LSASSMGR.exe (& others) smittet! Enhver info / hjælp?

teddynicholas · #1 9 september 2008, 10:31

Hej alle,

Jeg er meget nyt til dit websted, men utrolig taknemmelig for, at du er her. Jeg snublede over det på grund af en nylig infektion på min mors bærbar (vi deler den) og jeg er usikker på, hvordan at løse det.

Om fire dage siden, ville IE vinduer med popup-annoncer pludselig ske med en ballon på min deskbar, der lyder: "Spyware opdaget! Klik her for at hente anti-spyware"

Jeg løb Symantec og Spybot S & D Fuld scanninger (ikke sikker på, hvordan denne virus gled af både dem), og de fandt ikke noget! Så begyndte jeg at google og hentede Malwarebyte's Anti-Malware og løb det. Det fandt nogle ting, men det gjorde ikke løse problemet.

Jeg hentede PrevxCSI men jeg har ikke nok $ $ $ endnu til at købe License (men jeg vil om nødvendigt), og den opregner følgende:

C: \ WINDOWS \ system32 \ ds fmon.dll - Malicious Software
C: \ WINDOWS \ system32 \ CSRLT.exe - Malware Dropper
C: \ Programmer \ MSBLT.exe - Malware Dropper
C: \ WINDOWS \ system32 \ LSASSMGR.exe - Tilsløret Malware
C: \ Programmer \ Mozilla Firefox \ firefoxe.exe - Tilsløret Malware
C: \ Programmer \ Internet Explorer \ iexplor.exe - Tilsløret Malware
C: \ WINDOWS \ system32 \ spool.exe - Tilsløret Malware
C: \ WINDOWS \ system32 \ srtsrv32.exe - Tilsløret Malware
C: \ WINDOWS \ system32 \ LSSMON.exe - Malware Dropper
C: \ Programmer \ divx32.dll - Malware Dropper
C: \ WINDOWS \ system32 \ msupd32.exe - Malware Dropper
C: \ WINDOWS \ system32 \ upd01.exe - Malware Dropper

Der ser ud og lyder som en meget for mig, og jeg er meget bekymret.

Er der nogen der har nogen nyttige forslag til mig? Er jeg nødt til at bruge en masse penge til at løse dette?

Mange tak!

**evilfantasy** · #2 9 september 2008, 11:32

Hej teddynicholas. Velkommen til CJ.

Download ComboFix ved Subs fra et af nedenstående links. Vær sikker på toppen gemme den til Desktop.

Link # 1
Link # 2

** Note: Det er vigtigt, at den er gemt direkte til dit skrivebord

Luk alle åbne Internet-browsere. (Firefox, Internet Explorer, osv.), før du begynder ComboFix.

Midlertidigt deaktivere din antivirus, Og enhver antispyware realtid beskyttelse før udførelse af en scanning. Klik på dette link at se en liste over sikkerhedsprogrammer, der skal være slået fra, og hvordan du deaktivere dem.

Dobbeltklik combofix.exe & følg instruktionerne.
Når du er færdig ComboFix vil udarbejde en log for dig.
Post den ComboFix log i dit næste svar.

Vigtigt: Må ikke mouseclick ComboFix vindue mens den kører. Det kan få det til at stå.

Husk at genaktivere dine antivirus-og antispyware beskyttelse, når ComboFix er færdig.

teddynicholas · #3 16 september 2008, 14:27

ComboFix 08-09-15.02 - Teddy 2008-09-16 16:34:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00]
Running from: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe
* Skabt et nyt gendannelsespunkt

ADVARSEL-maskinen IKKE HAR RECOVERY CONSOLE INSTALLERET!!
.

((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ LocalService \ Cookies \ system@ad.yieldmanag er [1]. Txt
C: \ Documents and Settings \ Teddy \ Cookies \ teddy@ad.yieldmanager [1]. Txt
C: \ WINDOWS \ Downloaded Program Files \ setup.inf
C: \ WINDOWS \ system32 \ spool.exe

.
((((((((((((((((((((((((( Files Created fra 2008-08-16 til 2008-09-16 ))))))))))) ))))))))))))))))))))
.

