Li19 Skrevet 1. desember 2008 Del Skrevet 1. desember 2008 (endret) Vet ikke hva som skjer, men jeg oppdager stadig vekk malware på denne maskinen. Kan noen sjekke om det er noe mer i disse loggene? mbam: Malwarebytes' Anti-Malware 1.30 Database version: 1441 Windows 6.0.6001 Service Pack 1 01.12.2008 20:43:16 mbam-log-2008-12-01 (20-43-16).txt Scan type: Quick Scan Objects scanned: 55609 Time elapsed: 8 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Public\antivir_workstation_winu_en_h.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Public\ccsetup210_slim.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Public\CFP_Setup_3.0.25.378_XP_Vista_x64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Hjt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:44:59, on 01.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\Telenor\Telenorhjelpen\Telenor.exe C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\program files (x86)\avira\antivir personaledition classic\avcenter.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Internet Explorer\ieuser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\test.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files (x86)\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files (x86)\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files (x86)\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files (x86)\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-21-3410042072-4032685867-3294661466-1008\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'generell nettbruker') O4 - HKUS\S-1-5-18\..\Run: [Telenorhjelpen] "C:\Program Files (x86)\Telenor\Telenorhjelpen\Telenor.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Telenorhjelpen] "C:\Program Files (x86)\Telenor\Telenorhjelpen\Telenor.exe" (User 'Default user') O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll C:\Windows\SysWOW64\cssdll32.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Statustjeneste for ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7517 bytes fremdeles ikke combofix for 64-bits vista? Endret 1. desember 2008 av Li19 Lenke til kommentar
norbat Skrevet 1. desember 2008 Del Skrevet 1. desember 2008 De tre som mbam fant er alle falske positiver: antivir_workstation_winu_en_h.exe = avira ccsetup210_slim.exe = CCleaner (slim-versjonen) CFP_Setup_3.0.25.378_XP_Vista_x64.exe = Comodo Lenke til kommentar
Li19 Skrevet 1. desember 2008 Forfatter Del Skrevet 1. desember 2008 De tre som mbam fant er alle falske positiver:antivir_workstation_winu_en_h.exe = avira ccsetup210_slim.exe = CCleaner (slim-versjonen) CFP_Setup_3.0.25.378_XP_Vista_x64.exe = Comodo Har jeg da ødelagt noe med å få mbam til å fjerne disse? Lenke til kommentar
norbat Skrevet 1. desember 2008 Del Skrevet 1. desember 2008 (endret) Nei, de er bare installasjonsfilene. Jeg har send melding til malwarebytes, så de får fixet dette ved neste oppdatering. Kjører pc'n ellers ok? Endret 1. desember 2008 av norbat Lenke til kommentar
Li19 Skrevet 1. desember 2008 Forfatter Del Skrevet 1. desember 2008 (endret) Nei, de er bare installasjonsfilene. Jeg har send melding til malwarebytes, så de får fixet dette ved neste oppdatering. Ok, det var godt å høre. Ellers kjører pcen helt som normalt. Tusen takk for hjelpen! Endret 1. desember 2008 av Li19 Lenke til kommentar
norbat Skrevet 5. desember 2008 Del Skrevet 5. desember 2008 (endret) En siste kommentar til de tre falske positivene MBAM mener at filer (spesielt .exe) som ligger i rotmappen til brukere, er potensielle kandidater til malware, da malware gjerne bruker å legge seg der. Den heuristicse skannen til MBAM er rimelig aggresiv ang. dette. Det er derfor anbefalt å opprette mapper der man legger filene. Eks. i ditt tilfelle: C:\Users\Public\setup-filer. Hvis du hadde lagt de tre .exe-filene i setup-filer-mappa, så ville disse mest sannsynlig ikke ha blitt merket. Når MBAM detekterer filer som du vet ikke er malware, så kan du merke filene og klikke Ignorer. Filene vil da bli lagt til i Ekskluderingslisten slik at de ikke blir detektert mer. Endret 5. desember 2008 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå