mindre egenkapital

Magazine
Go Back   Computer Juice > Computer Software > Virus, spionprogrammer og sikkerhet
Reload this Page

LSASSMGR.exe (og andre) infisert! Any info / hjelp?

Registrer Site Spy Member List Donate Søke Dagens innlegg Marker forumene som lest Forum Rules

Register


 Default 

LSASSMGR.exe (og andre) infisert! Any info / hjelp?




Reply
 
Thread Tools
  #1  
Old 9nde Sep 2008, 10:31
New Member Group
  
Default LSASSMGR.exe (og andre) infisert! Any info / hjelp?

Hei alle,

Jeg er veldig ny til ditt webområde, men utrolig takknemlig for at du er her. Jeg snublet over det på grunn av en nylig smitte på min mors laptop (vi deler det) og jeg er usikker på hvordan du løser det.

Om fire dager siden, IE vinduer med pop-up reklame ville plutselig skje med en ballong på oppgavefeltet som leser, "Spyware oppdaget! Klikk her for å laste ned antispionprogramteknologi"

Jeg kjørte Symantec OG Spybot S & D Full Skanner (ikke sikker på hvordan dette viruset sklei av begge disse), og de fant ikke noe! Da jeg begynte googlingen og nedlastede Malwarebyte's Anti-Malware og drev det. Det finnes noen ting, men det gjorde ikke løse problemet.

Jeg lastet ned PrevxCSI men jeg har ikke nok $ $ $ ennå å kjøpe lisens (men jeg skal om nødvendig være) og viser følgende:

C: \ WINDOWS \ system32 \ ds fmon.dll - skadelig programvare
C: \ WINDOWS \ system32 \ CSRLT.exe - Malware dropper
C: \ WINDOWS \ MSBLT.exe - Malware dropper
C: \ WINDOWS \ system32 \ LSASSMGR.exe - Maskert Malware
C: \ Programfiler \ Mozilla Firefox \ firefoxe.exe - Maskert Malware
C: \ Programfiler \ Internet Explorer \ iexplor.exe - Maskert Malware
C: \ WINDOWS \ system32 \ spool.exe - Maskert Malware
C: \ WINDOWS \ system32 \ srtsrv32.exe - Maskert Malware
C: \ WINDOWS \ system32 \ LSSMON.exe - Malware dropper
C: \ WINDOWS \ divx32.dll - Malware dropper
C: \ WINDOWS \ system32 \ msupd32.exe - Malware dropper
C: \ WINDOWS \ system32 \ upd01.exe - Malware dropper

Det ser og høres ut som mye for meg og jeg er veldig bekymret. Har noen noen forslag til meg? Er jeg nødt til å bruke mye penger for å fikse dette?

Tusen takk!
  #2  
Old 9nde Sep 2008, 11:32
Moderator Group
  
Default LSASSMGR.exe (og andre) infisert! Any info / hjelp?

Hei teddynicholas. Velkommen til CJ.

Last ned ComboFix av ubåter fra én av de nedenfor koblinger. Pass på at toppen lagre det til Desktop.

Link # 1
Link # 2

** Merk: Det er viktig at det er lagret direkte til skrivebordet ditt

Lukk alle åpne weblesere. (Firefox, Internet Explorer, osv.) før du starter ComboFix.

Midlertidig deaktivere din antivirus, Og eventuelle antispyware sanntid beskyttelse før utføre en skanning. Klikk denne koblingen å se en liste over sikkerhetsprogrammer som skal være deaktivert og hvordan du deaktiverer dem.

Dobbeltklikk combofix.exe og følg instruksjonene.
Når du er ferdig ComboFix vil produsere en logg for deg.
Poste ComboFix logg i neste svaret.

Viktig: Ikke mouseclick ComboFix's vinduet mens den kjører. Det kan føre til stall.

Husk å aktivere din antivirus og antispyware beskyttelse når ComboFix er fullført.
__________________
  #3  
Old 16nde Sep 2008, 14:27
New Member Group
  
Default LSASSMGR.exe (og andre) infisert! Any info / hjelp?

ComboFix 08-09-15.02 - Teddy 2008-09-16 16:34:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00]
Running from: C: \ Documents and Settings \ Teddy \ Skrivebord \ ComboFix.exe
* Opprettet et nytt gjenopprettingspunkt

ADVARSEL-Denne maskinen har ikke gjenopprettingskonsollen INSTALLERT!
.

((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ LocalService \ Cookies \ system@ad.yieldmanag er [1]. Txt
C: \ Documents and Settings \ Teddy \ Cookies \ teddy@ad.yieldmanager [1]. Txt
C: \ WINDOWS \ Downloaded Program Files \ setup.inf
C: \ WINDOWS \ system32 \ spool.exe

.
((((((((((((((((((((((((( Files Created fra 2008-08-16 til 2008-09-16 ))))))))))) ))))))))))))))))))))
.

2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-16 13:23. 2008-09-16 13:23 <DIR> d -------- C: \ WINDOWS \ LastGood
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Programfiler \ iTunes
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Programfiler \ iPod
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Apple
2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Programfiler \ Easy SpyRemover
2008-09-08 15:45. 2008-09-06 00:59 741.376 - en ------ C: \ WINDOWS \ system32 \ LSSMON.EXE
2008-09-08 15:45. 2008-09-04 21:59 17.920 - en ------ C: \ WINDOWS \ system32 \ LSASSMGR.EXE
2008-09-07 22:34. 2008-09-02 00:16 38.528 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Programfiler \ Malwarebytes' Anti-Malware
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-02 00:16 17.200 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-06 15:09. 2008-09-06 15:09 90.112 - en ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - en ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-09-05 10:44. 2008-09-06 00:59 741.376 - en ------ C: \ WINDOWS \ system32 \ msupd32.exe
2008-09-04 21:59. 2008-09-07 12:59 741.376 - en ------ C: \ WINDOWS \ system32 \ upd01.exe
2008-09-04 21:59. 2008-09-06 00:59 741.376 - en ------ C: \ WINDOWS \ divx32.dll
2008-09-04 21:59. 2008-09-04 21:59 17.920 - en ------ C: \ WINDOWS \ system32 \ srtsrv32.exe
2008-09-04 21:59. 2008-09-16 16:24 5.903 - en ------ C: \ WINDOWS \ system32 \ mssc32.dll
2008-09-04 21:59. 2008-09-16 16:24 5.903 - en ------ C: \ WINDOWS \ system32 \ bsc32.dll
2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Programfiler \ PrevxCSI
2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008-09-02 13:23. 2008-09-02 13:23 17.408 - en ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-09-01 01:20. 2008-09-07 22:19 0 - en ------ C: \ WINDOWS \ system32 \ sc02.sc
2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - en ------ C: \ WINDOWS \ system32 \ NPSWF32.dll
2008-08-31 01:46. 2007-02-20 16:04 190.696 - en ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe
2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia
2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Macromedia
2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Programfiler \ Bonjour
2008-08-29 14:33. 2006-09-18 17:55 109.744 - en ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-08-29 14:33. 2006-09-18 17:55 48.816 - en ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-08-29 10:18. 2008-08-29 10:18 87.336 - en ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - en ------ C: \ WINDOWS \ system32 \ dnssd.dll
2008-08-27 04:05. 2008-04-07 05:38 45.392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll
2008-08-27 04:05. 2008-04-07 05:38 22.872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 20:53 --------- d ----- w C: \ Programfiler \ Symantec AntiVirus
2008-09-13 17:17 --------- d ----- w C: \ Programfiler \ QuickTime
2008-09-13 17:13 --------- d ----- w C: \ Programfiler \ Apple Software Update
2008-09-08 18:53 249.956 ---- aw C: \ WINDOWS \ system32 \ dsfMon.dll
2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-01 05:56 --------- d ----- w C: \ Programfiler \ Spybot - Search & Destroy
2008-08-30 05:24 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Adobe
2008-08-29 18:34 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Symantec Shared
2008-08-29 18:33 --------- d ----- w C: \ Programfiler \ Symantec
2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet
2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2
2008-08-13 21:33 --------- d ----- w C: \ Programfiler \ Microsoft Silverlight
2008-08-12 02:46 --------- d ----- w C: \ Programfiler \ PHM
2008-07-26 08:55 --------- d ----- w C: \ Programfiler \ OpenOffice.org 2.4
2008-07-26 08:54 --------- d ----- w C: \ Programfiler \ Java
2008-07-19 02:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-19 02:10 53.448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-19 02:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-19 02:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-19 02:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-19 02:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ wuaueng.dll
2008-07-07 20:32 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2008-06-24 22:12 295.936 ------ w C: \ WINDOWS \ system32 \ wmpeffects.dll
2008-06-24 16:23 74.240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll
2008-06-23 16:57 826.368 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2008-06-20 17:41 245.248 ---- aw C: \ WINDOWS \ system32 \ mswsock.dll
2008-04-19 16:57 32 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"swg" = "C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856]
"QuickTime Task" = "C: \ Programfiler \ QuickTime \ qttask.exe" [2008-09-06 413696]
"H / PC Connection Agent" = "C: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer" = "C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RemoteControl" = "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768]
"RoxioEngineUtility" = "C: \ Programfiler \ Fellesfiler \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536]
"RoxioAudioCentral" = "C: \ Programfiler \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488]
"SiS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004-09-02 249856]
"SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496]
"Apoint" = "C: \ Programfiler \ Apoint2K \ Apoint.exe" [2003-12-05 159744]
"SunJavaUpdateSched" = "C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"DSFHost" = "C: \ Programfiler \ Staples \ easyprint \ dsfhost.exe" [2006-01-05 2142301]
"Synchronization Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360]
"Zune Launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104]
"GrooveMonitor" = "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck" = "C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan" = "C: \ Programfiler \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Acrobat Speed Launcher" = "C: \ Programfiler \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232]
"ccApp" = "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe" [2006-07-19 52896]
"vptray" = "C: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168]
"Layersecurity Servicemonitor" = "C: \ WINDOWS \ system32 \ LSSMON.EXE" [2008-09-06 741376]
"iTunesHelper" = "C: \ Programfiler \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SoundMan" = "SOUNDMAN.EXE" [2004-09-22 C: \ WINDOWS \ SOUNDMAN.EXE]
"AGRSMMSG" = "AGRSMMSG.exe" [2004-09-22 C: \ WINDOWS \ AGRSMMSG.exe]
"SiSPower" = "SiSPower.dll" [2004-09-22 C: \ WINDOWS \ system32 \ SiSPower.dll]

