Spyspot Search & destroy tarkistus loki + rootkit loki

Onko aihetta huoleen näiden tietojen perusteella? Pistän myös tässä samassa viestissä screenshotit tuloksista. Tein siis tavalliset tietokoneen skannaukset ja vielä rootkit-skannaukset joiden tulokset ovat näiden tavallisen skannausten tulosten alla.


Tässä ensimmäisen tavallisen skannauksen tulosten loki:

Search results from Spybot - Search & Destroy

7.3.2012 11:08:05
Scan took 00:17:51.

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\flash.quantserve.com\com.quantserve.sol
Properties.size=51
Properties.md5=D093A9D60A000D66B58C96D5EFEB4BF4
Properties.filedate=1331014829
Properties.filedatetext=2012-03-06 08:20:28

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\is10.snstatic.fi\analytics.sol
Properties.size=419
Properties.md5=8EC6E1BF92C02FB2D58275DFF75ED686
Properties.filedate=1331013816
Properties.filedatetext=2012-03-06 08:03:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\mail.google.com\wakeup.sol
Properties.size=37
Properties.md5=9A8B669D78B18C8C422C68AADF21639B
Properties.filedate=1331094838
Properties.filedatetext=2012-03-07 06:33:58

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=F2945B8419B125F71FC8FD7CDDB59948
Properties.filedate=1331097649
Properties.filedatetext=2012-03-07 07:20:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\s.ytimg.com\videostats.sol
Properties.size=275
Properties.md5=2E92CACE42C6DAF49EEFAF845ACDBB5E
Properties.filedate=1331090344
Properties.filedatetext=2012-03-07 05:19:04

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\www-cdn.jtvnw.net\com.quantserve.sol
Properties.size=51
Properties.md5=EA0C356EC701634230DA994C39773A98
Properties.filedate=1331014829
Properties.filedatetext=2012-03-06 08:20:28

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\www-cdn.jtvnw.net\jtv_pdata.sol
Properties.size=70
Properties.md5=3045814350C68D51E3E26E644D1C68A4
Properties.filedate=1331014836
Properties.filedatetext=2012-03-06 08:20:35

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\www-cdn.jtvnw.net\jtv_rbwatched.sol
Properties.size=883
Properties.md5=99FCF6E0C143260BE6FD3BE990F95326
Properties.filedate=1331106256
Properties.filedatetext=2012-03-07 09:44:16

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\www-cdn.jtvnw.net\jtv_settings.sol
Properties.size=83
Properties.md5=98847B657A6A1C710C4949BB1A98A398
Properties.filedate=1331099318
Properties.filedatetext=2012-03-07 07:48:37

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\ylilauta.fi\flash\storage.swf\swfstore.sol
Properties.size=92
Properties.md5=17F2AA4F4105EBB6D76D37A8F3086D57
Properties.filedate=1331084417
Properties.filedatetext=2012-03-07 03:40:17

DoubleClick: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


DoubleClick: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


Tradedoubler: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


MediaPlex: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


MediaPlex: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


MediaPlex: [SBI $8E73A7FB] Tracking cookie (Google Chrome: Default) (Browser: Cookie, nothing done)


Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3621655818-1723911542-2897865279-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3621655818-1723911542-2897865279-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3621655818-1723911542-2897865279-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-3621655818-1723911542-2897865279-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3621655818-1723911542-2897865279-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3621655818-1723911542-2897865279-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-3621655818-1723911542-2897865279-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cache: [SBI $49804B54] Browser: Cache (5) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (146) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.0.7.131 DLL (build: 20120207) ---

