2
HP Image Zone 3.5
HP Photosmart -kamerat 3.5
HP Software Update
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Last.fm 1.5.0.24910
LimeWire 4.16.6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Music Manager
MuVo Driver
OmniPage SE 2.0
OpenOffice.org 2.0
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Toolbar

Hujo · Jun 10, 2008

Poista lisää poista sovelutuksesta

Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Yahoo! Toolbar

tostakin saisi uuden version
Windows Media Player 10
Windows Media Player 11 linkki

sonjaa · Jun 10, 2008

Tällästä... Ja nyt skannaan viel Malwarella, millä kestää varmaan taas se pari tuntia...

---

ComboFix 08-06-09.7 - Aira&Pekka 2008-06-11 3:34:06.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.373 [GMT 3:00]
Running from: C:\Documents and Settings\Aira&Pekka\My Documents\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 03:21 . 2008-06-11 03:21 <DIR> d-------- C:\Program Files\Sun
2008-06-11 03:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-11 03:14 . 2008-06-11 03:14 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-10 22:19 . 2008-06-10 22:19 <DIR> d-------- C:\VundoFix Backups
2008-06-10 17:22 . 2008-06-10 17:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 17:22 . 2008-06-10 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 17:22 . 2008-06-10 17:22 <DIR> d-------- C:\Documents and Settings\Aira&Pekka\Application Data\Malwarebytes
2008-06-10 17:22 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 17:22 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 21:48 . 2008-06-09 21:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 20:58 . 2008-06-09 20:58 <DIR> d-------- C:\Documents and Settings\Aira&Pekka\Application Data\MSNInstaller
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-03 20:34 . 2008-06-03 20:34 <DIR> d-------- C:\Documents and Settings\Aira&Pekka\Application Data\Grisoft
2008-06-03 20:29 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-03 20:28 . 2008-06-03 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-03 20:17 . 2008-06-03 22:58 86,548 --a------ C:\Documents and Settings\Aira&Pekka\setupa.exe
2008-06-01 20:07 . 2008-06-01 20:07 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 00:27 --------- d-----w C:\Documents and Settings\Aira&Pekka\Application Data\OpenOffice.org2
2008-06-11 00:21 --------- d-----w C:\Program Files\Java
2008-06-09 17:55 --------- d-----w C:\Program Files\Sony
2008-05-29 17:00 --------- d-----w C:\Program Files\Creative
2008-05-29 16:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-20 10:17 --------- d-----w C:\Program Files\Last.fm
2008-05-04 13:47 --------- d-----w C:\Program Files\Google
2008-05-02 19:11 --------- d-----w C:\Program Files\iPod
2008-05-02 18:58 --------- d-----w C:\Program Files\Bonjour
2008-05-02 18:56 --------- d-----w C:\Program Files\Canon
2008-05-02 18:55 --------- d-----w C:\Program Files\DivX
2008-05-02 18:39 --------- d-----w C:\Program Files\Juice
2008-04-23 15:32 --------- d-----w C:\Program Files\Apple Software Update
2008-04-13 14:56 --------- d-----w C:\Program Files\QuickTime
.

------- Sigcheck -------

2008-05-28 17:28 87552 918e116feae29a433201b7a5400829ba C:\WINDOWS\system32\ws2_32.dll
2004-08-04 04:07 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_15.16.21.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 12:01:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 00:42:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2007-09-24 19:30:28 135,168 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 22:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-24 19:30:30 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 22:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-24 20:31:42 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-24 23:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 05:23 102400]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 23:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 22:00 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 10:11 49152]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 18:41 262401]
"iTunesHelper"="C:\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:07 15360]

C:\Documents and Settings\Aira&Pekka\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-15 13:02:32 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 16:19:24 237568]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\iTunes\\iTunes.exe"=

S1 ensqio;ensqio;C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB AudioPCI 128;C:\WINDOWS\system32\DRIVERS\sbpcint4.sys []
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 23:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 16:10:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 03:44:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
.
**************************************************************************
.
Completion time: 2008-06-11 3:58:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 00:57:15
ComboFix2.txt 2008-06-10 18:51:36
ComboFix3.txt 2008-06-10 13:51:57
ComboFix4.txt 2008-06-10 12:18:25

Pre-Run: 405,786,624 bytes free
Post-Run: 554,422,272 bytes free

134 --- E O F --- 2008-05-18 11:53:23

sonjaa · Jun 11, 2008

Näin... Onkos tässä vielä jotain?

--

Malwarebytes' Anti-Malware 1.16
Database version: 845

5:56:24 11.6.2008
mbam-log-6-11-2008 (05-56-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 99664
Time elapsed: 1 hour(s), 33 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hujo · Jun 11, 2008

juuh puhdas tää loki

=============

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

File::
C:\Documents and Settings\Aira&Pekka\setupa.exe

Click to expand...