C: \ Documents and Settings \ Teddy \ Start-meny \ Programmer \ Startup
Adobe Gamma.lnk - C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 Screen Clipper og Launcher.lnk - C: \ Programfiler \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632]

C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Startup
Windows Desktop.lnk - C: \ Programfiler \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Programfiler \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = acaptuser32.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Bildefilen kjøring alternativer \ firefox.exe]
"Feilsøkingsprogram" = C: \ Programfiler \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Bildefilen kjøring alternativer \ iexplore.exe]
"Feilsøkingsprogram" = C: \ Programfiler \ Internet Explorer \ iexplor.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Bildefilen kjøring alternativer \ Spoolsv.exe]
"Feilsøkingsprogram" = C: \ WINDOWS \ system32 \ spool.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Programfiler \ \ BitLord \ \ BitLord.exe" =
"C: \ \ Program Files \ \ Soulseek \ \ slsk.exe" =
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Program Files \ \ AIM \ \ aim.exe" =
"C: \ Programfiler \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Programfiler \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager
"C: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Programfiler \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Programfiler \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"C: \ \ Program Files \ \ Isadora \ \ isadora.exe" =
"C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: @ xpsp2res.dll, -22,009
"1500: TCP" = 1500: TCP: Safe Access Agent Port
"26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service


* Newly Created Service * - CatchMe
* Newly Created Service * - PROCEXP90
.
Innholdet i "Scheduled Tasks"-mappen
.
- - - - Orphans fjernet - - - --

HKLM-Run-CSRLT.EXE - C: \ WINDOWS \ system32 \ CSRLT.EXE


.
------- Tilleggsavtale Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Teddy \ Application Data \ Mozilla \ Firefox \ Profiles \ 6xzfp0sa.default \
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp: / / www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q =
.

************************************************** ************************

CatchMe 0.3.1361 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 16:51:46
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
Fullføringstidspunkt: 2008-09-16 17:15:59
ComboFix-karantene-files.txt 2008-09-16 21:15:16

Pre-Run: 10478669824 bytes gratis
Post-Run: 10446106624 bytes gratis

190 --- EOF --- 2008-09-11 20:07:51
  #4  
Old 16nde Sep 2008, 14:45
Moderator Group
  
Default LSASSMGR.exe (og andre) infisert! Any info / hjelp?

Merk: nedenstående instruksjoner ble laget spesielt for denne brukeren. Hvis du ikke bruker, IKKE Følg disse skiltene fordi de kan ødelegge hjemkomsten til systemet

Slett disse filer / mapper som følger:

1. Gå til Start > Løpe > Type Notepad.exe og klikk OK å åpne Notisblokk.
Det være Notisblokk ikke Wordpad.
2. Kopier teksten i under kode boksen ved å markere all teksten og trykke Ctrl + C

Code:
KillAll:: File:: C: \ Programfiler \ Easy SpyRemover C: \ WINDOWS \ system32 \ LSSMON.EXE C: \ WINDOWS \ system32 \ LSASSMGR.EXE C: \ WINDOWS \ system32 \ msupd32.exe C: \ WINDOWS \ system32 \ upd01.exe C: \ WINDOWS \ system32 \ srtsrv32.exe C: \ WINDOWS \ system32 \ mssc32.dll C: \ WINDOWS \ system32 \ bsc32.dll Registry:: [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ bilde filen kjøres alternativer \ iexplore.exe] "feilsøkingsprogram" =- [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Bildefilen kjøring alternativer \ Spoolsv.exe] "feilsøkingsprogram" =-
3. Gå til Notisblokk-vinduet og klikk Rediger > Lim
4. Deretter klikker du Fil > Lagre
5. Navn filen CFScript.txt - Lagre filen på skrivebordet
6. Dra CFScript (hold venstre museknapp mens du dra filen) og slipp den (release venstre museknapp) i ComboFix.exe som du ser i skjermbildet nedenfor. Viktig: Utføre denne instruksjonen nøye!



ComboFix begynner å kjøre, bare følg instruksjonene.
Etter reboot (i tilfelle den ber om å reboot), vil det generere en loggfil for deg.
Innlegg som log (Combofix.txt) i neste svaret.

Merk: Ikke mouseclick ComboFix's vinduet mens den kjører. Som kan føre til systemet ditt til å fryse
__________________
  #5  
Old 16nde Sep 2008, 15:32
New Member Group
  
Default LSASSMGR.exe (og andre) infisert! Any info / hjelp?

ComboFix 08-09-15.02 - Teddy 2008-09-16 17:49:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.850 [GMT -4:00]
Running from: C: \ Documents and Settings \ Teddy \ Skrivebord \ ComboFix.exe
Command brytere brukes:: C: \ Documents and Settings \ Teddy \ Skrivebord \ CFScript.txt
* Opprettet et nytt gjenopprettingspunkt

ADVARSEL-Denne maskinen har ikke gjenopprettingskonsollen INSTALLERT!
.

((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ system32 \ bsc32.dll
C: \ WINDOWS \ system32 \ LSASSMGR.EXE
C: \ WINDOWS \ system32 \ LSSMON.EXE
C: \ WINDOWS \ system32 \ mssc32.dll
C: \ WINDOWS \ system32 \ msupd32.exe
C: \ WINDOWS \ system32 \ spool.exe
C: \ WINDOWS \ system32 \ srtsrv32.exe
C: \ WINDOWS \ system32 \ upd01.exe

.
((((((((((((((((((((((((( Files Created fra 2008-08-16 til 2008-09-16 ))))))))))) ))))))))))))))))))))
.

2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Programfiler \ iTunes
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Programfiler \ iPod
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Apple
2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Programfiler \ Easy SpyRemover
2008-09-07 22:34. 2008-09-02 00:16 38.528 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Programfiler \ Malwarebytes' Anti-Malware
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-02 00:16 17.200 - en ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-06 15:09. 2008-09-06 15:09 90.112 - en ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - en ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-09-04 21:59. 2008-09-06 00:59 741.376 - en ------ C: \ WINDOWS \ divx32.dll
2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Programfiler \ PrevxCSI
2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008-09-02 13:23. 2008-09-02 13:23 17.408 - en ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-09-01 01:20. 2008-09-07 22:19 0 - en ------ C: \ WINDOWS \ system32 \ sc02.sc
2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - en ------ C: \ WINDOWS \ system32 \ NPSWF32.dll
2008-08-31 01:46. 2007-02-20 16:04 190.696 - en ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe
2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia
2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Programfiler \ Fellesfiler \ Macromedia
2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Programfiler \ Bonjour
2008-08-29 14:33. 2006-09-18 17:55 109.744 - en ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-08-29 14:33. 2006-09-18 17:55 48.816 - en ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-08-29 10:18. 2008-08-29 10:18 87.336 - en ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - en ------ C: \ WINDOWS \ system32 \ dnssd.dll
2008-08-27 04:05. 2008-04-07 05:38 45.392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll
2008-08-27 04:05. 2008-04-07 05:38 22.872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 21:33 --------- d ----- w C: \ Programfiler \ Symantec AntiVirus
2008-09-13 17:17 --------- d ----- w C: \ Programfiler \ QuickTime
2008-09-13 17:13 --------- d ----- w C: \ Programfiler \ Apple Software Update
2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-01 05:56 --------- d ----- w C: \ Programfiler \ Spybot - Search & Destroy
2008-08-30 05:24 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Adobe
2008-08-29 18:34 --------- d ----- w C: \ Programfiler \ Fellesfiler \ Symantec Shared
2008-08-29 18:33 --------- d ----- w C: \ Programfiler \ Symantec
2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet
2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2
2008-08-13 21:33 --------- d ----- w C: \ Programfiler \ Microsoft Silverlight
2008-08-12 02:46 --------- d ----- w C: \ Programfiler \ PHM
2008-07-26 08:55 --------- d ----- w C: \ Programfiler \ OpenOffice.org 2.4
2008-07-26 08:54 --------- d ----- w C: \ Programfiler \ Java
2008-04-19 16:57 32 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat
.