2012-02-07 blindman.exe (2.0.7.151)
2012-02-07 explorer.exe (2.0.7.170)
2003-04-18 ntrights.exe
2012-02-07 SDCleaner.exe (2.0.7.106)
2012-02-07 SDDelFile.exe (2.0.7.94)
2012-02-07 SDFiles.exe (2.0.7.128)
2012-02-07 SDFileScanHelper.exe (2.0.7.1)
2012-02-07 SDFSSvc.exe (2.0.7.198)
2012-02-07 SDImmunize.exe (2.0.7.125)
2012-02-07 SDLogReport.exe (2.0.7.104)
2012-02-07 SDPhoneScan.exe (2.0.7.27)
2012-02-07 SDPrepPos.exe (2.0.7.10)
2012-02-07 SDQuarantine.exe (2.0.7.102)
2012-02-07 SDRootAlyzer.exe (2.0.7.114)
2012-02-07 SDScan.exe (2.0.7.170)
2012-02-07 SDSettings.exe (2.0.7.114)
2012-02-07 SDShred.exe (2.0.7.104)
2012-02-07 SDSysRepair.exe (2.0.7.101)
2012-02-07 SDTools.exe (2.0.7.141)
2012-02-07 SDTray.exe (2.0.7.126)
2012-02-07 SDUpdate.exe (2.0.7.86)
2012-02-07 SDUpdSvc.exe (2.0.7.76)
2012-02-07 SDWelcome.exe (2.0.7.120)
2012-02-07 SDWSCSvc.exe (2.0.7.2)
2012-03-07 unins000.exe (51.52.0.0)
1999-12-02 xcacls.exe
2006-03-03 borlndmm.dll (10.0.2288.42451)
2010-09-06 DelZip190.dll (1.9.0.87)
2012-02-07 SDAdvancedCheckLibrary.dll (2.0.7.98)
2011-08-04 SDDialogs.dll (2.0.5.13)
2012-02-07 SDECon32.dll (2.0.7.113)
2012-02-07 SDEvents.dll (2.0.7.2)
2012-02-07 SDFileScanLibrary.dll (2.0.7.4)
2012-02-07 SDHelper.dll (2.0.7.88)
2012-02-07 SDImmunizeLibrary.dll (2.0.7.1)
2012-02-07 SDLists.dll (2.0.7.4)
2012-02-07 SDResources.dll (2.0.7.3)
2012-02-07 SDScanLibrary.dll (2.0.7.131)
2012-02-07 SDTasks.dll (2.0.7.15)
2012-02-07 SDWinLogon.dll (2.0.7.0)
2011-04-20 sqlite3.dll
2012-02-07 Tools.dll (2.0.7.36)
2012-02-07 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-09 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2012-01-24 Includes\KeyloggersC.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2011-05-09 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2011-05-10 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-09-28 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2012-02-24 Includes\TrojansC-04.sbi (*)
2012-02-10 Includes\TrojansC-05.sbi (*)
2011-05-11 Includes\TrojansC.sbi (*)





------------------------------------------------------------------------

Tässä seuraavan tavallisen skannauksen loki:


Search results from Spybot - Search & Destroy

7.3.2012 12:28:05
Scan took 00:20:54.

Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=56
Properties.md5=D74E3C688AA4F552EB9F55CB8EA67170
Properties.filedate=1331114369
Properties.filedatetext=2012-03-07 11:59:29

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file (File, nothing done)
C:\Users\Eeropc\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3UZRF6Y5\ec.atdmt.com\richagent.sol
Properties.size=55
Properties.md5=684E816676487FD4BAD3310DD2A9026D
Properties.filedate=1331115669
Properties.filedatetext=2012-03-07 12:21:08

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3621655818-1723911542-2897865279-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (4) (Browser: Cache, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (83) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.0.7.131 DLL (build: 20120207) ---

