Hacktool:Hacktool/HideItX

Tuntuu että kaikki eri scannerit löytää eri örkkejä. Skannasin aviralla vikasietotilassa ja löysi yhden uuden örkin, joka on kai nyt sitten poistettu. Nytpä explorer kaatuu kesken f-securen on-line skannauksen. Muutenkin kone sekoilee välillä oudosti. Jo poistamani sanakirjan puhe-synteesi aloittaa itsestään asentamaan ohjelmaa, saattaa tehdä sitä useamman kerran putkeen. Epäilyttää että koneessa on joku portteja itsetään avaava örkki joka latailee uusia örkkejä.

 

katsellaan....
Jos ennestään koneella niin poista ennen latausta
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

ComboFix 07-11-19.4 - Järjestelmänvalvoja 2007-11-28 2:21:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.1492 [GMT 2:00]
Running from: C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä\ComboFix.exe
* Created a new restore point
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2007-10-28 to 2007-11-28 )))))))))))))))))
.

2007-11-27 07:04 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\.housecall6.6
2007-11-27 07:04 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\.housecall6.6
2007-11-24 21:37 <KANSIO> d-------- C:\Program Files\Avira
2007-11-24 21:37 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-24 21:31 <KANSIO> d-------- C:\Program Files\COMODO
2007-11-24 21:31 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Comodo
2007-11-24 21:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-24 21:31 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2007-11-24 21:31 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-24 21:31 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-19 01:13 <KANSIO> d-------- C:\Program Files\Windows Media Connect 2
2007-11-19 01:11 <KANSIO> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-17 02:31 <KANSIO> d-------- C:\Program Files\OpenTTD
2007-11-17 02:31 <KANSIO> d-------- C:\MPS
2007-11-17 02:31 24,576 --------- C:\WINDOWS\UniFISH.exe
2007-11-16 03:35 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Yellow Tools
2007-11-16 03:31 <KANSIO> d-------- C:\Program Files\yellow tools Independence Free 2.0
2007-11-16 00:07 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-15 23:58 <KANSIO> d-------- C:\Temp
2007-11-15 20:46 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\DoctorWeb
2007-11-15 20:46 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\DoctorWeb
2007-11-15 19:50 <KANSIO> d-------- C:\Program Files\Uniblue
2007-11-15 19:50 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Uniblue
2007-11-13 22:57 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-11-13 22:26 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-11-13 00:52 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\fltk.org
2007-11-12 00:46 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2007-11-12 00:42 <KANSIO> d-------- C:\Program Files\Propellerhead
2007-11-12 00:38 <KANSIO> d-------- C:\Program Files\MagicDisc
2007-11-12 00:38 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-11-11 13:57 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\.gimp-2.4
2007-11-11 13:57 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\.gimp-2.4
2007-11-10 18:01 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Audio Damage
2007-11-08 15:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Grisoft
2007-11-08 15:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-08 11:34 <KANSIO> d-------- C:\Program Files\CCleaner
2007-11-08 11:18 <KANSIO> d-------- C:\Program Files\Sunbelt Software
2007-11-08 11:17 <KANSIO> d-------- C:\WINDOWS\Downloaded Installations
2007-11-07 12:30 <KANSIO> d-------- C:\Program Files\Overloud
2007-11-07 12:08 <KANSIO> d-------- C:\Program Files\PSPaudioware
2007-11-07 11:59 54,156 --a------ C:\WINDOWS\system32\QTFont.qfn
2007-11-07 11:59 1,409 --a------ C:\WINDOWS\system32\QTFont.for
2007-11-07 11:57 272,409 --a------ C:\WINDOWS\system32\TmpA87249375
2007-11-07 11:32 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Audio Ease
2007-11-02 20:25 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-02 20:10 <KANSIO> d-------- C:\Program Files\Kaspersky Lab
2007-11-02 19:34 <KANSIO> d-------- C:\Program Files\PowerISO
2007-11-01 22:59 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Publish Providers
2007-11-01 22:57 <KANSIO> d-------- C:\Program Files\Sony
2007-11-01 08:04 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-30 21:18 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-10-30 21:18 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-10-30 21:18 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-10-30 18:06 <KANSIO> d-------- C:\Program Files\Nomad Factory
2007-10-30 18:06 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2007-10-30 18:06 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-10-29 23:57 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\F-Secure
2007-10-29 23:39 <KANSIO> d-------- C:\Program Files\F-Secure Internet Security
2007-10-29 23:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-10-29 23:39 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-10-29 23:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-28 19:09 <KANSIO> d-------- C:\WINDOWS\Replay Media Catcher
2007-10-28 19:09 <KANSIO> d-------- C:\Program Files\Replay Media Catcher
2007-10-28 19:08 3,655,488 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
2007-10-28 19:07 <KANSIO> d-------- C:\WINDOWS\FLV Player
2007-10-28 19:07 <KANSIO> d-------- C:\Program Files\FLV Player

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 13:57 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\HouseCall 6.6
2007-11-23 22:52 --------- d-----w C:\Program Files\MSN Messenger
2007-11-23 18:56 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sony
2007-11-22 22:55 --------- d-----w C:\Program Files\Native Instruments
2007-11-22 22:55 --------- d-----w C:\Program Files\Common Files\Native Instruments
2007-11-20 22:23 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\FabFilter
2007-11-20 22:14 --------- d-----w C:\Program Files\FabFilter
2007-11-17 16:13 --------- d-----w C:\Program Files\Last.fm
2007-11-17 15:00 --------- d-----w C:\Program Files\Winamp
2007-11-14 20:57 --------- d-----w C:\Program Files\VST
2007-11-13 04:02 --------- d-----w C:\Program Files\BitComet
2007-11-08 09:16 --------- d-----w C:\Program Files\QuickTime
2007-11-08 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-07 09:59 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Audio Ease
2007-11-07 09:57 --------- d-----w C:\Program Files\Audio Ease
2007-11-01 20:47 --------- d-----w C:\Program Files\Soulseek
2007-11-01 20:42 --------- d-----w C:\Program Files\Sony Setup
2007-10-26 15:40 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-26 15:37 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-10-26 15:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 15:30 --------- d-----w C:\Program Files\Your Company Name
2007-10-22 14:27 --------- d-----w C:\Program Files\Apple Software Update
2007-10-22 14:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-20 16:21 --------- d-----w C:\Program Files\Sonalksis
2007-10-20 16:19 678,746 ----a-w C:\WINDOWS\unins000.exe
2007-10-17 19:00 --------- d-----w C:\Program Files\Antares Audio Technologies
2007-10-16 15:18 --------- d-----w C:\Program Files\Sonnox
2007-10-15 19:22 --------- d-----w C:\Program Files\Waves
2007-10-15 19:22 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Waves Audio
2007-10-15 17:32 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Sunbelt Software
2007-10-15 15:55 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-10-14 17:11 --------- d-----w C:\Program Files\Lavasoft
2007-10-14 14:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-14 13:54 --------- d-----w C:\Program Files\Arturia
2007-10-14 13:39 --------- d-----w C:\Program Files\ffdshow
2007-10-14 13:36 --------- d-----w C:\Program Files\DivX
2007-10-12 20:08 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-12 16:51 --------- d-----w C:\Program Files\Flux
2007-10-12 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-12 04:28 --------- d-----w C:\Program Files\Java
2007-10-12 04:27 --------- d-----w C:\Program Files\Common Files\Java
2007-10-11 18:41 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Propellerhead Software
2007-10-11 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2007-10-11 18:12 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-11 18:12 --------- d-----w C:\Program Files\Ahead
2007-10-10 16:10 --------- d-----w C:\Program Files\Sanakirjan puhesynteesi
2007-10-10 16:07 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-10 16:07 389,120 ------w C:\WINDOWS\Setup1.exe
2007-10-09 16:23 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-10-09 16:23 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll
2007-10-09 14:33 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\ATI
2007-10-09 14:32 --------- d-----w C:\Program Files\ATI Technologies
2007-10-08 19:37 --------- d-----w C:\Program Files\Zero-G
2007-10-08 17:43 --------- d-----w C:\Program Files\Syncrosoft
2007-10-08 17:42 --------- d-----w C:\Program Files\Steinberg
2007-10-08 17:38 --------- d-----w C:\Program Files\Synful
2007-10-08 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Synful
2007-10-08 17:29 --------- d-----w C:\Program Files\NuGen Audio
2007-10-07 16:16 833,099 ----a-w C:\WINDOWS\PhaseTwo VST plug-in Uninstaller.exe
