Just nu i M3-nätverket
Jump to content

Spyware stjäl CPU? Explorer.exe 100% Csrss.exe misstänkt?


FredrikNil

Recommended Posts

Tjena.

 

Jag har fått något skit i datorn som jag inte lyckas bli av med. Har just formaterat om datorn efter att explorer.exe tog 100% av cpu-kraften när jag öppnar utforskaren osv. Men jag fick tillbax problemet när jag förde över filer från min externa hd. Söker nu hjälp att ta bort viruset.

 

Efter att ha googlat runt lite har jag hittat likanade problem där processen csrss.exe ofta omnämts. Denna process stjäl även hos mig mycket av cpu kraften och är starkt misstänkt tycker jag. Jag hittar dock inte flera sådana processer (csrss.exe) eller dubbletter av filen på datorn vilket många andra verkar göra.

 

Jag har skapat en log med HJ som ni kan ta en titt på?

 

Vore väldigt tacksamt om någon vet hur jag ska ta itu med detta.

 

/Fredrik

 

 

[log]

 

Logfile of HijackThis v1.99.1

Scan saved at 02:12:17, on 2007-01-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Grisoft\AVGFRE~1\avgemc.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\Program\Logitech\Easy Synchronization\servicestub.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Logitech\SetPoint\LBTWiz.exe

C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Java\jre1.5.0_03\bin\jusched.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Skype\Phone\Skype.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\devldr32.exe

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\Logitech\SetPoint\SetPoint.exe

C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program\Delade filer\Logitech\KhalShared\KHALMNPR.EXE

C:\Program\Skype\Plugin Manager\SkypePM.exe

C:\Documents and Settings\Fredrik Nilsson\Skrivbord\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superstart.se/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [PCTVRemote] C:\Program\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [uniblue Registry Booster] C:\Program\Uniblue\Registry Booster\RegistryBooster.exe /S

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: LBTWlgn - c:\program\delade filer\logitech\bluetooth\LBTWlgn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program\Delade filer\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[/log]

 

 

Link to comment
Share on other sites

Det syns inte i HijackThis-loggen att du har någon process csrss.exe igång.

Det syns heller inget otrevligt i loggen, men allt syns inte i en HijackThis-logg. Har AVG Anti-Spyware hittat något otrevligt i datorn förutom cookies?

 

Det är vanligt att explorer.exe lägger beslag på processorn om man har skadade filmfiler (t ex .avi), för då sätter den igång och söker igenom hela filen för att kunna visa information om filen. Kan det vara så i ditt fall? I så fall stäng av förhandsvisningen: //eforum.idg.se/viewmsg.asp?EntriesId=831643#831926

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...