Eparco Skrevet 9. august 2008 Del Skrevet 9. august 2008 Jeg lastet ned nero burning room, vista compatible! Endelig tenkte jeg! Men etter jeg skulle installere d,fikk jeg et virus/orm/trojaner! Csrss.exe...Jeg googlet csrss.exe og fant ei side : http://www.computerhope.com/issues/ch000916.htm.. På denne siden står det at det er: The csrss.exe is a critical system process that cannot be removed from the Task Manager without causing issues with Windows. Hva skal jeg gjøre? Jeg har tenkt å installere Windows Vista pånytt..Men hvordan gjør jeg dette? Må jeg avinstallere Vista også formatere? Vista er jo en oppgradering av XP..Hva kan jeg gjøre? Jeg prøvde å sette xp platen inn under oppstart,jeg skulle prøve å installere pånytt,men det gikk ikke.Jeg prøvde å reparere,men det gikk heller ikke..Hvorfor går ikke dette? Dette er hva andre brukere har skrevet: Csrss.exe bruker mer av prossesoren,stjeler litt av bredbåndsfarten,noen programmer går tregt..Men jeg har ikke oppdaget noe av dette. Men jeg vil få fjernet dette.. Noe tips om hva jeg kan gjøre? Heeeelp! Lenke til kommentar
norbat Skrevet 9. august 2008 Del Skrevet 9. august 2008 Punkt 1: Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere. Punkt 2: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) + loggen fra MBAM Lenke til kommentar
r2d290 Skrevet 9. august 2008 Del Skrevet 9. august 2008 (endret) Dette skal vi få orden på Følg veiledningen her: https://www.diskusjon.no/index.php?showtopic=691246 og post loggene i denne tråden. Edit: der kom norbat meg i forkjøpet. Følg hans veiledning du Endret 9. august 2008 av r2d290 Lenke til kommentar
HeleneRT Skrevet 15. mai 2009 Del Skrevet 15. mai 2009 Hei Fant dere ut av dette? Jeg har det samme problemet.. Jeg skal gjøre det dere beskrev Lenke til kommentar
snippsat Skrevet 15. mai 2009 Del Skrevet 15. mai 2009 (endret) HeleneRT lag en ny post. I den posten tar du med logger som beskrevet over. Endret 15. mai 2009 av SNIPPSAT Lenke til kommentar
HeleneRT Skrevet 15. mai 2009 Del Skrevet 15. mai 2009 (endret) HeleneRT lag en ny post.I den posten tar du med logger som beskrevet over. Her kommer logg, folkens Takknemlig for all videre hjelp!! Csrss.exe er i full sving enda... Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2135 Windows 5.1.2600 Service Pack 3 15.05.2009 17:41:04 mbam-log-2009-05-15 (17-41-04).txt Skanntype: Rask Skann Objekter skannet: 99324 Tid tilbakelagt: 12 minute(s), 14 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 15 Registerverdier infisert: 2 Registerfiler infisert: 2 Mapper infisert: 0 Filer infisert: 4 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63bb3c73-162c-43a8-a415-1b7a07a9a84f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvtr (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63bb3c73-162c-43a8-a415-1b7a07a9a84f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c} (Adware.MediaAccess) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{93cecbb2-6b1b-448d-91b9-72604ef70105} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzdn32 (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programfiler\Fellesfiler\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{2c133c75-05d8-1044-0223-05111420002f} (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\awvtr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Programfiler\Fellesfiler\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winzdn32.dll (Dialer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. ComboFix 09-05-14.07 - Helene 15.05.2009 18:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.503.20 [GMT 2:00] Kjører fra: G:\ComboFix.exe AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\progra~1\FELLES~1\{2C133~1 c:\programfiler\toolbar888 c:\windows\system32\rtvwa.bak1 c:\windows\system32\rtvwa.bak2 c:\windows\system32\rtvwa.ini c:\windows\system32\rtvwa.ini2 c:\windows\system32\rtvwa.tmp c:\windows\system32\rtvwa.tmp2 F:\Autorun.inf G:\Autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-15 til 2009-05-15 ))))))))))))))))))))))))))))))))) . 2009-05-15 14:52 . 2009-05-15 14:52 -------- d-----w c:\documents and settings\Helene \Programdata\Malwarebytes 2009-05-15 14:51 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-15 14:51 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-15 14:51 . 2009-05-15 14:51 -------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2009-05-15 14:51 . 2009-05-15 14:52 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-05-11 15:54 . 2008-04-16 10:57 42552 ----a-w c:\windows\system32\drivers\ale_nf.sys 2009-05-11 15:54 . 2008-02-07 10:12 79752 ----a-w c:\windows\system32\drivers\ndis_rd.sys 2009-05-11 15:54 . 2008-02-07 10:12 74624 ----a-w c:\windows\system32\drivers\tdi_rd.sys 2009-05-11 15:54 . 2009-01-22 10:41 19512 ----a-w c:\windows\system32\drivers\nvcw32mf.sys 2009-05-11 15:54 . 2008-05-16 09:28 212024 ----a-w c:\windows\system32\nscrnsav.scr 2009-05-11 15:53 . 2009-05-15 15:45 -------- d-----w c:\programfiler\Norman 2009-05-05 15:31 . 2009-05-05 15:32 -------- d-----w c:\documents and settings\Helene\Programdata\vlc 2009-05-04 08:39 . 2009-05-04 08:39 -------- d-----w c:\documents and settings\All Users\Programdata\Kaspersky Lab Setup Files 2009-05-02 14:39 . 2009-05-02 14:39 -------- d-----w c:\programfiler\AVG 2009-05-01 13:57 . 2009-05-13 10:23 -------- d-----w c:\programfiler\calendarmakereval 2009-05-01 12:17 . 2009-05-01 12:17 -------- d-----w c:\documents and settings\Helene\Programdata\Skerryvore Software 2009-05-01 12:15 . 2009-05-01 12:15 -------- d-----w c:\documents and settings\All Users\Programdata\Skerryvore Software 2009-05-01 12:15 . 2009-05-01 12:15 -------- d-----w c:\programfiler\Skerryvore Software 2009-05-01 12:10 . 2009-05-01 12:10 -------- d-----w c:\documents and settings\Helene\Lokale innstillinger\Programdata\Downloaded Installations 2009-04-22 15:19 . 2009-04-22 15:19 -------- d-----w c:\documents and settings\LocalService\Lokale innstillinger\Programdata\Help 2009-04-20 17:29 . 2009-04-20 17:29 -------- d-----w c:\programfiler\Wizard Software 2009-04-20 17:22 . 2009-04-21 16:17 -------- d-----w c:\programfiler\Bandwidth Monitor Pro 2009-04-20 14:39 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-04-20 11:55 . 2009-04-20 11:55 -------- d-----w c:\documents and settings\LocalService\Skrivebord 2009-04-20 11:27 . 2009-05-04 11:31 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-04-20 11:16 . 2009-04-20 11:16 -------- dc-h--w c:\documents and settings\All Users\Programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-04-15 18:47 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 18:47 . 2009-03-06 14:24 284160 ------w c:\windows\system32\dllcache\pdh.dll 2009-04-15 18:47 . 2009-02-09 11:27 111104 ------w c:\windows\system32\dllcache\services.exe 2009-04-15 18:47 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 18:47 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 18:47 . 2009-02-09 10:56 680448 ------w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 18:47 . 2009-02-09 10:56 729088 ------w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 18:47 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 18:47 . 2009-02-09 10:56 710656 ------w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 18:44 . 2008-04-21 21:16 217088 ------w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-15 15:05 . 2006-08-02 20:27 -------- d-----w c:\programfiler\Mozilla Thunderbird 2009-05-13 13:09 . 2005-05-30 14:09 98304 ----a-w c:\windows\DUMPd997.tmp 2009-05-13 08:13 . 2005-05-30 14:09 98304 ----a-w c:\windows\DUMPd4b5.tmp 2009-05-08 15:43 . 2008-09-08 05:33 -------- d-----w c:\programfiler\PokerStars 2009-05-04 14:13 . 2006-10-23 22:51 -------- d-----w c:\programfiler\PartyGaming 2009-05-03 20:25 . 2008-09-19 21:39 -------- d-----w c:\programfiler\Fellesfiler\Apple 2009-05-01 14:23 . 2005-07-08 16:21 -------- d-----w c:\programfiler\Microsoft Picture It! PhotoPub 2009-05-01 13:56 . 2005-06-01 16:22 242896 -c--a-w c:\documents and settings\Helene\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-05-01 13:42 . 2007-01-08 00:15 59 ----a-w c:\windows\wpd99.drv 2009-04-21 16:44 . 2005-07-31 01:11 -------- d-----w c:\programfiler\Google 2009-04-20 11:15 . 2005-08-26 01:38 -------- d-----w c:\programfiler\Lavasoft 2009-04-20 11:14 . 2006-07-03 21:43 -------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-04-16 07:02 . 2004-09-28 17:07 69230 ----a-w c:\windows\system32\perfc014.dat 2009-04-16 07:02 . 2004-09-28 17:07 404422 ----a-w c:\windows\system32\perfh014.dat 2009-04-08 01:16 . 2006-10-03 09:22 -------- d-----w c:\programfiler\PMWin 2009-04-04 02:44 . 2008-06-10 15:48 3532 ----a-w C:\drmHeader.bin 2009-04-03 22:36 . 2006-01-03 10:08 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-03-25 22:22 . 2009-03-25 22:22 -------- d-----w c:\programfiler\URUSoft 2009-03-25 19:06 . 2009-03-25 19:06 -------- d-----w c:\programfiler\Free Download Manager 2009-03-25 19:06 . 2009-03-25 19:06 -------- d-----w c:\programfiler\Software Informer 2009-03-13 13:45 . 2009-03-13 13:45 16320472 ----a-w C:\vlc-0.9.8a-win32.exe 2009-03-06 14:24 . 2004-09-28 17:06 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-20 08:12 . 2004-09-28 17:07 665600 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:12 . 2004-09-28 17:06 81920 ----a-w c:\windows\system32\ieencode.dll 2007-05-24 23:33 . 2007-05-24 23:33 3304 -c--a-w c:\programfiler\uninstal.log 2006-09-24 23:43 . 2006-09-24 23:43 71168 -c--a-w c:\programfiler\daT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Creative Detector"="c:\programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304] "OM2_Monitor"="c:\programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 95536] "CTZDetec.exe"="c:\programfiler\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640] "SoftAuto.exe"="c:\programfiler\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408] "Software Informer"="c:\programfiler\Software Informer\softinfo.exe" [2009-03-11 1724485] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\programfiler\Apoint\Apoint.exe" [2004-09-13 155648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976] "IntelWireless"="c:\programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "DVDLauncher"="c:\programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 53248] "DMXLauncher"="c:\programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Microsoft Works Portfolio"="c:\programfiler\Microsoft Works\WksSb.exe" [2005-01-28 725046] "Microsoft Works Update Detection"="c:\programfiler\Microsoft Works\WkDetect.exe" [2000-09-14 28739] "DAEMON Tools-1033"="c:\programfiler\D-Tools\daemon.exe" [2004-08-22 81920] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504] "H2O"="c:\programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024] "M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2005-12-13 91136] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440] "Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920] "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-09-17 185896] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-04 516440] "NPCTray"="c:\programfiler\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Helene\Start-meny\Programmer\Oppstart\ Bandwidth Meter.lnk - c:\programfiler\Wizard Software\Bandwidth Meter\BandMeter.exe [2006-1-17 1420800] PowerReg Scheduler.exe [2005-6-14 256000] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-3 113664] Digital Line Detect.lnk - c:\programfiler\Digital Line Detect\DLG.exe [2005-5-30 24576] Post-it© Software Notes Lite.lnk - c:\programfiler\3M\PSNLite\PsnLite.exe [2004-10-15 2080768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 15:08 110592 ----a-w c:\programfiler\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\BitComet\\BitComet.exe"= "c:\\Programfiler\\Azureus\\Azureus.exe"= "c:\\mIRC\\mirc.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Programfiler\\NetMeeting\\conf.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Programfiler\\SmartFTP Client 2.0\\SmartFTP.exe"= "c:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\FlashFXP\\FlashFXP.exe"= "c:\\Programfiler\\LeechFTP\\Leechftp.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Documents and Settings\\Helene\\Programdata\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Programfiler\\Free Download Manager\\fdm.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "21703:TCP"= 21703:TCP:BitComet 21703 TCP "21703:UDP"= 21703:UDP:BitComet 21703 UDP R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.04.2009 13:27 64160] R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [11.05.2009 17:54 79752] R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [11.05.2009 17:54 22712] R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [11.05.2009 17:54 53816] R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [11.05.2009 17:54 74624] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 21:06 953168] R2 MAudioUSBService;M-Audio USB Installer;c:\programfiler\M-Audio\Fast Track Pro\MAUSBInst.exe [31.07.2007 13:16 49152] R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [11.05.2009 17:54 20448] R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [11.05.2009 17:54 597104] R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [11.05.2009 17:54 121912] R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [11.05.2009 17:54 126008] R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [06.07.2006 22:12 33792] R3 NPC;Norman Parental Control;c:\programfiler\Norman\Npc\Bin\npcsvc32.exe [11.05.2009 17:54 416880] R3 NUAA;Norman User Activity Agent;c:\programfiler\Norman\Npc\Bin\nuaa.exe [11.05.2009 17:54 121912] R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [12.05.2009 18:15 130104] S3 axsaki;axsaki;c:\windows\system32\DRIVERS\axsaki.sys --> c:\windows\system32\DRIVERS\axsaki.sys [?] S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [31.07.2007 13:16 102528] S3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [11.05.2009 17:54 310328] S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [11.05.2009 17:54 19512] S3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [11.05.2009 17:54 195640] S3 NVCScheduler;Norman Virus Control Scheduler;"c:\programfiler\Norman\Npm\Bin\Nvcsched.exe" --> c:\programfiler\Norman\Npm\Bin\Nvcsched.exe [?] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\Shell00\Command - F:\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ce77c53-b54a-11dd-a8d9-00123fe0af88}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ce77c65-b54a-11dd-a8d9-00123fe0af88}] \Shell\AutoRun\command - s38k.exe \Shell\explore\Command - s38k.exe \Shell\open\Command - s38k.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6693a2-b614-11dd-a8dc-00123fe0af88}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37031afe-ce9a-11dd-a906-00123fe0af88}] \Shell\Shell00\Command - F:\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8ff5834-eeda-11dd-a934-00123fe0af88}] \Shell\Shell00\Command - F:\Start.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CD5AC91B-AE7B-E83A-0C4C-E616075972F3}] c:\recycled\userinit.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:31] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-fsm - (no file) HKLM-Run-ISUSPM Startup - c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.jezebel.nu/test/konsertmidt.htm uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.euro.dell.com/ uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.euro.dell.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: &eBay Search - c:\programfiler\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html IE: Download video with Free Download Manager - file://c:\programfiler\Free Download Manager\dlfvideo.htm IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Nedlasting alle med Free Nedlasting Manager - file://c:\programfiler\Free Download Manager\dlall.htm IE: Nedlasting med Free Nedlasting Manager - file://c:\programfiler\Free Download Manager\dllink.htm IE: Nedlasting valgte med Free Nedlasting Manager - file://c:\programfiler\Free Download Manager\dlselected.htm IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programfiler\PartyGaming\PartyCasino\RunApp.exe IE: {{B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - c:\programfiler\PartyGaming\PartyBingo\RunBingo.exe LSP: c:\programfiler\Norman\npc\bin\nlf.dll DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.multimodis.no/controls/IlosoftImageUpload.dll FF - ProfilePath - c:\documents and settings\Helene\Programdata\Mozilla\Firefox\Profiles\5e9f2qhh.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://www.dagbladet.no/ FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=107&ei=utf-8&yahoo_domain=search.yahoo.com&p= FF - component: c:\programfiler\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\programfiler\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\programfiler\Vizky\npVizky.dll . . ------- Filassosiasjoner ------- . . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-15 18:12 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1999367843-2979681295-2697837625-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:74,0d,2a,65,fa,0b,59,3c,5a,ad,7f,c2,4b,53,c5,61,a5,ab,aa,27,9b, 5a,fa,e5,5a,30,84,3c,73,51,03,12,58,46,2e,89,32,3e,4b,0a,8c,14,c9,81,a1,27,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:74,0d,2a,65,fa,0b,59,3c,5a,ad,7f,c2,4b,53,c5,61,a5,ab,aa,27,9b, 5a,fa,e5,5a,30,84,3c,73,51,03,12,58,46,2e,89,32,3e,4b,0a,8c,14,c9,81,a1,27,\ . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1108) c:\programfiler\Intel\Wireless\Bin\LgNotify.dll . Tidspunkt ferdig: 2009-05-15 18:28 ComboFix-quarantined-files.txt 2009-05-15 16:26 Pre-Run: 879 243 264 byte ledig Post-Run: 5 175 001 088 byte ledig 277 --- E O F --- 2009-05-15 06:19 Endret 15. mai 2009 av HeleneRT Lenke til kommentar
snippsat Skrevet 15. mai 2009 Del Skrevet 15. mai 2009 (endret) Det ser rimlig bra ut nå,det meste ble slett av MBAm og combofix. Csrss.exe er en fil du må ha. http://www.processlibrary.com/directory/files/csrss/ Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: c:\windows\DUMPd997.tmp c:\windows\DUMPd4b5.tmp Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ce77c65-b54a-11dd-a8d9-00123fe0af88}] Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. F:\Start.exe har du kjennskap til denne filen? Kjører fra minnepenn. Restart og si litt om hvordan pcen kjører nå. Endret 15. mai 2009 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå