Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found CSRCS.exe cleaned but something still wrong


  • This topic is locked This topic is locked
1 reply to this topic

#1 Montar

Montar

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 09 December 2009 - 08:05 AM

As title:
1 - find my folder settings always as "hide system and hidden files"
2 - strange C root files:
..
CTX.DAT
.rnd
settings.cfg
boot.bak

Here's the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.04.17, on 09/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsm56hlpr.exe
C:ProgrammiJavajre6binjusched.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgrammiRainlendar2Rainlendar2.exe
C:ProgrammiVista Inspirat 2YzShadowYzShadow.exe
C:ProgrammiStardockObjectDockObjectDock.exe
C:WINDOWSsystem32crypserv.exe
C:WINDOWSsystem32E_S00RP1.EXE
C:ProgrammiJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32fxssvc.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:ProgrammiMozilla Firefoxfirefox.exe
C:programmimozilla thunderbirdthunderbird.exe
C:ProgrammiHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.bing.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgrammiJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgrammiJavajre6libdeployjqsiejqs_plugin.dll
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [GianlucaEPSON Stylus D68 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_FATIAAE.EXE /P34 "GIANLUCAEPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:ProgrammiJavajre6binjusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Wallpaper Manager] C:ProgrammiWPWallpaper ChangerAWC.exe -startup
O4 - HKCU..Run: [Rainlendar2] C:ProgrammiRainlendar2Rainlendar2.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O4 - Startup: Snackr.lnk = C:ProgrammiVodafoneSnackrSnackr.exe
O4 - Startup: Stardock ObjectDock.lnk = C:ProgrammiStardockObjectDockObjectDock.exe
O4 - Global Startup: Y'z Shadow.lnk = C:ProgrammiVista Inspirat 2YzShadowYzShadow.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O16 - DPF: {08FD87EF-2A15-11D1-AF00-00A0C91F4B89} (WebPlotCtl Class) - http://cartogis.provincia.genova.it/cartog...veX/webplot.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205169162171
O16 - DPF: {D147430C-86CD-4E6F-A807-93FBC496D201} (NCSLayeredView Class) - http://www.vincolimap.it/ecwplugins/ncs.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1FILECO~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:ProgrammiSUPERAntiSpywareSASWINLO.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:ProgrammiFile comuniAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:WINDOWSSYSTEM32crypserv.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:WINDOWSsystem32E_S00RP1.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgrammiJavajre6binjqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O24 - Desktop Component 1: (no name) - (no file)

Any help appreciated.
Many many tnx in advance.

FORGET TO MENTION: impossible to launch again superantispyware

Merged posts. ~ OB

Edited by Orange Blossom, 09 December 2009 - 11:37 PM.


BC AdBot (Login to Remove)

 


#2 Montar

Montar
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 20 December 2009 - 11:38 AM

please close topic




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users