2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-16 13:23. 2008-09-16 13:23 <DIR> d -------- C: \ Programmer \ LastGood
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Programmer \ iTunes
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Programmer \ iPod
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Programmer \ Common Files \ Apple
2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Programmer \ Easy SpyRemover
2008-09-08 15:45. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ system32 \ LSSMON.EXE
2008-09-08 15:45. 2008-09-04 21:59 17.920 - a ------ C: \ WINDOWS \ system32 \ LSASSMGR.EXE
2008-09-07 22:34. 2008-09-02 00:16 38.528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Programmer \ Malwarebytes 'Anti-Malware
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-02 00:16 17.200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-09-05 10:44. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ system32 \ msupd32.exe
2008-09-04 21:59. 2008-09-07 12:59 741.376 - a ------ C: \ WINDOWS \ system32 \ upd01.exe
2008-09-04 21:59. 2008-09-06 00:59 741.376 - a ------ C: \ Programmer \ divx32.dll
2008-09-04 21:59. 2008-09-04 21:59 17.920 - a ------ C: \ WINDOWS \ system32 \ srtsrv32.exe
2008-09-04 21:59. 2008-09-16 16:24 5.903 - a ------ C: \ WINDOWS \ system32 \ mssc32.dll
2008-09-04 21:59. 2008-09-16 16:24 5.903 - a ------ C: \ WINDOWS \ system32 \ bsc32.dll
2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Programmer \ PrevxCSI
2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008-09-02 13:23. 2008-09-02 13:23 17.408 - a ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-09-01 01:20. 2008-09-07 22:19 0 - a ------ C: \ WINDOWS \ system32 \ sc02.sc
2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - a ------ C: \ WINDOWS \ system32 \ NPSWF32.dll
2008-08-31 01:46. 2007-02-20 16:04 190.696 - a ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe
2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Programmer \ Macromedia
2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Programmer \ Common Files \ Macromedia
2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Programmer \ Bonjour
2008-08-29 14:33. 2006-09-18 17:55 109.744 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-08-29 14:33. 2006-09-18 17:55 48.816 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll
2008-08-27 04:05. 2008-04-07 05:38 45.392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll
2008-08-27 04:05. 2008-04-07 05:38 22.872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 20:53 --------- d ----- w C: \ Programmer \ Symantec AntiVirus
2008-09-13 17:17 --------- d ----- w C: \ Programmer \ QuickTime
2008-09-13 17:13 --------- d ----- w C: \ Programmer \ Apple Software Update
2008-09-08 18:53 249.956 ---- aw C: \ WINDOWS \ system32 \ dsfMon.dll
2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-01 05:56 --------- d ----- w C: \ Programmer \ Spybot - Search & Destroy
2008-08-30 05:24 --------- d ----- w C: \ Programmer \ Common Files \ Adobe
2008-08-29 18:34 --------- d ----- w C: \ Programmer \ Common Files \ Symantec Shared
2008-08-29 18:33 --------- d ----- w C: \ Programmer \ Symantec
2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Flexnet
2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2
2008-08-13 21:33 --------- d ----- w C: \ Programmer \ Microsoft Silverlight
2008-08-12 02:46 --------- d ----- w C: \ Programmer \ PHM
2008-07-26 08:55 --------- d ----- w C: \ Programmer \ OpenOffice.org 2.4
2008-07-26 08:54 --------- d ----- w C: \ Programmer \ Java
2008-07-19 02:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-19 02:10 53.448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-19 02:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-19 02:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-19 02:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-19 02:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ wuaueng.dll
2008-07-07 20:32 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2008-06-24 22:12 295.936 ------ w C: \ WINDOWS \ system32 \ wmpeffects.dll
2008-06-24 16:23 74.240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll
2008-06-23 16:57 826.368 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2008-06-20 17:41 245.248 ---- aw C: \ WINDOWS \ system32 \ mswsock.dll
2008-04-19 16:57 32 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"swg" = "C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856]
"QuickTime Task" = "C: \ Programmer \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"H / PC Connection Agent" = "C: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Programmer \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136]
"CTFMON.EXE" = "C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "C: \ Programmer \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768]
"RoxioEngineUtility" = "C: \ Programmer \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536]
"RoxioAudioCentral" = "C: \ Programmer \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488]
"SiS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004-09-02 249856]
"SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496]
"Apoint" = "C: \ Programmer \ Apoint2K \ Apoint.exe" [2003-12-05 159744]
"SunJavaUpdateSched" = "C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"DSFHost" = "C: \ Programmer \ Staples \ easyprint \ dsfhost.exe" [2006-01-05 2142301]
"Synchronization Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360]
"Zune Launcher" = "C: \ Programmer \ Zune \ ZuneLauncher.exe" [2007-03-14 24104]
"GrooveMonitor" = "C: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"LaunchApp" = "C: \ Programmer \ Common Files \ Nero \ Lib \ ctfmon.exe" [2008-02-28 570664]
"SunJavaUpdateSched" = "C: \ Programmer \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Acrobat Speed Launcher" = "C: \ Programmer \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232]
"ccApp" = "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe" [2006-07-19 52896]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168]
"Layersecurity Servicemonitor" = "C: \ WINDOWS \ system32 \ LSSMON.EXE" [2008-09-06 741376]
"iTunesHelper" = "C: \ Programmer \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE]
"AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe]
"SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll]

