Virus csrss.exe ?

Ahojte stiahol som si jeden crack to tu neriesme a win defender mi hodil ze je to volaka skodliva aplikacia tak so to dal zmazat ale od vtedy sa mi objavil volaky suobr csrss.exe v procesoch googlil som a nasiel som ze je to normalny subor pre chod winu .Ale moze to byt aj virus co sa tvari ako win subor
Tu je moj lvipis z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:41, on 1. 6. 2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 4076 bytes

nevyznam sa, ale csrss.exe mam spustene aj ja, dokonca 2x, a nemam pocit ze som infikovany ak ta tvoja aplikacia je virus, tak sem hodim log potom aj ja

log je cisty, hod este combofix

//csrss.exe je legitimny proces widle v /system32

csrss.exe is the main executable for the Microsoft Client/Server Runtime Server Subsystem. This process manages most graphical commands in Windows. This program is important for the stable and secure running of your computer and should not be terminated.

Ne,není to virus.

Omega ked ho mas spusteny dvakrat tam spusti msconfig a mrkni aplikacie ktore sa startuju pri starte windowsu ak tam ten subor je tak je ot vyrus lebo som cital ze ked ich ma niekto 2 ze jeden bude vyrus. ok hodim este s toho comba

ComboFix 08-05-29.1 - Roman 2008-06-01 10:38:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1051.18.834 [GMT 2:00]
Running from: C:\Users\Roman\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 00:23 --------- d-----w C:\Users\Roman\AppData\Roaming\Skype
2008-06-01 00:22 --------- d-----w C:\ProgramData\SecTaskMan
2008-06-01 00:18 --------- d-----w C:\Users\Roman\AppData\Roaming\Hamachi
2008-06-01 00:12 --------- d-----w C:\Program Files\Trend Micro
2008-05-31 22:03 --------- d-----w C:\Users\Roman\AppData\Roaming\skypePM
2008-05-31 10:19 --------- d-----w C:\Users\Roman\AppData\Roaming\GHISLER
2008-05-31 10:18 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-30 22:44 --------- d-----w C:\Users\Roman\AppData\Roaming\Ahead
2008-05-30 22:39 --------- d-----w C:\Program Files\Windows Mail
2008-05-30 22:35 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-30 22:34 --------- d-----w C:\ProgramData\Nero
2008-05-30 22:34 --------- d-----w C:\Program Files\Nero
2008-05-30 21:45 --------- d-----w C:\Users\Roman\AppData\Roaming\vlc
2008-05-30 21:45 --------- d-----w C:\Program Files\VideoLAN
2008-05-30 19:54 --------- d-----w C:\Program Files\Hamachi
2008-05-30 19:53 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-05-28 19:05 --------- d-----w C:\ProgramData\Skype
2008-05-28 19:05 --------- d-----w C:\Program Files\Skype
2008-05-28 19:05 --------- d-----w C:\Program Files\Google
2008-05-28 19:05 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-28 19:04 --------- d-----w C:\Users\Roman\AppData\Roaming\ICQ
2008-05-28 19:04 --------- d-----w C:\Program Files\ICQ6
2008-05-28 19:00 --------- d-----w C:\Users\Roman\AppData\Roaming\InstallShield
2008-04-29 15:40 210,472 ----a-w C:\Windows\system32\drivers\Si3114r5.sys
2008-04-29 15:40 17,064 ----a-w C:\Windows\system32\drivers\SiWinAcc.sys
2008-04-29 15:40 12,200 ----a-w C:\Windows\system32\drivers\SiRemFil.sys
2008-03-08 04:21 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 02:08 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-01-06 20:08 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-28 21:05 171448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\Windows\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=C:\Windows\pss\hamachi.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{8126EBA0-6DA4-44B2-8CFA-422DA01E3D74}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{A2222150-8814-4B74-A8EA-84A663AC40CF}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{4E222417-3465-43DE-95D4-4122D94A85CD}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{9456B827-CF04-4F8D-9773-29F380BFCB7A}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{E27350DF-C81B-40F6-A0A8-E5A29528E5A8}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"TCP Query User{89E323ED-4675-4B78-8616-5C8FB2F10C21}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{4A2EE369-F5EC-4273-819B-92211F36ACCF}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 PSched;QoS Packet Scheduler;C:\Windows\system32\DRIVERS\pacer.sys [2008-01-18 22:55]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 10:27]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-01-05 21:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db6b81c6-2cdb-11dd-83b0-806e6f6e6963}]
\shell\AutoRun\command - F:\Bin\Assetup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 10:41:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-01 10:42:22
ComboFix-quarantined-files.txt 2008-06-01 08:42:16

Systém nenašiel žiadne hlásenie pod číslom 0x2379 v súbore hlásenia Application.
Systém nenašiel žiadne hlásenie pod číslom 0x2379 v súbore hlásenia Application.

102 --- E O F --- 2008-05-30 20:51:57

Takze predca vyrus a aky otravny k*k*t ked zapnem IE ktore nepouzivam a zadam url volakej stranky tam musim napis kod co mi zobrazi
No a ked ho spustim bez doplnkov tak je to v poho

kukni sem
http://www.eset.sk/buxus/generate_page. ... e_id=12773
a odstrániť ako?