電腦清除病毒後，有點不踏實，請幫我看看
 

電腦清除病毒後，查看一下windows工作管理員，發現csrss.exe覺得怪怪的，
在cpu項目都是01，不會跳動，心中覺得有點不踏實，請幫我看看，謝謝。



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 02:42:30, on 2008/11/19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\RTHDCPL.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\Administrator\My Documents\Sleipnir\Sleipnir.exe
C:\Downloads\HiJackThis.exe

O2 - BHO: (no name) - {202AEF39-2BFA-4A5F-B526-390FDE0BC675} - (no file)
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [nwiz] chmhp.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINNT\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINNT\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - C:\Documents and Settings\Administrator\My Documents\DSLite2\dl_text.html
O8 - Extra context menu item: 下載編碼內容(S&martGet) - C:\Documents and Settings\Administrator\My Documents\DSLite2\dl_text.html
O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - C:\Documents and Settings\Administrator\My Documents\DSLite2\dl_url.html
O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Administrator\My Documents\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Administrator\My Documents\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: HBWOW.dll,HBASKTAO.dll,HBJTLQ.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 5560 bytes

[quote=robert23;2059336]電腦清除病毒後，查看一下windows工作管理員，發現csrss.exe覺得怪怪的，

我記得沒錯的話，csrss.exe 是正常的作業程序

但是路徑是在Windows\System32 底下

如果不是的話就要注意了




如有錯誤，煩請指教:on_28:

上面幾個檔案比較有嫌疑，勾選後，按 [Fix Checked]，然後重新開機一下。

你用檔案搜尋的方式，搜尋 csrss.exe 是不是在 C:\WINDOWS\system32\ 底下？
如果是的話，應該是沒啥問題。(除非是被病毒感染或取代了，機率不高，但是不保證)

[quote=gagaisduck;2059350]我用搜尋的結果是只在windows\system32 底下找到它，那應該是正常的，
謝謝gagaisduck大。

是的，我用檔案搜尋的方式，搜尋 csrss.exe，只有在 C:\WINDOWS\system32\ 底下找到它；我先修復看看，如果還是覺得不放心，就只有重灌一途了，
謝謝GaMNiA大的幫忙。

-------------------------
重灌完成，電腦危機解除，正常使用中。