C: \ Documents and Settings \ Teddy \ Menuen Start \ Programmer \ Start \
Adobe Gamma.lnk - C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 Screen Clipper og Launcher.lnk - C: \ Programmer \ Microsoft Office \ Office12 \ Onenotem.exe [2006-10-26 98632]

C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Windows Desktop Search.lnk - C: \ Programmer \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Programmer \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = acaptuser32.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ billedfil udførelse valgmuligheder \ firefox.exe]
"Debugger" = C: \ Programmer \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ billedfil udførelse valgmuligheder \ iexplore.exe]
"Debugger" = C: \ Programmer \ Internet Explorer \ iexplor.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ billedfil udførelse valgmuligheder \ Spoolsv.exe]
"Debugger" = C: \ WINDOWS \ system32 \ spool.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Programmer \ \ BitLord \ \ BitLord.exe" =
"C: \ \ Programmer \ \ BitComet \ \ slsk.exe" =
"C: \ \ Programmer \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Programmer \ \ AIM \ \ aim.exe" =
"C: \ Programmer \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Programmer \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager
"C: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Programmer \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Programmer \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application
"C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"C: \ \ Programmer \ \ Isadora \ \ isadora.exe" =
"C: \ \ Programmer \ \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ \ Programmer \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Programmer \ \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: @ Xpsp2res.dll, -22009
"1500: TCP" = 1500: TCP: Sikker Access Agent Port
"26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service

* Nyoprettede Service * - CATCHME
* Nyoprettede Service * - PROCEXP90
.
Indhold af "Planlagte opgaver" mappe
.
- - - - Forældreløse FJERNES - - - --

HKLM-Run-CSRLT.EXE - C: \ WINDOWS \ system32 \ CSRLT.EXE

.
------- Supplerende Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Teddy \ Application Data \ Mozilla \ Firefox \ Profiles \ 6xzfp0sa.default \
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp: / / www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q =
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 16:51:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning skjulte processer ...

scanning skjulte autostart entries ...

scanning skjulte filer ...

scanning afsluttet med succes
skjulte filer: 0

************************************************** ************************
.
Completion time: 2008-09-16 17:15:59
ComboFix-quarantined-files.txt 2008-09-16 21:15:16

Pre-Run: 10478669824 bytes fri
Post-Run: 10446106624 bytes fri

190 --- EOF --- 2008-09-11 20:07:51

**evilfantasy** · #4 16. sep 2008, 14:45

Bemærk: nedenstående instruktioner var skabt specielt til denne bruger. Hvis du ikke er denne bruger, MÅ IKKE Følg disse anvisninger, som de kunne skade funktionen af dit system

Slet disse filer / mapper, som følger:

1. Gå til Start > Løbe > Type Notepad.exe og klik OK at åbne Notesblok.
Det skal være Notesblok ikke WordPad.
2. Kopier teksten i nedenstående kode boksen ved at markere al teksten og trykke på Ctrl + C

Code:

Killall:: File:: C: \ Programmer \ Easy SpyRemover C: \ Programmer \ system32 \ LSSMON.EXE C: \ Programmer \ system32 \ LSASSMGR.EXE C: \ Programmer \ system32 \ msupd32.exe C: \ Programmer \ system32 \ upd01.exe C: \ Windows \ system32 \ srtsrv32.exe C: \ Windows \ system32 \ mssc32.dll C: \ Windows \ system32 \ bsc32.dll Registry:: [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ image fil udførelse options \ iexplore.exe] "Debugger" =- [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ billedfil udførelse options \ spoolsv.exe] "Debugger" =-

3. Gå til Notesblok-vinduet, og klik Redigér > Paste
4. Klik derefter på Fil > Gemme
5. Navngiv filen CFScript.txt - Gem filen på dit skrivebord
6. Derefter trække CFScript (hold venstre museknap nede, samtidig med at trække filen) og slippe det (release venstre museknap) i ComboFix.exe som du kan se i skærmbilledet nedenunder. Vigtigt: Udfør denne instruktion omhyggeligt!

ComboFix vil begynde at udføre, skal du blot følge instruktionerne.
Efter genstart (når den beder om at genstarte), den vil udarbejde en log for dig.
Post, at log (Combofix.txt) i dit næste svar.

Bemærk: Må ikke mouseclick ComboFix vindue mens den kører. Det kan forårsage dit system til at fryse

teddynicholas · #5 16 september 2008, 15:32

ComboFix 08-09-15.02 - Teddy 2008-09-16 17:49:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.850 [GMT -4:00]
Running from: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe
Command switches anvendes:: C: \ Documents and Settings \ Teddy \ Desktop \ CFScript.txt
* Skabt et nyt gendannelsespunkt

ADVARSEL-maskinen IKKE HAR RECOVERY CONSOLE INSTALLERET!!
.

((((((((((((((((((((((((((((((((((((((( Andre Bortfald ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ system32 \ bsc32.dll
C: \ WINDOWS \ system32 \ LSASSMGR.EXE
C: \ WINDOWS \ system32 \ LSSMON.EXE
C: \ WINDOWS \ system32 \ mssc32.dll
C: \ WINDOWS \ system32 \ msupd32.exe
C: \ WINDOWS \ system32 \ spool.exe
C: \ WINDOWS \ system32 \ srtsrv32.exe
C: \ WINDOWS \ system32 \ upd01.exe

.
((((((((((((((((((((((((( Files Created fra 2008-08-16 til 2008-09-16 ))))))))))) ))))))))))))))))))))
.

2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Programmer \ iTunes
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Programmer \ iPod
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Programmer \ Common Files \ Apple
2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Programmer \ Easy SpyRemover
2008-09-07 22:34. 2008-09-02 00:16 38.528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Programmer \ Malwarebytes 'Anti-Malware
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-02 00:16 17.200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-09-04 21:59. 2008-09-06 00:59 741.376 - a ------ C: \ Programmer \ divx32.dll
2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Programmer \ PrevxCSI
2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008-09-02 13:23. 2008-09-02 13:23 17.408 - a ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-09-01 01:20. 2008-09-07 22:19 0 - a ------ C: \ WINDOWS \ system32 \ sc02.sc
2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - a ------ C: \ WINDOWS \ system32 \ NPSWF32.dll
2008-08-31 01:46. 2007-02-20 16:04 190.696 - a ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe
2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Programmer \ Macromedia
2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Programmer \ Common Files \ Macromedia
2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Programmer \ Bonjour
2008-08-29 14:33. 2006-09-18 17:55 109.744 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-08-29 14:33. 2006-09-18 17:55 48.816 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll
2008-08-27 04:05. 2008-04-07 05:38 45.392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll
2008-08-27 04:05. 2008-04-07 05:38 22.872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 21:33 --------- d ----- w C: \ Programmer \ Symantec AntiVirus
2008-09-13 17:17 --------- d ----- w C: \ Programmer \ QuickTime
2008-09-13 17:13 --------- d ----- w C: \ Programmer \ Apple Software Update
2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-01 05:56 --------- d ----- w C: \ Programmer \ Spybot - Search & Destroy
2008-08-30 05:24 --------- d ----- w C: \ Programmer \ Common Files \ Adobe
2008-08-29 18:34 --------- d ----- w C: \ Programmer \ Common Files \ Symantec Shared
2008-08-29 18:33 --------- d ----- w C: \ Programmer \ Symantec
2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Flexnet
2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2
2008-08-13 21:33 --------- d ----- w C: \ Programmer \ Microsoft Silverlight
2008-08-12 02:46 --------- d ----- w C: \ Programmer \ PHM
2008-07-26 08:55 --------- d ----- w C: \ Programmer \ OpenOffice.org 2.4
2008-07-26 08:54 --------- d ----- w C: \ Programmer \ Java
2008-04-19 16:57 32 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat
.

((((((((((((((((((((((((((((( Snapshot@2008-09-16_17.03.48.82 )))))))))) )))))))))))))))))))))))))))))))
.
- 2007-07-30 23:18:40 33.624-c - aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
+ 2008-07-19 02:10:20 36.552-c - aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
- 2007-07-30 23:18:40 33.624 ---- aw C: \ WINDOWS \ system32 \ wups.dll
+ 2008-07-19 02:10:20 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
- 2007-07-30 23:19:12 43.352 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
+ 2008-07-19 02:10:40 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"swg" = "C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856]
"QuickTime Task" = "C: \ Programmer \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"H / PC Connection Agent" = "C: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Programmer \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136]
"CTFMON.EXE" = "C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NvCplDaemon" = "C: \ Programmer \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768]
"RoxioEngineUtility" = "C: \ Programmer \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536]
"RoxioAudioCentral" = "C: \ Programmer \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488]
"SiS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004-09-02 249856]
"SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496]
"Apoint" = "C: \ Programmer \ Apoint2K \ Apoint.exe" [2003-12-05 159744]
"SunJavaUpdateSched" = "C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"DSFHost" = "C: \ Programmer \ Staples \ easyprint \ dsfhost.exe" [2006-01-05 2142301]
"Synchronization Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360]
"Zune Launcher" = "C: \ Programmer \ Zune \ ZuneLauncher.exe" [2007-03-14 24104]
"GrooveMonitor" = "C: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"LaunchApp" = "C: \ Programmer \ Common Files \ Nero \ Lib \ ctfmon.exe" [2008-02-28 570664]
"SunJavaUpdateSched" = "C: \ Programmer \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Acrobat Speed Launcher" = "C: \ Programmer \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232]
"ccApp" = "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe" [2006-07-19 52896]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168]
"iTunesHelper" = "C: \ Programmer \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"CSRLT.EXE" = "C: \ WINDOWS \ system32 \ CSRLT.EXE" [BU]
"SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE]
"AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe]
"SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll]

C: \ Documents and Settings \ Teddy \ Menuen Start \ Programmer \ Start \
Adobe Gamma.lnk - C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 Screen Clipper og Launcher.lnk - C: \ Programmer \ Microsoft Office \ Office12 \ Onenotem.exe [2006-10-26 98632]

C: \ Documents and Settings \ All Users \ Menuen Start \ Programmer \ Start \
Windows Desktop Search.lnk - C: \ Programmer \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Programmer \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = acaptuser32.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ billedfil udførelse valgmuligheder \ firefox.exe]
"Debugger" = C: \ Programmer \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Programmer \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Programmer \ \ BitLord \ \ BitLord.exe" =
"C: \ \ Programmer \ \ BitComet \ \ slsk.exe" =
"C: \ \ Programmer \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ \ Programmer \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Programmer \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Programmer \ \ AIM \ \ aim.exe" =
"C: \ Programmer \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Programmer \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager
"C: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Programmer \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Programmer \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application
"C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ \ Programmer \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"C: \ \ Programmer \ \ Isadora \ \ isadora.exe" =
"C: \ \ Programmer \ \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ \ Programmer \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Programmer \ \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: @ Xpsp2res.dll, -22009
"1500: TCP" = 1500: TCP: Sikker Access Agent Port
"26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service

R0 pxark; pxark C: \ WINDOWS \ system32 \ drivers \ pxark.sys [2008-09-02 17408]
R2 CSIScanner; CSIScanner C: \ Programmer \ PrevxCSI \ prevxcsi.exe [2008-09-02 618040]
R2 SafeAccessAgent; sikker adgang Agent; C: \ Programmer \ StillSecure \ Safe Access Agent \ SAService.exe [2006-01-27 880640]
R2 synspunkt Manager Service; synspunkt Manager Service; C: \ Programmer \ synspunkt \ Common \ ViewpointService.exe [2007-01-04 24652]
S3 HwIOctl; HwIOctl C: \ Documents and Settings \ Ejer \ Desktop \ HwIOctl.sys []
S3 Ktp3; Elantech TouchPad (KTP3) C: \ WINDOWS \ system32 \ DRIVERS \ Ktp3.sy s [2004-09-22 24704]
S3 Memctl; Memctl C: \ Documents and Settings \ Ejer \ Desktop \ Memctl.sys []
.
Indhold af "Planlagte opgaver" mappe
.
- - - - Forældreløse FJERNES - - - --

HKLM-Run-Layersecurity Servicemonitor - C: \ WINDOWS \ system32 \ LSSMON.EXE
HKLM-RunOnce-MSBLT.EXE - C: \ Programmer \ MSBLT.EXE

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 18:00:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning skjulte processer ...

scanning skjulte autostart entries ...

scanning skjulte filer ...

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
C: \ Programmer \ Bonjour \ mDNSResponder.exe
C: \ Programmer \ Symantec AntiVirus \ DefWatch.exe
C: \ Programmer \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
C: \ WINDOWS \ system32 \ IoctlSvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ searchindexer.exe
C: \ Programmer \ synspunkt \ synspunkt Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ PROGRA ~ 1 \ MICROS ~ 3 \ rapimgr.exe
C: \ Programmer \ Roxio \ Easy CD Creator 6 \ AudioCentral \ Playlist.exe
C: \ Programmer \ Apoint2K \ ApntEx.exe
C: \ Programmer \ Common Files \ Nero \ Lib \ NMIndexingService.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ searchprotocolhost.exe
C: \ WINDOWS \ system32 \ searchfilterhost.exe
.
************************************************** ************************
.
Completion time: 2008-09-16 18:24:56 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2008-09-16 22:23:49
ComboFix2.txt 2008-09-16 21:16:14

Pre-Run: 10626510848 bytes fri
Post-Run: 10616803328 bytes fri

205 --- EOF --- 2008-09-11 20:07:51

**evilfantasy** · #6 16 september 2008, 15:50

Downloade TrendMicro HijackThis.exe (HJT) til skrivebordet.

Dobbeltklik på HJTInstall.
Klik på Installer knappen.
Det vil automatisk placere HJT i C: \ Programmer \ TrendMicro \ HijackThis \ HijackThis.exe.
Efter installere, HijackThis bør åbne for dig.
Klik på Må en systemscanning og gemme en logfil knappen
HijackThis scanner og derefter en log åbnes i Notesblok.
Kopier og derefter indsætte hele indholdet i loggen i dit indlæg.
Må ikke har HijackThis fastsætte noget endnu. Det meste af det, det finder er ufarlige eller ligefrem nødvendig.

teddynicholas · #7 23 september 2008, 09:24

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 12:21:04, om 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Kørende processer:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Programmer \ PrevxCSI \ prevxcsi.exe
C: \ Programmer \ Symantec AntiVirus \ DefWatch.exe
C: \ Programmer \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
C: \ WINDOWS \ system32 \ IoctlSvc.exe
C: \ Programmer \ StillSecure \ Safe Access Agent \ SAService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programmer \ synspunkt \ Common \ ViewpointService.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ Explorer.EXE
C: \ Programmer \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ WINDOWS \ system32 \ keyhook.exe
C: \ Programmer \ Apoint2K \ Apoint.exe
C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Programmer \ Staples \ easyprint \ dsfhost.exe
C: \ Programmer \ Zune \ ZuneLauncher.exe
C: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ Apoint2K \ Apntex.exe
C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe
C: \ Programmer \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe
C: \ PROGRA ~ 1 \ MICROS ~ 3 \ rapimgr.exe
C: \ Programmer \ Common Files \ Nero \ Lib \ NMIndexingService.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ synspunkt \ synspunkt Manager \ ViewMgr.exe
C: \ Programmer \ Adobe \ Acrobat 9.0 \ Acrobat \ AcroTray.exe
C: \ Programmer \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
C: \ WINDOWS \ system32 \ taskmgr.exe
C: \ Programmer \ lsass.exe
C: \ WINDOWS \ system32 \ SPOOLER.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programmer \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.averatec.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://oqaserver-a/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MICROS ~ 4 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: AOL Toolbar Launcher - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Programmer \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Programmer \ Viewpoint \ Viewpoint Toolbar \ 3.8.0 \ ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8273-0445EE161910) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: SmartSelect - (F4971EE7-DAA0-4053-9964-665D8EE6A077) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - (DE9C389F-3316-41A7-809B-AA305ED9D922) - C: \ Programmer \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O3 - Toolbar: synspunkt Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Programmer \ Common Files \ synspunkt \ Toolbar Runtime \ 3.8.0 \ IEViewBar.dll
O3 - Toolbar: Adobe PDF - (47833539-D0C5-4125-9FA8-0819E2EAAC93) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Programmer \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [RoxioEngineUtility] "C: \ Programmer \ Common Files \ Roxio Shared \ System \ EngUtil.exe"
O4 - HKLM \ .. \ Run: [RoxioAudioCentral] "C: \ Programmer \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe"
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [SiS Windows KeyHook] C: \ WINDOWS \ system32 \ keyhook.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [Apoint] C: \ Programmer \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [DSFHost] C: \ Programmer \ Staples \ easyprint \ dsfhost.exe
O4 - HKLM \ .. \ Run: [Synchronization Manager]% SystemRoot% \ system32 \ mobsync.exe / logon
O4 - HKLM \ .. \ Run: [Zune Launcher] "C: \ Programmer \ Zune \ ZuneLauncher.exe"
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Programmer \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Programmer \ Common Files \ Nero \ Lib \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Programmer \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe"
O4 - HKLM \ .. \ Run: [Adobe Acrobat Speed Launcher] "C: \ Programmer \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe"
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programmer \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] C: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKLM \ .. \ Run: [Print Spooler] C: \ WINDOWS \ system32 \ SPOOLER.EXE
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ qttask.exe"-atboottime
O4 - HKCU \ .. \ Run: [H / PC Connection Agent] "C: \ Programmer \ Microsoft ActiveSync \ wcescomm.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] "C: \ Programmer \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F -39A1E5104020
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [AdobeUpdater] C: \ Programmer \ Common Files \ Adobe \ Updater \ AdobeUpdater.exe
O4 - HKLM \ .. \ Policies \ Explorer \ Run: [LocalSecurityAuthoritySubsystem] C: \ Programmer \ lsass.exe
O4 - Startup: Adobe Gamma.lnk = C: \ Programmer \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C: \ Programmer \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Programmer \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra sammenhæng menupunktet: & AOL Toolbar Search - C: \ Programmer \ AOL \ AOL Toolbar 2.0 \ ressourcer \ da-DK \ lokale \ search.html
O8 - Extra sammenhæng menupunkt: Append Link Target til eksisterende PDF - res: / / C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppendSelLinks.html
O8 - Extra sammenhæng menupunkt: Append til eksisterende PDF - res: / / C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppend.html
O8 - Extra sammenhæng menupunkt: Convert Link Target to Adobe PDF - res: / / C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECaptureSelLinks.html
O8 - Extra sammenhæng menupunkt: Konverter til Adobe PDF - res: / / C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECapture.html
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 4 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Ekstra knap: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikroer ~ 4 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & ende til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikroer ~ 4 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ INetRepl.dll
O9 - Extra button: (no name) - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite ... - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ MICROS ~ 3 \ INetRepl.dll
O9 - Extra button: AOL Toolbar - (3369AF0D-62E9-4bda-8103-B4C75499B578) - C: \ Programmer \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MIC273 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Ekstra knap: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Programmer \ AIM \ aim.exe
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Ekstra knap: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Programmer \ Messenger \ msmsgs.exe
Ø14 - IERESET.INF: START_PAGE_URL = http://www.averatec.com
O16 - DPF: (0D6BB8B8-0257-420C-B9EB-CFA90DB1026C) -- http://svrnsec01.purchase.edu:88/setup.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1096453339343
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MICROS ~ 4 \ Office12 \ GR99D3 ~ 1.DLL
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ FÆLLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Programmer \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Programmer \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programmer \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C: \ Programmer \ PrevxCSI \ prevxcsi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Programmer \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programmer \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C: \ Programmer \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ Programmer \ Common Files \ Nero \ Lib \ NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C: \ WINDOWS \ system32 \ IoctlSvc.exe
O23 - Service: Safe Access Agent (SafeAccessAgent) - StillSecure - C: \ Programmer \ StillSecure \ Safe Access Agent \ SAService.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Programmer \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Programmer \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
O23 - Service: synspunkt Manager Service - synspunkt Corporation - C: \ Programmer \ synspunkt \ Common \ ViewpointService.exe

--
End of file - 14.719 bytes

**evilfantasy** · #8 23 september 2008, 10:25

Downloade Malwarebytes' Anti-Malware (MBAM)

Dobbeltklik på mbam-setup.exe og følg instruktionerne for at installere programmet.
Ved udgangen, skal du sørge for en hak er placeret ud for følgende:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Klik derefter på Udfør.
Hvis en opdatering er fundet, vil det at hente og installere den nyeste version.
Når programmet er indlæst, skal du vælge Udføre hurtig scanningKlik derefter på Scan.
Når scanningen er færdig, skal du klikke på OK, Derefter Vis resultater at se resultaterne.
Vær sikker på at alt er markeret, og klik Fjern markering.
Når desinfektionen er afsluttet, en log vil åbne i Notesblok, og du kan blive bedt om at genstarte. (Se Ekstra note)
Logfilen gemmes automatisk ved MBAM og kan ses ved at klikke på Logs fane i MBAM.
Kopier og indsæt hele rapport i dit næste svar.

Ekstra Bemærk: Hvis MBAM støder på en fil, der er vanskelige at fjerne, vil du blive præsenteret med 1 af 2 prompter, klik på OK for at enten og lad MBAM fortsætte med desinfektion processen, hvis bedt om at genstarte computeren, skal du gøre det straks.

----------

Nu køre en ny HijackThis scanning og post loggen sammen med mbam log.

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
Hjælp rense inficerede pc	veritas9	Virus, Spyware & Sikkerhed	52	11 januar 2009 15:12
Lsassmgr.exe	Lovelyeyes	Virus, Spyware & Sikkerhed	4	21. dec 2008 13:28
LSASSMGR.exe	Sparky1567	Virus, Spyware & Sikkerhed	1	16. sep 2008 11:48
LSSMON.exe LSASSMGR.exe og srtsrv.exe	krellda	Virus, Spyware & Sikkerhed	8	15. sep 2008 12:58