rezidor Skrevet 22. april 2010 Skrevet 22. april 2010 Hei. Har gjort litt research før jeg velger å poste her nå. Har kjørt søk med Malwarebytes og ComboFix, uten at jeg har klart å fjerne csrss.exe. Her er de to loggene. Håper noen har noe hjelp å komme med! LOGG Malwarebytes: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Databaseversjon: 4021 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 22.04.2010 16:32:31 mbam-log-2010-04-22 (16-32-31).txt Skanntype: Hurtigsøk Objekter skannet: 107229 Tid tilbakelagt: 7 minutt(er), 29 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 3 Registerverdier infisert: 1 Registerfiler infisert: 1 Mapper infisert: 1 Filer infisert 6 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\xml2u (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Mapper infisert: C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. Filer infisert C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. C:\Users\Stefan\AppData\Roaming\Microsoft\profile.dat (Malware.Trace) -> Quarantined and deleted successfully. LOGG ComboFix: ComboFix 10-04-21.01 - Stefan 22.04.2010 16:51:01.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.47.1044.18.2046.1300 [GMT 2:00] Kjører fra: c:\users\Stefan\Downloads\ComboFix.exe AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-316374645-1690445076-2374167055-500 c:\$recycle.bin\S-1-5-21-3787807792-905040159-1087343602-500 c:\windows\system32\KBL.LOG . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-22 til 2010-04-22 ))))))))))))))))))))))))))))))))) . 2010-04-22 15:01 . 2010-04-22 15:02 -------- d-----w- c:\users\Stefan\AppData\Local\temp 2010-04-22 15:01 . 2010-04-22 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-04-22 14:24 . 2010-04-22 14:24 -------- d-----w- c:\users\Stefan\AppData\Roaming\Malwarebytes 2010-04-22 14:24 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-22 14:24 . 2010-04-22 14:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-22 14:24 . 2010-04-22 14:24 -------- d-----w- c:\programdata\Malwarebytes 2010-04-22 14:24 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-22 13:07 . 2010-04-22 13:07 -------- d-----w- C:\$AVG 2010-04-22 12:48 . 2010-04-22 12:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-04-22 12:48 . 2010-04-22 12:48 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2010-04-22 12:48 . 2010-04-22 12:48 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-04-22 12:48 . 2010-04-22 12:48 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-04-22 12:48 . 2010-04-22 12:48 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-04-22 12:48 . 2010-04-22 12:48 -------- d-----w- c:\windows\system32\drivers\Avg 2010-04-22 12:45 . 2010-04-22 12:45 -------- d-----w- c:\program files\AVG 2010-04-22 12:44 . 2010-04-22 12:45 -------- d-----w- c:\programdata\avg9 2010-04-17 10:39 . 2010-04-17 11:03 30 ----a-w- c:\windows\popcinfo.dat 2010-04-17 07:22 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll 2010-04-17 07:22 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-17 07:22 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-17 07:22 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-17 07:22 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-17 07:22 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-17 07:21 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-17 07:21 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-17 07:21 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-17 07:21 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll 2010-04-17 07:21 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe 2010-04-17 07:21 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS 2010-04-14 15:26 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll 2010-04-14 15:26 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll 2010-04-08 01:40 . 2010-04-22 11:08 -------- d-----w- c:\program files\Full Tilt Poker 2010-03-29 20:11 . 2010-03-29 20:12 -------- d-----w- c:\program files\Return to Castle Wolfenstein 2010-03-29 20:04 . 2010-03-29 20:04 -------- d-----w- c:\program files\PowerISO 2010-03-25 12:47 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-22 13:26 . 2010-03-22 03:01 -------- d-----w- c:\users\Stefan\AppData\Roaming\Csrss 2010-04-22 12:33 . 2008-03-29 16:09 184006 ----a-w- c:\users\Stefan\AppData\Roaming\nvModes.dat 2010-04-22 09:03 . 2008-03-30 11:59 -------- d-----w- c:\programdata\Google Updater 2010-04-18 16:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-18 14:43 . 2008-03-30 11:30 -------- d-----w- c:\programdata\Microsoft Help 2010-04-17 11:04 . 2008-11-03 21:37 -------- d-----w- c:\programdata\PopCap Games 2010-04-07 11:07 . 2008-03-29 18:24 -------- d-----w- c:\users\Stefan\AppData\Roaming\LimeWire 2010-03-30 06:03 . 2007-12-23 12:13 79408 ----a-w- c:\windows\system32\perfc014.dat 2010-03-30 06:03 . 2007-12-23 12:13 476858 ----a-w- c:\windows\system32\perfh014.dat 2010-03-22 14:55 . 2010-03-22 14:53 -------- d-----w- c:\program files\Return to Castle Wolfenstein - Platinum Edition 2010-03-21 11:58 . 2009-12-13 04:20 -------- d-----w- c:\program files\Common Files\Apple 2010-03-21 11:54 . 2009-12-13 04:24 -------- d-----w- c:\programdata\Apple Computer 2010-03-21 11:46 . 2010-02-07 08:21 -------- d-----w- c:\programdata\VIZ_MPS 2010-03-21 11:43 . 2008-06-30 04:16 -------- d-----w- c:\programdata\Creative 2010-03-21 11:43 . 2008-06-30 04:14 -------- d-----w- c:\program files\Creative 2010-03-21 11:42 . 2008-06-30 04:37 -------- d-----w- c:\users\Stefan\AppData\Roaming\Creative 2010-03-10 18:41 . 2008-11-27 06:00 -------- d-----w- c:\users\Stefan\AppData\Roaming\Microgaming 2010-03-09 16:54 . 2010-03-31 12:06 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-09 16:50 . 2010-03-31 12:06 56320 ----a-w- c:\windows\system32\iesetup.dll 2010-03-09 16:50 . 2010-03-31 12:06 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-09 16:50 . 2010-03-31 12:06 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll 2010-03-09 16:48 . 2010-03-31 12:06 72704 ----a-w- c:\windows\system32\admparse.dll 2010-03-09 14:17 . 2010-03-31 12:06 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-03-09 12:43 . 2010-03-31 12:06 48128 ----a-w- c:\windows\system32\mshtmler.dll 2010-02-24 18:14 . 2008-03-29 16:05 72440 ----a-w- c:\users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-20 23:54 . 2010-03-11 02:01 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:51 . 2010-03-11 02:00 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 21:30 . 2010-03-11 02:00 396800 ----a-w- c:\windows\system32\drivers\http.sys 2010-01-25 12:58 . 2010-02-24 14:54 154112 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:58 . 2010-02-24 14:54 473088 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:58 . 2010-02-24 14:54 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:58 . 2010-02-24 14:54 472576 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 12:56 . 2010-02-24 14:54 312320 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:36 . 2010-02-24 14:54 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-25 08:36 . 2010-02-24 14:54 515584 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:36 . 2010-02-24 14:54 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:35 . 2010-02-24 14:54 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-23 08:05 . 2010-02-24 14:56 2048 ----a-w- c:\windows\system32\tzres.dll 2009-03-31 20:47 . 2008-10-09 23:42 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-23 1006264] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856] c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] Trusted 2204 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] 2008-10-17 14:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] 2008-02-26 14:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-08-17 07:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-03-30 717296] R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-01-31 599040] S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-22 52872] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-22 216200] S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-22 242896] S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090318.001\IDSvix86.sys [2009-02-09 272432] S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-04-22 916760] S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-22 308064] S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-04-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-30 23:40] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=81&bd=Pavilion&pf=laptop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=81&bd=Pavilion&pf=laptop IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\PartyGaming\PartyCasino\RunApp.exe FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3m11gvvz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\3m11gvvz.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe HKLM-Run-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe AddRemove-Return to Castle Wolfenstein - Platinum Edition - c:\programs\UNINST~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-22 17:02 Windows 6.0.6000 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(820) c:\windows\system32\DPPWDFLT.dll . Tidspunkt ferdig: 2010-04-22 17:05:00 ComboFix-quarantined-files.txt 2010-04-22 15:04 Pre-Run: 51 188 338 688 byte ledig Post-Run: 51 548 454 912 byte ledig - - End Of File - - BB573EB5E4720A2520F384F103A2F270 .......... Takke for alle svar!
raWrz Skrevet 22. april 2010 Skrevet 22. april 2010 Hvor ligger Csrss.exe fila? Den fila er en legit Windows fil hvis den ligger i C:\Windows\System32
rezidor Skrevet 22. april 2010 Forfatter Skrevet 22. april 2010 Hvor ligger Csrss.exe fila? Den fila er en legit Windows fil hvis den ligger i C:\Windows\System32 Den ligger i C:\Windows\System32. Da kan jeg vel stole på at prosessen er legit?
raWrz Skrevet 22. april 2010 Skrevet 22. april 2010 http://en.wikipedia.org/wiki/Csrss.exe står en forklaring på hva den gjør her
rezidor Skrevet 22. april 2010 Forfatter Skrevet 22. april 2010 Når jeg får opp oppgavebehandlingen så står csrss.exe filen uten noe beskrivelse, synes bare det så litt ``nakent`` ut.
raWrz Skrevet 22. april 2010 Skrevet 22. april 2010 ok, da skal du sjekke om du finner noe her: c:\users\Stefan\AppData\Roaming\Csrss (PS:i norsk windows så heter mappen "users", brukere) men først så skru av at windows skjuler filer: Kontrollpanel - mappealterativer - vis tabben - kryss av på Skjul beskyttede operativsystemfiler og ha på vis skjulte filer, mappen og stasjoner
rezidor Skrevet 22. april 2010 Forfatter Skrevet 22. april 2010 Jeg har nå fiksa slika at mappene vises. Jeg finner mappen Roaming og innenfor den ligger det en mappe som heter Csrss. Den er tom innvendig. Er det ok da, eller kan noe skjule seg der?
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå