Adonia Skrevet 3. april 2010 Del Skrevet 3. april 2010 Hei Jeg oppdatert csrss.exe i oppgavebehandlingen min igår. Fulge malen din for å få den fjernet. Malwarebytes' Anti-Malware fant ingen Malware, men combofix fant vel noe. Men csrss.exe kjører fortsatt i oppgavebehandlingen min. Hva gjør jeg nå???? Det her er loggen jeg fikk fra combofix: ComboFix 10-04-01.02 - Kristina Ballerina 02.04.2010 22:45:17.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.47.1044.18.958.248 [GMT 2:00] Kjører fra: c:\users\Kristina Ballerina\Downloads\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-230697710-1467258485-371283084-500 c:\$recycle.bin\S-1-5-21-3304469301-3354294434-3408640196-500 . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-02 til 2010-04-02 ))))))))))))))))))))))))))))))))) . 2010-04-02 21:02 . 2010-04-02 21:12 -------- d-----w- c:\users\Kristina Ballerina\AppData\Local\temp 2010-04-02 21:02 . 2010-04-02 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-02 17:32 . 2010-04-02 17:32 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\dvdcss 2010-04-02 17:31 . 2010-04-02 17:32 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\Roxio 2010-04-01 09:15 . 2010-04-01 09:15 -------- d-----w- c:\users\Kristina Ballerina\AppData\Local\Cisco 2010-04-01 09:13 . 2010-04-01 09:13 -------- d-----w- c:\program files\Cisco 2010-04-01 09:13 . 2010-04-01 09:13 -------- d-----w- c:\programdata\Cisco 2010-03-28 14:23 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-13 07:22 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-13 07:22 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-13 07:22 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-02 20:20 . 2006-11-21 05:16 476858 ----a-w- c:\windows\system32\perfh014.dat 2010-04-02 20:20 . 2006-11-21 05:16 79408 ----a-w- c:\windows\system32\perfc014.dat 2010-04-02 20:11 . 2009-12-25 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-02 19:57 . 2009-12-25 22:05 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\vlc 2010-04-02 19:56 . 2009-12-25 17:38 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\uTorrent 2010-04-02 19:21 . 2009-12-25 17:42 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\Spotify 2010-04-02 18:09 . 2009-12-26 11:55 7484 ----a-w- c:\users\Kristina Ballerina\AppData\Local\d3d9caps.dat 2010-04-01 08:57 . 2009-12-25 16:46 36916 ----a-w- c:\users\Kristina Ballerina\AppData\Roaming\nvModes.dat 2010-03-29 13:24 . 2009-12-25 18:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 13:24 . 2009-12-25 18:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-13 07:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-13 07:30 . 2010-02-14 12:56 -------- d-----w- c:\programdata\Microsoft Help 2010-03-09 16:54 . 2010-03-31 16:01 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-09 16:50 . 2010-03-31 16:01 56320 ----a-w- c:\windows\system32\iesetup.dll 2010-03-09 16:50 . 2010-03-31 16:01 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-09 16:50 . 2010-03-31 16:01 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll 2010-03-09 16:48 . 2010-03-31 16:01 72704 ----a-w- c:\windows\system32\admparse.dll 2010-03-09 14:17 . 2010-03-31 16:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-03-09 12:43 . 2010-03-31 16:01 48128 ----a-w- c:\windows\system32\mshtmler.dll 2010-03-09 11:24 . 2009-12-25 17:03 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-03-09 11:12 . 2009-12-25 17:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-03-09 11:12 . 2009-12-25 17:03 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-03-09 11:09 . 2009-12-25 17:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-03-09 11:08 . 2009-12-25 17:03 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-03-09 11:08 . 2009-12-25 17:03 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-02-25 16:41 . 2009-12-25 15:47 104608 ----a-w- c:\users\Kristina Ballerina\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 17:35 . 2009-12-25 17:39 -------- d-----w- c:\program files\uTorrent 2010-02-24 09:16 . 2009-12-25 20:01 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-18 06:09 . 2009-12-25 13:32 -------- d-----w- c:\program files\Microsoft Works 2010-02-17 20:06 . 2009-12-25 17:39 -------- d-----w- c:\program files\Ask.com 2010-02-16 20:40 . 2010-02-16 20:40 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\Uniblue 2010-02-16 20:40 . 2010-02-16 20:40 -------- d-----w- c:\program files\Uniblue 2010-02-14 13:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild 2010-02-14 13:12 . 2010-02-14 13:12 -------- d-----w- c:\program files\Microsoft.NET 2010-02-14 13:02 . 2010-02-14 13:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-02-11 18:53 . 2009-12-25 17:03 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-02-10 18:40 . 2009-12-25 17:03 -------- d-----w- c:\program files\Alwil Software 2010-02-09 16:21 . 2010-02-09 16:21 -------- d-----w- c:\programdata\Alwil Software 2010-01-25 12:58 . 2010-02-24 17:52 473088 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:58 . 2010-02-24 17:52 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:58 . 2010-02-24 17:52 154112 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:58 . 2010-02-24 17:52 472576 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 12:56 . 2010-02-24 17:52 312320 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:36 . 2010-02-24 17:52 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-25 08:36 . 2010-02-24 17:52 515584 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:36 . 2010-02-24 17:52 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:35 . 2010-02-24 17:52 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-23 08:05 . 2010-02-24 17:54 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-15 20:28 . 2010-01-04 16:53 520340 ----a-w- c:\programdata\Voddler\Uninstall.exe 2010-01-13 13:30 . 2010-01-13 13:30 11591888 ----a-w- c:\programdata\Voddler\VoddlerPlayer.exe 2010-01-10 21:02 . 2010-01-10 19:40 256 ----a-w- c:\windows\system32\pool.bin . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 12:02 1234176 ----a-w- c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Kristina Ballerina\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-25 135664] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-12-26 1006264] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-26 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-26 7770112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-26 81920] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-28 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-28 149280] "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "AVG8_TRAY"="c:\progra~1\AVG\AVGLS\avgtray.exe" [2009-12-25 1950488] "VoddlerNet Manager"="c:\program files\Voddler\service\VNetManager.exe" [2010-01-13 573640] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] S1 aswSP;aswSP; [x] S1 AvgLdx86;AVG LinkScanner® AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-12-25 253576] S1 AvgTdiX;AVG LinkScanner® Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-12-25 108296] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792] S2 avg8wd;AVG LinkScanner® WatchDog;c:\progra~1\AVG\AVGLS\avgwdsvc.exe [2009-12-25 298776] S2 VoddlerNet;VoddlerNet;c:\program files\Voddler\service\voddler.exe [2010-01-13 1236688] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230697710-1467258485-371283084-1000Core.job - c:\users\Kristina Ballerina\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 16:34] 2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230697710-1467258485-371283084-1000UA.job - c:\users\Kristina Ballerina\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 16:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=Pavilion&pf=laptop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: vpn-student.bi.no DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-student.bi.no/CACHE/stc/5/binaries/vpnweb.cab FF - ProfilePath - c:\users\Kristina Ballerina\AppData\Roaming\Mozilla\Firefox\Profiles\itd9y8ov.default\ FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\users\Kristina Ballerina\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-02 23:11 Windows 6.0.6000 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(1576) c:\windows\system32\APSHook.dll c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\microsoft shared\ink\TabTip.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\microsoft shared\ink\TabTip.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\progra~1\AVG\AVGLS\avgnsx.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe c:\program files\Secunia\PSI\psi.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\windows\system32\WerCon.exe c:\windows\system32\lpremove.exe c:\windows\system32\lpksetup.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Tidspunkt ferdig: 2010-04-02 23:23:02 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-04-02 21:22 Pre-Run: 56 445 362 176 byte ledig Post-Run: 56 690 282 496 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - A59DB7CC983856B725AC8830AAC629D2 Hei Jeg oppdatert csrss.exe i oppgavebehandlingen min igår. Fulge malen din for å få den fjernet. Malwarebytes' Anti-Malware fant ingen Malware, men combofix fant vel noe. Men csrss.exe kjører fortsatt i oppgavebehandlingen min. Hva gjør jeg nå???? Det her er loggen jeg fikk fra combofix: ComboFix 10-04-01.02 - Kristina Ballerina 02.04.2010 22:45:17.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.47.1044.18.958.248 [GMT 2:00] Kjører fra: c:\users\Kristina Ballerina\Downloads\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-230697710-1467258485-371283084-500 c:\$recycle.bin\S-1-5-21-3304469301-3354294434-3408640196-500 . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-02 til 2010-04-02 ))))))))))))))))))))))))))))))))) . 2010-04-02 21:02 . 2010-04-02 21:12 -------- d-----w- c:\users\Kristina Ballerina\AppData\Local\temp 2010-04-02 21:02 . 2010-04-02 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-02 17:32 . 2010-04-02 17:32 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\dvdcss 2010-04-02 17:31 . 2010-04-02 17:32 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\Roxio 2010-04-01 09:15 . 2010-04-01 09:15 -------- d-----w- c:\users\Kristina Ballerina\AppData\Local\Cisco 2010-04-01 09:13 . 2010-04-01 09:13 -------- d-----w- c:\program files\Cisco 2010-04-01 09:13 . 2010-04-01 09:13 -------- d-----w- c:\programdata\Cisco 2010-03-28 14:23 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-13 07:22 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-13 07:22 . 2010-02-20 21:30 396800 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-13 07:22 . 2010-02-20 23:51 31232 ----a-w- c:\windows\system32\httpapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-02 20:20 . 2006-11-21 05:16 476858 ----a-w- c:\windows\system32\perfh014.dat 2010-04-02 20:20 . 2006-11-21 05:16 79408 ----a-w- c:\windows\system32\perfc014.dat 2010-04-02 20:11 . 2009-12-25 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-02 19:57 . 2009-12-25 22:05 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\vlc 2010-04-02 19:56 . 2009-12-25 17:38 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\uTorrent 2010-04-02 19:21 . 2009-12-25 17:42 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\Spotify 2010-04-02 18:09 . 2009-12-26 11:55 7484 ----a-w- c:\users\Kristina Ballerina\AppData\Local\d3d9caps.dat 2010-04-01 08:57 . 2009-12-25 16:46 36916 ----a-w- c:\users\Kristina Ballerina\AppData\Roaming\nvModes.dat 2010-03-29 13:24 . 2009-12-25 18:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 13:24 . 2009-12-25 18:18 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-13 07:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-13 07:30 . 2010-02-14 12:56 -------- d-----w- c:\programdata\Microsoft Help 2010-03-09 16:54 . 2010-03-31 16:01 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-09 16:50 . 2010-03-31 16:01 56320 ----a-w- c:\windows\system32\iesetup.dll 2010-03-09 16:50 . 2010-03-31 16:01 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-09 16:50 . 2010-03-31 16:01 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll 2010-03-09 16:48 . 2010-03-31 16:01 72704 ----a-w- c:\windows\system32\admparse.dll 2010-03-09 14:17 . 2010-03-31 16:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-03-09 12:43 . 2010-03-31 16:01 48128 ----a-w- c:\windows\system32\mshtmler.dll 2010-03-09 11:24 . 2009-12-25 17:03 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-03-09 11:12 . 2009-12-25 17:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-03-09 11:12 . 2009-12-25 17:03 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-03-09 11:09 . 2009-12-25 17:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-03-09 11:08 . 2009-12-25 17:03 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-03-09 11:08 . 2009-12-25 17:03 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-02-25 16:41 . 2009-12-25 15:47 104608 ----a-w- c:\users\Kristina Ballerina\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 17:35 . 2009-12-25 17:39 -------- d-----w- c:\program files\uTorrent 2010-02-24 09:16 . 2009-12-25 20:01 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-18 06:09 . 2009-12-25 13:32 -------- d-----w- c:\program files\Microsoft Works 2010-02-17 20:06 . 2009-12-25 17:39 -------- d-----w- c:\program files\Ask.com 2010-02-16 20:40 . 2010-02-16 20:40 -------- d-----w- c:\users\Kristina Ballerina\AppData\Roaming\Uniblue 2010-02-16 20:40 . 2010-02-16 20:40 -------- d-----w- c:\program files\Uniblue 2010-02-14 13:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild 2010-02-14 13:12 . 2010-02-14 13:12 -------- d-----w- c:\program files\Microsoft.NET 2010-02-14 13:02 . 2010-02-14 13:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-02-11 18:53 . 2009-12-25 17:03 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-02-10 18:40 . 2009-12-25 17:03 -------- d-----w- c:\program files\Alwil Software 2010-02-09 16:21 . 