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

sonjaa · Jun 11, 2008

Tässä näin.:

--

ComboFix 08-06-09.7 - Aira&Pekka 2008-06-11 18:55:22.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.344 [GMT 3:00]
Running from: C:\Documents and Settings\Aira&Pekka\My Documents\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\Aira&Pekka\My Documents\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Aira&Pekka\setupa.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Aira&Pekka\setupa.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-11 12:45 . 2008-04-14 14:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:45 . 2008-04-14 14:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 03:21 . 2008-06-11 03:21 <DIR> d-------- C:\Program Files\Sun
2008-06-11 03:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-11 03:14 . 2008-06-11 03:14 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-10 22:19 . 2008-06-10 22:19 <DIR> d-------- C:\VundoFix Backups
2008-06-10 17:22 . 2008-06-10 17:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 17:22 . 2008-06-10 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 17:22 . 2008-06-10 17:22 <DIR> d-------- C:\Documents and Settings\Aira&Pekka\Application Data\Malwarebytes
2008-06-10 17:22 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 17:22 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-09 21:48 . 2008-06-09 21:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-09 20:58 . 2008-06-09 20:58 <DIR> d-------- C:\Documents and Settings\Aira&Pekka\Application Data\MSNInstaller
2008-06-05 00:15 . 2008-06-05 00:15 290,110 --a------ C:\WINDOWS\ftp.exe
2008-06-03 20:34 . 2008-06-03 20:34 <DIR> d-------- C:\Documents and Settings\Aira&Pekka\Application Data\Grisoft
2008-06-03 20:29 . 2007-05-30 15:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-03 20:28 . 2008-06-03 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-01 20:07 . 2008-06-01 20:07 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 15:48 --------- d-----w C:\Documents and Settings\Aira&Pekka\Application Data\OpenOffice.org2
2008-06-11 00:21 --------- d-----w C:\Program Files\Java
2008-06-09 17:55 --------- d-----w C:\Program Files\Sony
2008-05-29 17:00 --------- d-----w C:\Program Files\Creative
2008-05-29 16:52 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-20 10:17 --------- d-----w C:\Program Files\Last.fm
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-04 13:47 --------- d-----w C:\Program Files\Google
2008-05-02 19:11 --------- d-----w C:\Program Files\iPod
2008-05-02 18:58 --------- d-----w C:\Program Files\Bonjour
2008-05-02 18:56 --------- d-----w C:\Program Files\Canon
2008-05-02 18:55 --------- d-----w C:\Program Files\DivX
2008-05-02 18:39 --------- d-----w C:\Program Files\Juice
2008-04-23 15:32 --------- d-----w C:\Program Files\Apple Software Update
2008-04-13 14:56 --------- d-----w C:\Program Files\QuickTime
.

------- Sigcheck -------

2008-05-28 17:28 87552 918e116feae29a433201b7a5400829ba C:\WINDOWS\system32\ws2_32.dll
2004-08-04 04:07 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-10_15.16.21.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-10 12:01:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 16:02:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:56 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:03:57 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 08:59:34 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:56 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 08:59:35 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:03:56 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 08:59:35 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:03:57 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 08:59:35 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 08:59:35 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03:57 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 08:59:35 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:58 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 08:59:35 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:58 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 08:59:35 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 22:29:38 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 08:59:37 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 08:59:37 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:03:59 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 08:59:37 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:03:59 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 08:59:37 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 08:59:38 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 08:59:38 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 08:59:38 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:04:00 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 08:59:39 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:04:00 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 08:59:35 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:57 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:58 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:58 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-09-24 19:30:28 135,168 -c--a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 22:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-24 19:30:30 135,168 -c--a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 22:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-24 20:31:42 139,264 -c--a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-24 23:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:59 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:04:00 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:04:00 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-12-10 12:10:02 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:04:00 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-16 08:59:39 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:04:00 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 05:23 102400]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 23:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 22:00 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 10:11 49152]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 18:41 262401]
"iTunesHelper"="C:\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:07 15360]

C:\Documents and Settings\Aira&Pekka\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-15 13:02:32 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 16:19:24 237568]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\iTunes\\iTunes.exe"=

S1 ensqio;ensqio;C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB AudioPCI 128;C:\WINDOWS\system32\DRIVERS\sbpcint4.sys []
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM);C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 23:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 16:10:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 19:04:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
.
**************************************************************************
.
Completion time: 2008-06-11 19:18:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 16:17:30
ComboFix2.txt 2008-06-11 00:58:26
ComboFix3.txt 2008-06-10 18:51:36
ComboFix4.txt 2008-06-10 13:51:57
ComboFix5.txt 2008-06-10 12:18:25

Pre-Run: 400,125,952 bytes free
Post-Run: 419,348,480 bytes free

234 --- E O F --- 2008-06-11 09:57:22

Hujo · Jun 11, 2008

mites kone toimii

sonjaa · Jun 11, 2008

Tosi hyvin. Ei vie enää niille pokeri ym. sivuille. Toimii ihan normaalisti, eikä hidastele. : ) Kiitos!

sonjaa · Jun 11, 2008

Elikkäs ei varmaan tartte tehdä tälle mitään?

Hujo · Jun 11, 2008

ei muuta kuin uusia viruksia kohti

sonjaa · Jun 11, 2008

Hahaa, ajattelin kyllä pysyä niistä tästä lähtien kaukana. : ) Kiitos vielä kerran. Olet kyllä aika nero näiden tietokonejuttujen kanssa!

Log in or Sign up

Hijackthis-logini tarkistusta, joku?

sonjaa Member

Hujo Guest

sonjaa Member

Hujo Guest

sonjaa Member

sonjaa Member

Hujo Guest

sonjaa Member

Hujo Guest

sonjaa Member

sonjaa Member

Hujo Guest

sonjaa Member

Share This Page

Log in or Sign up

Hijackthis-logini tarkistusta, joku?

sonjaa Member

Hujo Guest

sonjaa Member

Hujo Guest

sonjaa Member

sonjaa Member

Hujo Guest

sonjaa Member

Hujo Guest

sonjaa Member

sonjaa Member

Hujo Guest

sonjaa Member

Share This Page

Useful Searches