csrss.exe

[Majkelju]

Mám nesnesitelně zasekaný comp, při spuštění správce úloh vidím, že proces csrss.exe mi zabírá obrovské procento využití procesoru. Mám ho tam dvakrát, takže tím pádem je to vir...Jeden jako SYSTEM (ten zabírá 0%, to bude ten "správný"), a druhý csrss.exe má jiné umístění, ale také nejde vypnout. Co s tím?
--------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:33, on 1.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RevoTask.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\QIP Infium\infium.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\HijackThis\HiJackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RevoTaskbarApp] C:\WINDOWS\System32\RevoTask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCCF39D8-BBFD-4018-8CC9-2DE3E74F1BED}: NameServer = 10.0.33.254,195.146.100.98
O17 - HKLM\System\CS1\Services\Tcpip\..\{DCCF39D8-BBFD-4018-8CC9-2DE3E74F1BED}: NameServer = 10.0.33.254,195.146.100.98
O17 - HKLM\System\CS2\Services\Tcpip\..\{DCCF39D8-BBFD-4018-8CC9-2DE3E74F1BED}: NameServer = 10.0.33.254,195.146.100.98
O17 - HKLM\System\CS3\Services\Tcpip\..\{DCCF39D8-BBFD-4018-8CC9-2DE3E74F1BED}: NameServer = 10.0.33.254,195.146.100.98
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5927 bytes

[Reklama]

[fredik]

Vítej na fóru

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Majkelju]

Tak...staženo, proveden scan, smázlo mi to mimo jiné i ten csrss.exe...nutno asi podotknout, že ke konci scanu mi to jaksi vyplo připojení k internetu, musel jsem to napravit v Ovládacích panelech tlačítkem Opravit. A zakázal jsem si nástroj Obnovení systému, někde tady jsem četl, že je to tak lepší....?
Tady je log:

ComboFix 07-12-31.4 - Michal Sirůček 2008-01-01 20:26:33.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.665 [GMT 1:00]
Running from: C:\Documents and Settings\Michal Sirůček\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\auto.exe
C:\WINDOWS\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2008-01-01 20:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 19:54 . 2008-01-01 19:56 <DIR> d-------- C:\HijackThis
2008-01-01 19:18 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-01 19:18 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-01 19:18 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-01 19:18 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-01 19:18 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-01 19:18 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-01 19:17 . 2008-01-01 19:17 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-01 19:17 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-01 19:17 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-01 19:17 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-01-01 19:17 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-31 14:24 . 2007-12-31 14:24 <DIR> d-------- C:\Documents and Settings\LocalService\Nabídka Start
2007-12-31 13:33 . 2007-12-31 13:33 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-31 13:30 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002287_.tmp
2007-12-31 13:26 . 2004-08-03 22:42 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-31 13:23 . 2007-12-31 13:35 <DIR> d-------- C:\WINDOWS\EHome
2007-12-31 10:54 . 2007-07-11 15:06 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2007-12-31 10:47 . 2007-12-31 10:49 <DIR> d-------- C:\Program Files\BearShare
2007-12-31 10:47 . 2007-12-31 10:53 <DIR> d-------- C:\My Downloads
2007-12-31 10:36 . 2007-12-31 10:36 0 --------- C:\WINDOWS\WB.ini
2007-12-31 10:35 . 2007-12-31 10:35 <DIR> d-------- C:\Program Files\Stardock
2007-12-31 09:40 . 2007-12-31 09:41 <DIR> d-------- C:\Program Files\QIP Infium
2007-12-31 09:40 . 2007-12-31 09:40 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\QIP
2007-12-29 11:20 . 2007-12-29 11:20 <DIR> d-------- C:\WINDOWS\ShellNew
2007-12-27 19:30 . 2007-12-27 19:30 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\Lavasoft
2007-12-27 19:01 . 2007-12-27 19:12 <DIR> d-------- C:\Program Files\Gothic III
2007-12-27 15:30 . 2007-12-27 15:30 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-12-27 15:30 . 2007-12-27 15:30 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-27 14:06 . 2007-12-27 14:06 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-12-27 13:26 . 2007-12-27 13:26 19,960 --a------ C:\Documents and Settings\Michal Sirůček\Data aplikací\GDIPFONTCACHEV1.DAT
2007-12-27 13:21 . 2007-12-29 11:21 390 --a------ C:\WINDOWS\ODBC.INI
2007-12-27 13:06 . 2007-12-27 13:06 <DIR> d-------- C:\WINDOWS\system32\languages
2007-12-26 20:37 . 2007-12-27 13:06 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-12-26 20:36 . 2007-12-26 21:00 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\Media Player Classic
2007-12-26 20:32 . 2004-01-11 23:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-12-26 19:27 . 2004-08-17 15:49 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-12-26 19:11 . 2007-12-26 19:11 <DIR> d---s---- C:\Documents and Settings\Michal Sirůček\UserData
2007-12-26 19:11 . 2007-12-26 19:11 <DIR> d---s---- C:\Documents and Settings\Michal Sirůček\UserData
2007-12-26 15:55 . 2007-12-26 15:55 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\ACD Systems
2007-12-26 15:55 . 2007-12-31 12:35 2,359,350 --a------ C:\WINDOWS\ACD Wallpaper.bmp
2007-12-25 12:37 . 2007-12-25 12:37 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\FlashFXP
2007-12-25 10:54 . 2007-12-25 10:54 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\Thunderbird
2007-12-25 10:53 . 2008-01-01 19:33 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-25 00:56 . 2007-12-26 20:44 50 --a------ C:\WINDOWS\cdplayer.ini
2007-12-25 00:54 . 2007-12-25 00:54 <DIR> d-------- C:\Program Files\Real
2007-12-25 00:54 . 2007-12-27 14:06 <DIR> d-------- C:\Program Files\Common Files\Real
2007-12-25 00:34 . 2007-12-25 00:34 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-25 00:32 . 2007-12-25 00:32 <DIR> d-------- C:\Program Files\Nero
2007-12-25 00:32 . 2007-12-25 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2007-12-25 00:31 . 2007-12-31 14:24 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2007-12-25 00:28 . 2007-12-25 00:28 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-25 00:28 . 2007-12-25 00:28 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\AdobeUM
2007-12-25 00:25 . 2007-12-26 19:15 <DIR> dr------- C:\Filmy
2007-12-25 00:21 . 2008-01-01 15:50 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-25 00:19 . 2007-12-25 00:31 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\Ahead
2007-12-25 00:18 . 2007-12-25 00:36 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-25 00:18 . 2007-12-25 00:18 <DIR> d-------- C:\Program Files\Ahead
2007-12-25 00:18 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-12-25 00:18 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-12-25 00:18 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-12-25 00:18 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-25 00:18 . 2003-12-19 19:48 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-25 00:18 . 2004-01-14 18:57 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2007-12-25 00:18 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-12-25 00:15 . 2007-12-25 00:15 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\Nokia
2007-12-25 00:13 . 2007-12-25 00:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 00:13 . 2007-12-25 00:14 <DIR> d-------- C:\Program Files\Nokia
2007-12-25 00:13 . 2007-12-25 00:13 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-12-25 00:13 . 2007-12-25 00:13 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-12-25 00:13 . 2007-12-25 00:13 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\PC Suite
2007-12-25 00:10 . 2008-01-01 19:29 63,804 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-25 00:09 . 2007-12-25 00:09 <DIR> d-------- C:\NVIDIA
2007-12-25 00:09 . 2006-06-01 19:09 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-12-25 00:07 . 2007-12-25 12:37 <DIR> d-------- C:\Program Files\FlashFXP
2007-12-25 00:07 . 2007-12-25 00:07 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-25 00:07 . 2007-12-31 14:22 96,256 --a------ C:\WINDOWS\system32\drivers\sptd0237.sys
2007-12-25 00:06 . 2007-12-25 00:06 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-25 00:03 . 2007-12-25 00:10 <DIR> d-------- C:\Program Files\Winamp
2007-12-25 00:03 . 2003-10-28 11:02 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-25 00:03 . 2007-12-30 19:05 155 --a------ C:\WINDOWS\winamp.ini
2007-12-25 00:02 . 2007-12-25 00:02 <DIR> d-------- C:\Program Files\Salamander cz 1.52
2007-12-25 00:01 . 2007-12-25 00:01 <DIR> d-------- C:\Program Files\DISKBASE
2007-12-25 00:00 . 2007-12-25 00:00 <DIR> d-------- C:\Program Files\gs
2007-12-25 00:00 . 2007-12-25 00:00 <DIR> d-------- C:\Program Files\CDex_150
2007-12-25 00:00 . 2007-12-25 00:00 43 --a------ C:\WINDOWS\gswin32.ini
2007-12-24 23:59 . 2007-12-24 23:59 <DIR> d-------- C:\Program Files\Webteh
2007-12-24 23:59 . 2007-12-27 13:06 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-24 23:56 . 2007-12-24 23:56 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-12-24 23:56 . 2007-12-24 23:56 <DIR> d-------- C:\Program Files\ACD Systems
2007-12-24 23:56 . 2007-12-24 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2007-12-24 23:55 . 2007-12-24 23:55 <DIR> d-------- C:\Program Files\Vodafone
2007-12-24 23:55 . 2007-12-24 23:55 8,572,497 --a------ C:\WINDOWS\system32\Vodafone ScreenWasher.scr
2007-12-24 23:54 . 2007-12-24 23:54 <DIR> d-------- C:\turboC
2007-12-24 23:53 . 2007-12-24 23:54 260 --a------ C:\WINDOWS\WINCMD.INI
2007-12-24 23:53 . 2007-12-24 23:53 120 --a------ C:\WINDOWS\wcx_ftp.ini
2007-12-24 23:42 . 2007-12-24 23:42 <DIR> d-------- C:\Program Files\QuickTime
2007-12-24 23:42 . 2007-12-24 23:42 <DIR> d-------- C:\Documents and Settings\Michal Sirůček\Data aplikací\Apple Computer
2007-12-24 23:41 . 2007-12-24 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 16:45 558,142 ----a-w C:\WINDOWS\java\Packages\4IMCDJ9B.ZIP
2007-12-24 16:45 155,995 ----a-w C:\WINDOWS\java\Packages\TRNL3JLZ.ZIP
2007-12-24 16:45 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"QIP2005"="C:\Program Files\QIP\qip.exe" [ ]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"Infium"="C:\Program Files\QIP Infium\infium.exe" [2007-10-19 13:22 3884544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 08:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"RevoTaskbarApp"="C:\WINDOWS\System32\RevoTask.exe" [2004-06-14 16:58 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-24 23:42 155648]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-06-01 17:22 86016]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-27 14:05 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
raid_tool.exe.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-12-24 22:55:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-12-31 11:23 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 11:31]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-13 04:11]

*Newly Created Service* - AAVMKER4
*Newly Created Service* - ASWMON2
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWTDI
*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
*Newly Created Service* - AVAST!_MAIL_SCANNER
*Newly Created Service* - AVAST!_WEB_SCANNER
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 20:29:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-01-01 20:31:25
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 19:30:31

[fredik]

Doporučil bych ti odinstalovat přes Přidat nebo odebrat programy:
BearShare

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u (mezi comobofix a /u musí být mezera) a dej Ok.

Dej sem nový log z HJT a řekni jestli problémy přetrvávají.

[Majkelju]

Tak BS odinstalován, ComboFix taky (jestli jsem dobře pochopil, že příkazem ComboFix /u se odinstaluje), restartováno, a vypadá to, že šmejd je pryč No uvidíme ještě zítra, kdyžtak se zase ozvu...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:39, on 1.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RevoTask.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RevoTaskbarApp] C:\WINDOWS\System32\RevoTask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCCF39D8-BBFD-4018-8CC9-2DE3E74F1BED}: NameServer = 10.0.33.254,195.146.100.98
O17 - HKLM\System\CS1\Services\Tcpip\..\{DCCF39D8-BBFD-4018-8CC9-2DE3E74F1BED}: NameServer = 10.0.33.254,195.146.100.98
O17 - HKLM\System\CS2\Services\Tcpip\..\{DCCF39D8-BBFD-4018-8CC9-2DE3E74F1BED}: NameServer = 10.0.33.254,195.146.100.98
O17 - HKLM\System\CS3\Services\Tcpip\..\{DCCF39D8-BBFD-4018-8CC9-2DE3E74F1BED}: NameServer = 10.0.33.254,195.146.100.98
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5715 bytes

[fredik]

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

Log vypadá dobře.

[wistahelp]

http://www.processlibrary.com/

[Majkelju]

Tak tedy jsem právě spustil comp, a po csrss ani stopy, takže děkuju moc za pomoc!