2012-02-07 blindman.exe (2.0.7.151)
2012-02-07 explorer.exe (2.0.7.170)
2003-04-18 ntrights.exe
2012-02-07 SDCleaner.exe (2.0.7.106)
2012-02-07 SDDelFile.exe (2.0.7.94)
2012-02-07 SDFiles.exe (2.0.7.128)
2012-02-07 SDFileScanHelper.exe (2.0.7.1)
2012-02-07 SDFSSvc.exe (2.0.7.198)
2012-02-07 SDImmunize.exe (2.0.7.125)
2012-02-07 SDLogReport.exe (2.0.7.104)
2012-02-07 SDPhoneScan.exe (2.0.7.27)
2012-02-07 SDPrepPos.exe (2.0.7.10)
2012-02-07 SDQuarantine.exe (2.0.7.102)
2012-02-07 SDRootAlyzer.exe (2.0.7.114)
2012-02-07 SDScan.exe (2.0.7.170)
2012-02-07 SDSettings.exe (2.0.7.114)
2012-02-07 SDShred.exe (2.0.7.104)
2012-02-07 SDSysRepair.exe (2.0.7.101)
2012-02-07 SDTools.exe (2.0.7.141)
2012-02-07 SDTray.exe (2.0.7.126)
2012-02-07 SDUpdate.exe (2.0.7.86)
2012-02-07 SDUpdSvc.exe (2.0.7.76)
2012-02-07 SDWelcome.exe (2.0.7.120)
2012-02-07 SDWSCSvc.exe (2.0.7.2)
2012-03-07 unins000.exe (51.52.0.0)
1999-12-02 xcacls.exe
2006-03-03 borlndmm.dll (10.0.2288.42451)
2010-09-06 DelZip190.dll (1.9.0.87)
2012-02-07 SDAdvancedCheckLibrary.dll (2.0.7.98)
2011-08-04 SDDialogs.dll (2.0.5.13)
2012-02-07 SDECon32.dll (2.0.7.113)
2012-02-07 SDEvents.dll (2.0.7.2)
2012-02-07 SDFileScanLibrary.dll (2.0.7.4)
2012-02-07 SDHelper.dll (2.0.7.88)
2012-02-07 SDImmunizeLibrary.dll (2.0.7.1)
2012-02-07 SDLists.dll (2.0.7.4)
2012-02-07 SDResources.dll (2.0.7.3)
2012-02-07 SDScanLibrary.dll (2.0.7.131)
2012-02-07 SDTasks.dll (2.0.7.15)
2012-02-07 SDWinLogon.dll (2.0.7.0)
2011-04-20 sqlite3.dll
2012-02-07 Tools.dll (2.0.7.36)
2012-02-07 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2012-02-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2012-01-24 Includes\KeyloggersC.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-02-28 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-02-28 Includes\PUPSC.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-02-28 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-09-28 Includes\Trojans.sbi (*)
2012-02-28 Includes\TrojansC-02.sbi (*)
2012-02-29 Includes\TrojansC-03.sbi (*)
2012-02-24 Includes\TrojansC-04.sbi (*)
2012-02-10 Includes\TrojansC-05.sbi (*)
2012-02-28 Includes\TrojansC.sbi (*)



--------------------------------------------


Tässä rootkit-skannauksen loki

// info: Rootkit removal help file
// copyright: (c) 2008-2009 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\Users\All Users\CheckPoint\ZoneAlarm\Logs\tvDebug.log"
File:"No admin in ACL","C:\Users\All Users\CheckPoint\ZoneAlarm\Logs\ZALog.txt"
File:"No admin in ACL","C:\Users\All Users\CheckPoint\ZoneAlarm\Data\BACKUP.NDB"
File:"No admin in ACL","C:\Users\All Users\CheckPoint\ZoneAlarm\Data\EEROPC-PC.ldb"
File:"No admin in ACL","C:\Users\All Users\CheckPoint\ZoneAlarm\Data\IAMDB.NDB"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Logs\tvDebug.log"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Logs\ZALog.txt"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\BACKUP.NDB"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\EEROPC-PC.ldb"
File:"No admin in ACL","C:\ProgramData\CheckPoint\ZoneAlarm\Data\IAMDB.NDB"
Directory:"Hidden directory","Files in Windows folder"
Directory:"Hidden directory","Files in System folder"
Directory:"Hidden directory","Global run entries"
Directory:"Hidden directory","Winlogon entries"
Directory:"Hidden directory","Invisible processes (from handles)"
Directory:"Hidden directory","Invisible processes (from threads)"


Toisesta rootkit-skannista ne jostain syystä saanut lokia mutta tässä on screenshot tuloksista

 

Malfarebytes olisi yksinään riittänyt koneen tarkistamiseen. http://www.malwarebytes.org/

Eli poista muut tarkistus ohjelmat ja lataa toi Malfarebytes. Sen jälkeen päivitä sen tietokannat ja laita täysi tarkistus päälle. Laita tulokset tänne.

 

Malwarebytes Anti-malware ei taida poistaa noita seurantaevästeitä (tracking cookies). Nehän eivät ole varsinaisia turvallisuusuhkia, mutta kertovat asettajalleen selaimen käyttäjän surffaustavoista.

 

Mutta eikös ne seurantaevästeet poistu esimerkiksi Ccleaner ohjelmalla?

 

Kyllä, mutta silloin poistuu myös "hyvät" evästeet eli sellaiset sivustoja koskevat tiedot ja asetukset, jotka helpottavat toimiasi.