2010-02-09 16:21 -------- d-----w- c:\programdata\Alwil Software 2010-01-25 12:58 . 2010-02-24 17:52 473088 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:58 . 2010-02-24 17:52 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:58 . 2010-02-24 17:52 154112 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:58 . 2010-02-24 17:52 472576 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 12:56 . 2010-02-24 17:52 312320 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:36 . 2010-02-24 17:52 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-25 08:36 . 2010-02-24 17:52 515584 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:36 . 2010-02-24 17:52 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:35 . 2010-02-24 17:52 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-23 08:05 . 2010-02-24 17:54 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-15 20:28 . 2010-01-04 16:53 520340 ----a-w- c:\programdata\Voddler\Uninstall.exe 2010-01-13 13:30 . 2010-01-13 13:30 11591888 ----a-w- c:\programdata\Voddler\VoddlerPlayer.exe 2010-01-10 21:02 . 2010-01-10 19:40 256 ----a-w- c:\windows\system32\pool.bin . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 12:02 1234176 ----a-w- c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\users\Kristina Ballerina\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-25 135664] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-12-26 1006264] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-26 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-26 7770112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-26 81920] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-28 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-28 149280] "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "AVG8_TRAY"="c:\progra~1\AVG\AVGLS\avgtray.exe" [2009-12-25 1950488] "VoddlerNet Manager"="c:\program files\Voddler\service\VNetManager.exe" [2010-01-13 573640] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\APSHook.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] S1 aswSP;aswSP; [x] S1 AvgLdx86;AVG LinkScanner® AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-12-25 253576] S1 AvgTdiX;AVG LinkScanner® Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-12-25 108296] S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016] S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792] S2 avg8wd;AVG LinkScanner® WatchDog;c:\progra~1\AVG\AVGLS\avgwdsvc.exe [2009-12-25 298776] S2 VoddlerNet;VoddlerNet;c:\program files\Voddler\service\voddler.exe [2010-01-13 1236688] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230697710-1467258485-371283084-1000Core.job - c:\users\Kristina Ballerina\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 16:34] 2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-230697710-1467258485-371283084-1000UA.job - c:\users\Kristina Ballerina\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-25 16:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=Pavilion&pf=laptop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: vpn-student.bi.no DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-student.bi.no/CACHE/stc/5/binaries/vpnweb.cab FF - ProfilePath - c:\users\Kristina Ballerina\AppData\Roaming\Mozilla\Firefox\Profiles\itd9y8ov.default\ FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\users\Kristina Ballerina\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-02 23:11 Windows 6.0.6000 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(1576) c:\windows\system32\APSHook.dll c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\microsoft shared\ink\TabTip.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\microsoft shared\ink\TabTip.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\progra~1\AVG\AVGLS\avgnsx.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe c:\program files\Secunia\PSI\psi.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\windows\system32\WerCon.exe c:\windows\system32\lpremove.exe c:\windows\system32\lpksetup.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Tidspunkt ferdig: 2010-04-02 23:23:02 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-04-02 21:22 Pre-Run: 56 445 362 176 byte ledig Post-Run: 56 690 282 496 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - A59DB7CC983856B725AC8830AAC629D2 log.txt Lenke til kommentar
norbat Skrevet 3. april 2010 Del Skrevet 3. april 2010 Loggen ser grei ut. Fila csrss.exe skal kjøre da denne er en fil fra Windows. Du har noen verktøylinjer, AVG og Ask, hvis dette ikke er noe du bruker, avinstaller dem via legg til/fjern programmer i kontrollpanelet. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå