csrss.exe - Igjen

[rezidor]

Hei.

 

Har gjort litt research før jeg velger å poste her nå. Har kjørt søk med Malwarebytes og ComboFix, uten at jeg har klart å fjerne csrss.exe.

 

Her er de to loggene. Håper noen har noe hjelp å komme med!

 

LOGG Malwarebytes:

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Databaseversjon: 4021

 

Windows 6.0.6000

Internet Explorer 7.0.6000.17037

 

22.04.2010 16:32:31

mbam-log-2010-04-22 (16-32-31).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 107229

Tid tilbakelagt: 7 minutt(er), 29 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 3

Registerverdier infisert: 1

Registerfiler infisert: 1

Mapper infisert: 1

Filer infisert 6

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\xml2u (Spyware.OnlineGames) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Mapper infisert:

C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

 

Filer infisert

C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Users\Stefan\AppData\Roaming\Microsoft\profile.dat (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

 

 

 

 

LOGG ComboFix:

 

ComboFix 10-04-21.01 - Stefan 22.04.2010 16:51:01.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.47.1044.18.2046.1300 [GMT 2:00]

Kjører fra: c:\users\Stefan\Downloads\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-316374645-1690445076-2374167055-500

c:\$recycle.bin\S-1-5-21-3787807792-905040159-1087343602-500

c:\windows\system32\KBL.LOG

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-22 til 2010-04-22 )))))))))))))))))))))))))))))))))

.

 

2010-04-22 15:01 . 2010-04-22 15:02 -------- d-----w- c:\users\Stefan\AppData\Local\temp

2010-04-22 15:01 . 2010-04-22 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-04-22 14:24 . 2010-04-22 14:24 -------- d-----w- c:\users\Stefan\AppData\Roaming\Malwarebytes

2010-04-22 14:24 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-22 14:24 . 2010-04-22 14:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-22 14:24 . 2010-04-22 14:24 -------- d-----w- c:\programdata\Malwarebytes

2010-04-22 14:24 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-22 13:07 . 2010-04-22 13:07 -------- d-----w- C:\$AVG

2010-04-22 12:48 . 2010-04-22 12:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-04-22 12:48 . 2010-04-22 12:48 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-04-22 12:48 . 2010-04-22 12:48 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-22 12:48 . 2010-04-22 12:48 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-04-22 12:48 . 2010-04-22 12:48 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-04-22 12:48 . 2010-04-22 12:48 -------- d-----w- c:\windows\system32\drivers\Avg

2010-04-22 12:45 . 2010-04-22 12:45 -------- d-----w- c:\program files\AVG

2010-04-22 12:44 . 2010-04-22 12:45 -------- d-----w- c:\programdata\avg9

2010-04-17 10:39 . 2010-04-17 11:03 30 ----a-w- c:\windows\popcinfo.dat

2010-04-17 07:22 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll

2010-04-17 07:22 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-17 07:22 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-17 07:22 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-17 07:22 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-17 07:22 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-17 07:21 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll

2010-04-17 07:21 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-17 07:21 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2010-04-17 07:21 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll

2010-04-17 07:21 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe

2010-04-17 07:21 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS

2010-04-14 15:26 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll

2010-04-14 15:26 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll

2010-04-08 01:40 . 2010-04-22 11:08 -------- d-----w- c:\program files\Full Tilt Poker

2010-03-29 20:11 . 2010-03-29 20:12 -------- d-----w- c:\program files\Return to Castle Wolfenstein

2010-03-29 20:04 . 2010-03-29 20:04 -------- d-----w- c:\program files\PowerISO

2010-03-25 12:47 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-22 13:26 . 2010-03-22 03:01 -------- d-----w- c:\users\Stefan\AppData\Roaming\Csrss

2010-04-22 12:33 . 2008-03-29 16:09 184006 ----a-w- c:\users\Stefan\AppData\Roaming\nvModes.dat

2010-04-22 09:03 . 2008-03-30 11:59 -------- d-----w- c:\programdata\Google Updater

2010-04-18 16:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-04-18 14:43 . 2008-03-30 11:30 -------- d-----w- c:\programdata\Microsoft Help

2010-04-17 11:04 . 2008-11-03 21:37 -------- d-----w- c:\programdata\PopCap Games

2010-04-07 11:07 . 2008-03-29 18:24 -------- d-----w- c:\users\Stefan\AppData\Roaming\LimeWire

2010-03-30 06:03 . 2007-12-23 12:13 79408 ----a-w- c:\windows\system32\perfc014.dat

2010-03-30 06:03 . 2007-12-23 12:13 476858 ----a-w- c:\windows\system32\perfh014.dat

2010-03-22 14:55 . 2010-03-22 14:53 -------- d-----w- c:\program files\Return to Castle Wolfenstein - Platinum Edition

2010-03-21 11:58 . 2009-12-13 04:20 -------- d-----w- c:\program files\Common Files\Apple

2010-03-21 11:54 . 2009-12-13 04:24 -------- d-----w- c:\programdata\Apple Computer

2010-03-21 11:46 . 2010-02-07 08:21 -------- d-----w- c:\programdata\VIZ_MPS

2010-03-21 11:43 . 2008-06-30 04:16 -------- d-----w- c:\programdata\Creative

2010-03-21 11:43 . 2008-06-30 04:14 -------- d-----w- c:\program files\Creative

2010-03-21 11:42 . 2008-06-30 04:37 -------- d-----w- c:\users\Stefan\AppData\Roaming\Creative

2010-03-10 18:41 . 2008-11-27 06:00 -------- d-----w- c:\users\Stefan\AppData\Roaming\Microgaming

2010-03-09 16:54 . 2010-03-31 12:06 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-09 16:50 . 2010-03-31 12:06 56320 ----a-w- c:\windows\system32\iesetup.dll

2010-03-09 16:50 . 2010-03-31 12:06 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-09 16:50 . 2010-03-31 12:06 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll

2010-03-09 16:48 . 2010-03-31 12:06 72704 ----a-w- c:\windows\system32\admparse.dll

2010-03-09 14:17 . 2010-03-31 12:06 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2010-03-09 12:43 . 2010-03-31 12:06 48128 ----a-w- c:\windows\system32\mshtmler.dll

2010-02-24 18:14 . 2008-03-29 16:05 72440 ----a-w- c:\users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-20 23:54 . 2010-03-11 02:01 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:51 . 2010-03-11 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 21:30 . 2010-03-11 02:00 396800 ----a-w- c:\windows\system32\drivers\http.sys

2010-01-25 12:58 . 2010-02-24 14:54 154112 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:58 . 2010-02-24 14:54 473088 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:58 . 2010-02-24 14:54 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:58 . 2010-02-24 14:54 472576 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 12:56 . 2010-02-24 14:54 312320 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:36 . 2010-02-24 14:54 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-25 08:36 . 2010-02-24 14:54 515584 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-25 08:36 . 2010-02-24 14:54 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:35 . 2010-02-24 14:54 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-23 08:05 . 2010-02-24 14:56 2048 ----a-w- c:\windows\system32\tzres.dll

2009-03-31 20:47 . 2008-10-09 23:42 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-23 1006264]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]

"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

 

c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli DPPWDFLT

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

Trusted 2204

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2008-10-17 14:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

2008-02-26 14:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2007-08-17 07:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-03-30 717296]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-01-31 599040]

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-22 52872]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-22 216200]

S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-22 242896]

S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090318.001\IDSvix86.sys [2009-02-09 272432]

S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-04-22 916760]

S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-22 308064]

S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]

 

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - COMHOST

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-04-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-30 23:40]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=81&bd=Pavilion&pf=laptop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=81&bd=Pavilion&pf=laptop

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\PartyGaming\PartyCasino\RunApp.exe

FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3m11gvvz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Live Search

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3m11gvvz.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - .

- - - - TOMME PEKERE FJERNET - - - -

 

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

HKLM-Run-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

AddRemove-Return to Castle Wolfenstein - Platinum Edition - c:\programs\UNINST~1\UNWISE.EXE

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-22 17:02

Windows 6.0.6000 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'lsass.exe'(820)

c:\windows\system32\DPPWDFLT.dll

.

Tidspunkt ferdig: 2010-04-22 17:05:00

ComboFix-quarantined-files.txt 2010-04-22 15:04

 

Pre-Run: 51 188 338 688 byte ledig

Post-Run: 51 548 454 912 byte ledig

 

- - End Of File - - BB573EB5E4720A2520F384F103A2F270

 

 

 

..........

 

Takke for alle svar!

[raWrz]

Hvor ligger Csrss.exe fila?

Den fila er en legit Windows fil hvis den ligger i C:\Windows\System32

[rezidor]

Hvor ligger Csrss.exe fila?

Den fila er en legit Windows fil hvis den ligger i C:\Windows\System32

 

 

Den ligger i C:\Windows\System32. Da kan jeg vel stole på at prosessen er legit?

[raWrz]

http://en.wikipedia.org/wiki/Csrss.exe

står en forklaring på hva den gjør her

[rezidor]

Når jeg får opp oppgavebehandlingen så står csrss.exe filen uten noe beskrivelse, synes bare det så litt ``nakent`` ut.

[raWrz]

ok, da skal du sjekke om du finner noe her: c:\users\Stefan\AppData\Roaming\Csrss

 

(PS:i norsk windows så heter mappen "users", brukere)

 

men først så skru av at windows skjuler filer:

Kontrollpanel - mappealterativer - vis tabben - kryss av på Skjul beskyttede operativsystemfiler og ha på vis skjulte filer, mappen og stasjoner

[rezidor]

Jeg har nå fiksa slika at mappene vises.

 

Jeg finner mappen Roaming og innenfor den ligger det en mappe som heter Csrss.

 

Den er tom innvendig. Er det ok da, eller kan noe skjule seg der?