Virus i csrss.exe

[perrune]

Hej

JAg har oskadliggjort ett virus i csrss.exe, som låg i katalogen Windows\config. Nu får jag ett meddelande, vid uppstarta, att denna csrss.exe inta kan återfinnas. Hur får jag bort bort programmet som söker denna felaktiga csrss.exe i windows\config

 

 

[Cecilia]

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

[perrune]

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:14:43, on 2009-01-06

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Grisoft\AVG7\avgamsvr.exe

C:\Program\Grisoft\AVG7\avgupsvc.exe

C:\Program\Grisoft\AVG7\avgemc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Dantz\Retrospect\retrorun.exe

C:\Program\CyberLink\Shared Files\RichVideo.exe

C:\Program\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\Program\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe

C:\Program\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program\Grisoft\AVG7\avgcc.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Dell Support Center\bin\sprtcmd.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Picasa2\PicasaMediaDetector.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\LClock\LClock.exe

C:\Program\Registry Mechanic\RegMech.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\TechSmith\SnagIt 9\SnagIt32.exe

C:\Program\Microsoft Office\Office10\msoffice.exe

C:\Program\TechSmith\SnagIt 9\TSCHelp.exe

C:\Program\TechSmith\SnagIt 9\SnagPriv.exe

C:\Program\TechSmith\SnagIt 9\snagiteditor.exe

C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsOrganizer.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopIndex.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopCrawl.exe

C:\Program\Google\Google Desktop Search\GoogleDesktopOE.exe

C:\Program\Google\Google Earth\googleearth.exe

C:\Program\Java\jre6\bin\jucheck.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program\ACD Systems\ACDSee\11.0\ACDSee11.exe

C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsEditor.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Windows Live\Contacts\wlcomm.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Windows Live\Toolbar\wltuser.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Winamp\winamp.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program\Google\Google Desktop Search\GoogleDesktopIE.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 9\SnagItIEAddin.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime Alternative\qttask.exe" -atboottime

O4 - HKLM\..\Run: [updatePDRShortCut] "C:\Program\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [LClock] C:\Program\LClock\LClock.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2025429265-1292428093-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Moa')

O4 - HKUS\S-1-5-21-2025429265-1292428093-725345543-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Anna')

O4 - HKUS\S-1-5-21-2025429265-1292428093-725345543-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Joel')

O4 - HKUS\S-1-5-21-2025429265-1292428093-725345543-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ebba')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: SnagIt 9.lnk = C:\Program\TechSmith\SnagIt 9\SnagIt32.exe

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225143269409&h=96e60cfed10b7da8a0e23c2bb11e128c/&filename=jinstall-6u10-windows-i586-jc.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FolderProtectService - Unknown owner - C:\Program\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program\Dantz\Retrospect\retrorun.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program\Dell Support Center\bin\sprtsvc.exe

 

--

End of file - 13484 bytes

[/log]

 

[Cecilia]

O23 - Service: FolderProtectService - Unknown owner - C:\Program\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe

Du kan läsa om SpotMau på

http://www.mywot.com/sv/scorecard/spotmau.com

verkar inte vara något bra och bör nog avinstalleras. Starta sedan om datorn och klistra in en ny HijackThis-logg.