2007-10-07 15:43 54,784 ----a-w C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2007-10-07 15:43 12,464 ----a-w C:\WINDOWS\system32\drivers\CdaC15BA.SYS
2007-10-07 15:43 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-07 15:43 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-10-07 15:29 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Emulator X
2007-10-07 15:28 --------- d-----w C:\Program Files\Creative Professional
2007-10-07 13:34 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Cycling '74
2007-10-07 13:29 --------- d-----w C:\Program Files\Cycling '74
2007-10-07 13:29 --------- d-----w C:\Program Files\Common Files\Cycling '74
2007-10-06 15:59 833,120 ----a-w C:\WINDOWS\Reverence VST plug-in Uninstaller.exe
2007-10-06 15:56 --------- d-----w C:\Program Files\AAS
2007-10-06 10:09 --------- d-----w C:\Program Files\WWAYM
2007-10-06 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2007-10-05 20:48 --------- d-----w C:\Program Files\Common Files\Creative Professional
2007-10-05 20:40 --------- d-----w C:\Program Files\Creative
2007-10-05 20:39 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-05 20:39 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-10-05 20:39 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Creative
2007-10-05 20:38 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\EmuPatchMixDSP
2007-10-05 11:36 --------- d-----w C:\Program Files\Elemental Audio Systems
2007-10-03 16:39 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Applied Acoustics Systems
2007-10-02 20:04 --------- d-----w C:\Program Files\Image-Line
2007-10-02 14:46 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Apple Computer
2007-10-02 03:57 --------- d-----w C:\Program Files\ToniArts
2007-10-01 19:17 833,120 ----a-w C:\WINDOWS\Replicant VST plug-in Uninstaller.exe
2007-10-01 19:17 --------- d-----w C:\Program Files\IK Multimedia
2007-10-01 19:17 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\InstallShield
2007-09-30 20:49 --------- d-----w C:\Program Files\u-he
2007-09-30 15:17 --------- d-----w C:\Program Files\DAMN NFO Viewer
2007-09-30 10:22 --------- d-----w C:\Program Files\Common Files\Digidesign
2007-09-30 09:45 --------- d-----w C:\Program Files\Wave Arts
2007-09-30 09:36 --------- d-----w C:\Program Files\Lavalys
2007-09-30 09:34 --------- d-----w C:\Documents and Settings\Järjestelmänvalvoja\Application Data\DivX
2007-09-30 00:12 --------- d-----w C:\Program Files\JavaSoft
2007-09-30 00:06 --------- d-----w C:\Program Files\Recycle
2007-09-29 23:30 --------- d-----w C:\Program Files\M-Audio USB Keyboard Device
2007-09-29 23:29 82,944 ----a-w C:\WINDOWS\system32\usbkt1x1.dll
2007-09-29 23:29 22,304 ----a-w C:\WINDOWS\system32\drivers\usbkt1x1.sys
2007-09-29 23:29 13,504 ----a-w C:\WINDOWS\system32\drivers\uks11ldr.sys
2007-09-29 23:28 724,992 ----a-w C:\WINDOWS\iun6002.exe
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 01:12]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-04 09:04 C:\WINDOWS\MIDIDEF.EXE]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-10-22 10:13]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mam2Pan"="Mam2Pan.Exe" [2005-08-16 13:39 C:\WINDOWS\system32\Mam2Pan.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-04 09:33 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-04 09:33 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 13:18]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-24 21:31]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-24 21:42]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 01:12]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-10-06 11:27:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\system32\drivers\usbkt1x1.sys
S3 Cleudbrn;Cleudbrn;C:\WINDOWS\system32\lnkstub.exe
S3 MAM2_01;Service for Maya44 MKII 1;C:\WINDOWS\system32\drivers\Mam2Wdm.sys
S3 MAM2_AA;Service for Maya44 MKII Audio Driver (EWDM);C:\WINDOWS\system32\drivers\Mam2.sys
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys

.
'Ajoitetut tehtävät'-kansion sisältö
"2007-11-15 06:51:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-28 00:15:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-15 17:50:25 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 02:23:48
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 2:24:36
.
--- E O F ---

 

moi

Varmistu ensin, että piilotiedostot on näkyvillä.

Piilotiedostot näkyviin

Mene --> tänne

Kun sivu on latautunut, klikkaa Selaa-nappulaa ja etsi seuraava tiedosto ja paina Submit.

C:\WINDOWS\system32\TmpA87249375

Lähetä skannin tulokset seuraavassa viestissäsi.

Jos Jotti on ruuhkainen, yritä samaa Virustotalissa: http://www.virustotal.com/flash/index_en.html



Lataa ja tallenna Blacklight työpöydällesi;

Tupla-klikkaa fsbl.exe, hyväksy sopimus, klikkaa > Scan, sitten > Next

Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita).

Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe".


Lähetä blacklight-loki ja virustotal/jotti tulos

 

Service
Service load:
0% 100%
File: TmpA87249375
Status:
OK
MD5: 6024a53cd77889145e893215170b17eb
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 28 Nov 2007 11:12:56 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Powered by
images/asquared.png images/antivir.png images/arcabit.png images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/cpsecure.gif images/drweb.gif images/f-prot.png images/f-secure_logo.gif images/fortinet.gif images/ikarus.gif images/kaspersky.png images/nod32.gif images/norman.png images/panda.png images/rising.gif images/sophos.gif images/virusbuster.gif images/vba32.png Bit9
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
Statistics
Last file scanned at least one scanner reported something about: 92mxd.net.dll (MD5: 3f0c1f0a75c31ab12d42518306502fce, size: 16384 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus Trojan.Win32.Agent.adn
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

 

11/28/07 13:23:17 [Info]: BlackLight Engine 1.0.67 initialized
11/28/07 13:23:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/28/07 13:23:18 [Note]: 7019 4
11/28/07 13:23:18 [Note]: 7005 0
11/28/07 13:23:21 [Note]: 7006 0
11/28/07 13:23:21 [Note]: 7011 2852
11/28/07 13:23:22 [Note]: 7026 0
11/28/07 13:23:22 [Note]: 7026 0
11/28/07 13:23:24 [Note]: FSRAW library version 1.7.1024
11/28/07 13:36:24 [Note]: 7006 0
11/28/07 13:36:24 [Note]: 7011 2852
11/28/07 13:36:24 [Note]: 7026 0
11/28/07 13:36:25 [Note]: 7026 0
11/28/07 13:36:26 [Note]: FSRAW library version 1.7.1024

 

Blacklight ei antanut muuta lokia kun tuon mikä edellisessä viestissä. Olisiko siinä pitänyt olla jotain muutakin?

 

jep tuo tiedosto on OK
blacklightistä tulee tollanen loki ku ei löydä mitään
ja combofixin loki on OK
mistä päättelet että virukset lataantuu uudestaan??

 

Niin no ehkä eri scannerit löytää eri pöpöt, en sen paremmin osaa epäilyjäni selittää. Outoa on vaan että en pysty iexplorerilla käyttämään online scannereita sen kaatumatta? Sitten ihmetyttää sanakirjan asennus-osan asennuksen itsestään alkaminen. Joka alkoi muistaakseni comodon ja aviran asennuksen jälkeen, johtuisko comodosta? Muutenkin nettiyhteys pätkii oudosti ja turhan usein. Saattaa tietysti johtua operaattorista.

 

kokeile vaihtaa palomuuria!
tässä vielä yksi online skanneri jos haluat kokeilla

mitä ne on löytänyt??

 

Joo laita vaan uutta scanneria. En tiedä mitä ne löytää, kun iexplorer kaatuu heti scannauksen alettua.

 

tämä pitäis toimia firefoxilla
TrendMicro™ HouseCall Java Scan

• Mene tänne jotta voit ajaa Trend Micron HouseCall skannauksen.
• Klikkaa Scan now. Se on ilmaista.
• Lue ja rastita tämä boxi; Yes I accept the terms of use.
• Klikkaa Launching HouseCall>> valintaa.
• Using Java-based HouseCall kernel alapuolelta, klikkaa Starting HouseCall>> valintaa.
• Saatat saada turvallisuus varoituksen TrendMicron Java appletista, klikkaa YES.
• Scan complete computer for malware, grayware, and vulnerabilities alapuolelta, klikkaa Next>> valintaa.
• Ole kärsivällinen kun se asentaa, päivittää ja skannaa systeemisi.
• Kun skanneri on valmis, se vie sinut tulossivulle.
• "Cleanup optionsin" alapuolelta, valitse Clean all detected infections automatically.
• Klikkaa Clean now>> valintaa.
• Jos mitään oli löydetty, sinua saatetaan pyytää ajamaan skanneri uudestaan, voit sulkea ikkunan.

 

Joo siis olin kyllä trendillä scannannut aiemmin, ei löytänyt mitään. Se ei tosin ole koskaan löytänytkään mitään. Mistähän toi iexplorerin kaatuminen mahtaa johtua? Mikään muu kuin virus-scannerit ei sitä tee.

 

jaa-a sen kun tietäis,sitä tapahtuu aika usein
skannaa omalla virustorjunnalla ,mielummin vikasietotilassa
katso jos saat siitä lokin

 

Vikasietotilassa iexplorer ei kaadu, joten f-securen online scannaus toimii. Löytää edelleen saman pöpön.

Scanning Report
Wednesday, December 05, 2007 23:52:50 - 19:44:15

Computer name: ANNEN-N90GXNI2T
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ H:\ L:\ M:\ N:\
Result: 6 malware found
SDBot.gen8 (virus)

* L:\SYSTEM VOLUME INFORMATION\_RESTORE{D542C3A4-090C-4E20-BC5C-09D4AC7566DE}\RP222\A0028133.EXE (Submitted)

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System

Statistics
Scanned:

* Files: 53081
* System: 3998
* Not scanned: 3

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 5
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options

 

eli sun pitää nyt saada ton järjestelmä palautuksen tyhjennetty