Infisert av csrss.exe..Help

[Eparco]

Jeg lastet ned nero burning room, vista compatible! Endelig tenkte jeg!

Men etter jeg skulle installere d,fikk jeg et virus/orm/trojaner! Csrss.exe...Jeg googlet csrss.exe og fant ei side :

 

http://www.computerhope.com/issues/ch000916.htm..

 

På denne siden står det at det er: The csrss.exe is a critical system process that cannot be removed from the Task Manager without causing issues with Windows.

 

Hva skal jeg gjøre? Jeg har tenkt å installere Windows Vista pånytt..Men hvordan gjør jeg dette? Må jeg avinstallere Vista også formatere? Vista er jo en oppgradering av XP..Hva kan jeg gjøre? Jeg prøvde å sette xp platen inn under oppstart,jeg skulle prøve å installere pånytt,men det gikk ikke.Jeg prøvde å reparere,men det gikk heller ikke..Hvorfor går ikke dette?

 

Dette er hva andre brukere har skrevet:

Csrss.exe bruker mer av prossesoren,stjeler litt av bredbåndsfarten,noen programmer går tregt..Men jeg har ikke oppdaget noe av dette. Men jeg vil få fjernet dette..

 

Noe tips om hva jeg kan gjøre?

 

Heeeelp!

[norbat]

Punkt 1:

Last ned Malwarebytes Anti-Malware til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

 

Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet.

 

Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster senere.

 

Punkt 2:

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt) + loggen fra MBAM

[r2d290]

Dette skal vi få orden på

 

Følg veiledningen her: https://www.diskusjon.no/index.php?showtopic=691246 og post loggene i denne tråden.

 

Edit: der kom norbat meg i forkjøpet. Følg hans veiledning du

Endret 9. august 2008 av r2d290

[HeleneRT]

Hei Fant dere ut av dette? Jeg har det samme problemet.. Jeg skal gjøre det dere beskrev

[snippsat]

HeleneRT lag en ny post.

I den posten tar du med logger som beskrevet over.

Endret 15. mai 2009 av SNIPPSAT

[HeleneRT]

HeleneRT lag en ny post.

I den posten tar du med logger som beskrevet over.

 

 

Her kommer logg, folkens Takknemlig for all videre hjelp!! Csrss.exe er i full sving enda...

 

Malwarebytes' Anti-Malware 1.36

Databaseversjon: 2135

Windows 5.1.2600 Service Pack 3

 

15.05.2009 17:41:04

mbam-log-2009-05-15 (17-41-04).txt

 

Skanntype: Rask Skann

Objekter skannet: 99324

Tid tilbakelagt: 12 minute(s), 14 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 15

Registerverdier infisert: 2

Registerfiler infisert: 2

Mapper infisert: 0

Filer infisert: 4

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63bb3c73-162c-43a8-a415-1b7a07a9a84f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awvtr (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63bb3c73-162c-43a8-a415-1b7a07a9a84f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c} (Adware.MediaAccess) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{93cecbb2-6b1b-448d-91b9-72604ef70105} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzdn32 (Dialer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programfiler\Fellesfiler\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{2c133c75-05d8-1044-0223-05111420002f} (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\WINDOWS\system32\awvtr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Programfiler\Fellesfiler\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winzdn32.dll (Dialer) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

 

 

ComboFix 09-05-14.07 - Helene 15.05.2009 18:03.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.503.20 [GMT 2:00]

Kjører fra: G:\ComboFix.exe

AV: Norman Security Suite *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\progra~1\FELLES~1\{2C133~1

c:\programfiler\toolbar888

c:\windows\system32\rtvwa.bak1

c:\windows\system32\rtvwa.bak2

c:\windows\system32\rtvwa.ini

c:\windows\system32\rtvwa.ini2

c:\windows\system32\rtvwa.tmp

c:\windows\system32\rtvwa.tmp2

F:\Autorun.inf

G:\Autorun.inf

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-15 til 2009-05-15 )))))))))))))))))))))))))))))))))

.

 

2009-05-15 14:52 . 2009-05-15 14:52 -------- d-----w c:\documents and settings\Helene \Programdata\Malwarebytes

2009-05-15 14:51 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-15 14:51 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-15 14:51 . 2009-05-15 14:51 -------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes

2009-05-15 14:51 . 2009-05-15 14:52 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware

2009-05-11 15:54 . 2008-04-16 10:57 42552 ----a-w c:\windows\system32\drivers\ale_nf.sys

2009-05-11 15:54 . 2008-02-07 10:12 79752 ----a-w c:\windows\system32\drivers\ndis_rd.sys

2009-05-11 15:54 . 2008-02-07 10:12 74624 ----a-w c:\windows\system32\drivers\tdi_rd.sys

2009-05-11 15:54 . 2009-01-22 10:41 19512 ----a-w c:\windows\system32\drivers\nvcw32mf.sys

2009-05-11 15:54 . 2008-05-16 09:28 212024 ----a-w c:\windows\system32\nscrnsav.scr

2009-05-11 15:53 . 2009-05-15 15:45 -------- d-----w c:\programfiler\Norman

2009-05-05 15:31 . 2009-05-05 15:32 -------- d-----w c:\documents and settings\Helene\Programdata\vlc

2009-05-04 08:39 . 2009-05-04 08:39 -------- d-----w c:\documents and settings\All Users\Programdata\Kaspersky Lab Setup Files

2009-05-02 14:39 . 2009-05-02 14:39 -------- d-----w c:\programfiler\AVG

2009-05-01 13:57 . 2009-05-13 10:23 -------- d-----w c:\programfiler\calendarmakereval

2009-05-01 12:17 . 2009-05-01 12:17 -------- d-----w c:\documents and settings\Helene\Programdata\Skerryvore Software

2009-05-01 12:15 . 2009-05-01 12:15 -------- d-----w c:\documents and settings\All Users\Programdata\Skerryvore Software

2009-05-01 12:15 . 2009-05-01 12:15 -------- d-----w c:\programfiler\Skerryvore Software

2009-05-01 12:10 . 2009-05-01 12:10 -------- d-----w c:\documents and settings\Helene\Lokale innstillinger\Programdata\Downloaded Installations

2009-04-22 15:19 . 2009-04-22 15:19 -------- d-----w c:\documents and settings\LocalService\Lokale innstillinger\Programdata\Help

2009-04-20 17:29 . 2009-04-20 17:29 -------- d-----w c:\programfiler\Wizard Software

2009-04-20 17:22 . 2009-04-21 16:17 -------- d-----w c:\programfiler\Bandwidth Monitor Pro

2009-04-20 14:39 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe

2009-04-20 11:55 . 2009-04-20 11:55 -------- d-----w c:\documents and settings\LocalService\Skrivebord

2009-04-20 11:27 . 2009-05-04 11:31 64160 ----a-w c:\windows\system32\drivers\Lbd.sys

2009-04-20 11:16 . 2009-04-20 11:16 -------- dc-h--w c:\documents and settings\All Users\Programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

2009-04-15 18:47 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-15 18:47 . 2009-03-06 14:24 284160 ------w c:\windows\system32\dllcache\pdh.dll

2009-04-15 18:47 . 2009-02-09 11:27 111104 ------w c:\windows\system32\dllcache\services.exe

2009-04-15 18:47 . 2009-02-09 10:56 401408 ------w c:\windows\system32\dllcache\rpcss.dll

2009-04-15 18:47 . 2009-02-09 10:56 473600 ------w c:\windows\system32\dllcache\fastprox.dll

2009-04-15 18:47 . 2009-02-09 10:56 680448 ------w c:\windows\system32\dllcache\advapi32.dll

2009-04-15 18:47 . 2009-02-09 10:56 729088 ------w c:\windows\system32\dllcache\lsasrv.dll

2009-04-15 18:47 . 2009-02-09 10:56 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-15 18:47 . 2009-02-09 10:56 710656 ------w c:\windows\system32\dllcache\ntdll.dll

2009-04-15 18:44 . 2008-04-21 21:16 217088 ------w c:\windows\system32\dllcache\wordpad.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-15 15:05 . 2006-08-02 20:27 -------- d-----w c:\programfiler\Mozilla Thunderbird

2009-05-13 13:09 . 2005-05-30 14:09 98304 ----a-w c:\windows\DUMPd997.tmp

2009-05-13 08:13 . 2005-05-30 14:09 98304 ----a-w c:\windows\DUMPd4b5.tmp

2009-05-08 15:43 . 2008-09-08 05:33 -------- d-----w c:\programfiler\PokerStars

2009-05-04 14:13 . 2006-10-23 22:51 -------- d-----w c:\programfiler\PartyGaming

2009-05-03 20:25 . 2008-09-19 21:39 -------- d-----w c:\programfiler\Fellesfiler\Apple

2009-05-01 14:23 . 2005-07-08 16:21 -------- d-----w c:\programfiler\Microsoft Picture It! PhotoPub

2009-05-01 13:56 . 2005-06-01 16:22 242896 -c--a-w c:\documents and settings\Helene\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-05-01 13:42 . 2007-01-08 00:15 59 ----a-w c:\windows\wpd99.drv

2009-04-21 16:44 . 2005-07-31 01:11 -------- d-----w c:\programfiler\Google

2009-04-20 11:15 . 2005-08-26 01:38 -------- d-----w c:\programfiler\Lavasoft

2009-04-20 11:14 . 2006-07-03 21:43 -------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard

2009-04-16 07:02 . 2004-09-28 17:07 69230 ----a-w c:\windows\system32\perfc014.dat

2009-04-16 07:02 . 2004-09-28 17:07 404422 ----a-w c:\windows\system32\perfh014.dat

2009-04-08 01:16 . 2006-10-03 09:22 -------- d-----w c:\programfiler\PMWin

2009-04-04 02:44 . 2008-06-10 15:48 3532 ----a-w C:\drmHeader.bin

2009-04-03 22:36 . 2006-01-03 10:08 664 ----a-w c:\windows\system32\d3d9caps.dat

2009-03-25 22:22 . 2009-03-25 22:22 -------- d-----w c:\programfiler\URUSoft

2009-03-25 19:06 . 2009-03-25 19:06 -------- d-----w c:\programfiler\Free Download Manager

2009-03-25 19:06 . 2009-03-25 19:06 -------- d-----w c:\programfiler\Software Informer

2009-03-13 13:45 . 2009-03-13 13:45 16320472 ----a-w C:\vlc-0.9.8a-win32.exe

2009-03-06 14:24 . 2004-09-28 17:06 284160 ----a-w c:\windows\system32\pdh.dll

2009-02-20 08:12 . 2004-09-28 17:07 665600 ----a-w c:\windows\system32\wininet.dll

2009-02-20 08:12 . 2004-09-28 17:06 81920 ----a-w c:\windows\system32\ieencode.dll

2007-05-24 23:33 . 2007-05-24 23:33 3304 -c--a-w c:\programfiler\uninstal.log

2006-09-24 23:43 . 2006-09-24 23:43 71168 -c--a-w c:\programfiler\daT

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Creative Detector"="c:\programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 98304]

"OM2_Monitor"="c:\programfiler\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 95536]

"CTZDetec.exe"="c:\programfiler\Creative\Creative Media Lite\CTZDetec.exe" [2008-04-24 368640]

"SoftAuto.exe"="c:\programfiler\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 401408]

"Software Informer"="c:\programfiler\Software Informer\softinfo.exe" [2009-03-11 1724485]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\programfiler\Apoint\Apoint.exe" [2004-09-13 155648]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]

"IntelWireless"="c:\programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"DVDLauncher"="c:\programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [2005-04-28 53248]

"DMXLauncher"="c:\programfiler\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]

"ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Microsoft Works Portfolio"="c:\programfiler\Microsoft Works\WksSb.exe" [2005-01-28 725046]

"Microsoft Works Update Detection"="c:\programfiler\Microsoft Works\WkDetect.exe" [2000-09-14 28739]

"DAEMON Tools-1033"="c:\programfiler\D-Tools\daemon.exe" [2004-08-22 81920]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504]

"H2O"="c:\programfiler\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]

"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2005-12-13 91136]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"Adobe Photo Downloader"="c:\programfiler\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440]

"Sony Ericsson PC Suite"="c:\programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-27 593920]

"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-09-17 185896]

"QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-04 516440]

"NPCTray"="c:\programfiler\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Helene\Start-meny\Programmer\Oppstart\

Bandwidth Meter.lnk - c:\programfiler\Wizard Software\Bandwidth Meter\BandMeter.exe [2006-1-17 1420800]

PowerReg Scheduler.exe [2005-6-14 256000]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-3 113664]

Digital Line Detect.lnk - c:\programfiler\Digital Line Detect\DLG.exe [2005-5-30 24576]

Post-it© Software Notes Lite.lnk - c:\programfiler\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 15:08 110592 ----a-w c:\programfiler\Intel\Wireless\Bin\LgNotify.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\BitComet\\BitComet.exe"=

"c:\\Programfiler\\Azureus\\Azureus.exe"=

"c:\\mIRC\\mirc.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Programfiler\\NetMeeting\\conf.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Programfiler\\SmartFTP Client 2.0\\SmartFTP.exe"=

"c:\\Programfiler\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

"c:\\Programfiler\\FlashFXP\\FlashFXP.exe"=

"c:\\Programfiler\\LeechFTP\\Leechftp.exe"=

"c:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Documents and Settings\\Helene\\Programdata\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Programfiler\\Free Download Manager\\fdm.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21703:TCP"= 21703:TCP:BitComet 21703 TCP

"21703:UDP"= 21703:UDP:BitComet 21703 UDP

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20.04.2009 13:27 64160]

R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [11.05.2009 17:54 79752]

R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [11.05.2009 17:54 22712]

R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [11.05.2009 17:54 53816]

R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [11.05.2009 17:54 74624]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [09.03.2009 21:06 953168]

R2 MAudioUSBService;M-Audio USB Installer;c:\programfiler\M-Audio\Fast Track Pro\MAUSBInst.exe [31.07.2007 13:16 49152]

R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [11.05.2009 17:54 20448]

R2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [11.05.2009 17:54 597104]

R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [11.05.2009 17:54 121912]

R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [11.05.2009 17:54 126008]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [06.07.2006 22:12 33792]

R3 NPC;Norman Parental Control;c:\programfiler\Norman\Npc\Bin\npcsvc32.exe [11.05.2009 17:54 416880]

R3 NUAA;Norman User Activity Agent;c:\programfiler\Norman\Npc\Bin\nuaa.exe [11.05.2009 17:54 121912]

R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [12.05.2009 18:15 130104]

S3 axsaki;axsaki;c:\windows\system32\DRIVERS\axsaki.sys --> c:\windows\system32\DRIVERS\axsaki.sys [?]

S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [31.07.2007 13:16 102528]

S3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [11.05.2009 17:54 310328]

S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [11.05.2009 17:54 19512]

S3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [11.05.2009 17:54 195640]

S3 NVCScheduler;Norman Virus Control Scheduler;"c:\programfiler\Norman\Npm\Bin\Nvcsched.exe" --> c:\programfiler\Norman\Npm\Bin\Nvcsched.exe [?]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*Deregistered* - mchInjDrv

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\Shell00\Command - F:\Start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ce77c53-b54a-11dd-a8d9-00123fe0af88}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ce77c65-b54a-11dd-a8d9-00123fe0af88}]

\Shell\AutoRun\command - s38k.exe

\Shell\explore\Command - s38k.exe

\Shell\open\Command - s38k.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d6693a2-b614-11dd-a8dc-00123fe0af88}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37031afe-ce9a-11dd-a906-00123fe0af88}]

\Shell\Shell00\Command - F:\Start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8ff5834-eeda-11dd-a934-00123fe0af88}]

\Shell\Shell00\Command - F:\Start.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CD5AC91B-AE7B-E83A-0C4C-E616075972F3}]

c:\recycled\userinit.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:31]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-fsm - (no file)

HKLM-Run-ISUSPM Startup - c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.jezebel.nu/test/konsertmidt.htm

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.euro.dell.com/

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.euro.dell.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: &eBay Search - c:\programfiler\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

IE: Download video with Free Download Manager - file://c:\programfiler\Free Download Manager\dlfvideo.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Nedlasting alle med Free Nedlasting Manager - file://c:\programfiler\Free Download Manager\dlall.htm

IE: Nedlasting med Free Nedlasting Manager - file://c:\programfiler\Free Download Manager\dllink.htm

IE: Nedlasting valgte med Free Nedlasting Manager - file://c:\programfiler\Free Download Manager\dlselected.htm

IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programfiler\PartyGaming\PartyCasino\RunApp.exe

IE: {{B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - c:\programfiler\PartyGaming\PartyBingo\RunBingo.exe

LSP: c:\programfiler\Norman\npc\bin\nlf.dll

DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.multimodis.no/controls/IlosoftImageUpload.dll

FF - ProfilePath - c:\documents and settings\Helene\Programdata\Mozilla\Firefox\Profiles\5e9f2qhh.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.dagbladet.no/

FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=107&ei=utf-8&yahoo_domain=search.yahoo.com&p=

FF - component: c:\programfiler\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npmusicn.dll

FF - plugin: c:\programfiler\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\programfiler\Vizky\npVizky.dll

.

.

------- Filassosiasjoner -------

.

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-15 18:12

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-1999367843-2979681295-2697837625-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:74,0d,2a,65,fa,0b,59,3c,5a,ad,7f,c2,4b,53,c5,61,a5,ab,aa,27,9b,

5a,fa,e5,5a,30,84,3c,73,51,03,12,58,46,2e,89,32,3e,4b,0a,8c,14,c9,81,a1,27,\

 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:74,0d,2a,65,fa,0b,59,3c,5a,ad,7f,c2,4b,53,c5,61,a5,ab,aa,27,9b,

5a,fa,e5,5a,30,84,3c,73,51,03,12,58,46,2e,89,32,3e,4b,0a,8c,14,c9,81,a1,27,\

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(1108)

c:\programfiler\Intel\Wireless\Bin\LgNotify.dll

.

Tidspunkt ferdig: 2009-05-15 18:28

ComboFix-quarantined-files.txt 2009-05-15 16:26

 

Pre-Run: 879 243 264 byte ledig

Post-Run: 5 175 001 088 byte ledig

 

277 --- E O F --- 2009-05-15 06:19

Endret 15. mai 2009 av HeleneRT

[snippsat]

Det ser rimlig bra ut nå,det meste ble slett av MBAm og combofix.

Csrss.exe er en fil du må ha.

http://www.processlibrary.com/directory/files/csrss/

 

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

File::

c:\windows\DUMPd997.tmp

c:\windows\DUMPd4b5.tmp

 

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ce77c65-b54a-11dd-a8d9-00123fe0af88}]

 

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

 

F:\Start.exe har du kjennskap til denne filen?

Kjører fra minnepenn.

 

Restart og si litt om hvordan pcen kjører nå.

Endret 15. mai 2009 av SNIPPSAT