((((((((((((((((((((((((((((( Snapshot@2008-09-16_17.03.48.82 )))))))))) )))))))))))))))))))))))))))))))
.
- 2007-07-30 23:18:40 33.624-c - aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
+ 2008-07-19 02:10:20 36.552-c - aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
- 2007-07-30 23:18:40 33.624 ---- aw C: \ WINDOWS \ system32 \ wups.dll
+ 2008-07-19 02:10:20 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
- 2007-07-30 23:19:12 43.352 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
+ 2008-07-19 02:10:40 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"swg" = "C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856]
"QuickTime Task" = "C: \ Programfiler \ QuickTime \ qttask.exe" [2008-09-06 413696]
"H / PC Connection Agent" = "C: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer" = "C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RemoteControl" = "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768]
"RoxioEngineUtility" = "C: \ Programfiler \ Fellesfiler \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536]
"RoxioAudioCentral" = "C: \ Programfiler \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488]
"SiS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004-09-02 249856]
"SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496]
"Apoint" = "C: \ Programfiler \ Apoint2K \ Apoint.exe" [2003-12-05 159744]
"SunJavaUpdateSched" = "C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"DSFHost" = "C: \ Programfiler \ Staples \ easyprint \ dsfhost.exe" [2006-01-05 2142301]
"Synchronization Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360]
"Zune Launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104]
"GrooveMonitor" = "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck" = "C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan" = "C: \ Programfiler \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Acrobat Speed Launcher" = "C: \ Programfiler \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232]
"ccApp" = "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe" [2006-07-19 52896]
"vptray" = "C: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168]
"iTunesHelper" = "C: \ Programfiler \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"CSRLT.EXE" = "C: \ WINDOWS \ system32 \ CSRLT.EXE" [bu]
"SoundMan" = "SOUNDMAN.EXE" [2004-09-22 C: \ WINDOWS \ SOUNDMAN.EXE]
"AGRSMMSG" = "AGRSMMSG.exe" [2004-09-22 C: \ WINDOWS \ AGRSMMSG.exe]
"SiSPower" = "SiSPower.dll" [2004-09-22 C: \ WINDOWS \ system32 \ SiSPower.dll]

C: \ Documents and Settings \ Teddy \ Start-meny \ Programmer \ Startup
Adobe Gamma.lnk - C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 Screen Clipper og Launcher.lnk - C: \ Programfiler \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632]

C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Startup
Windows Desktop.lnk - C: \ Programfiler \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Programfiler \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ windows]
"AppInit_DLLs" = acaptuser32.dll

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Bildefilen kjøring alternativer \ firefox.exe]
"Feilsøkingsprogram" = C: \ Programfiler \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Programfiler \ \ BitLord \ \ BitLord.exe" =
"C: \ \ Program Files \ \ Soulseek \ \ slsk.exe" =
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Program Files \ \ AIM \ \ aim.exe" =
"C: \ Programfiler \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Programfiler \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager
"C: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Programfiler \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Programfiler \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"C: \ \ Program Files \ \ Isadora \ \ isadora.exe" =
"C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: @ xpsp2res.dll, -22,009
"1500: TCP" = 1500: TCP: Safe Access Agent Port
"26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service

R0 pxark; pxark; C: \ WINDOWS \ system32 \ drivers \ pxark.sys [2008-09-02 17408]
R2 CSIScanner; CSIScanner, C: \ Programfiler \ PrevxCSI \ prevxcsi.exe [2008-09-02 618040]
R2 SafeAccessAgent; sikker adgang Agent, C: \ Programfiler \ StillSecure \ Safe Access Agent \ SAService.exe [2006-01-27 880640]
R2 Viewpoint Manager Service; Viewpoint Manager Service; C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652]
S3 HwIOctl; HwIOctl; C: \ Documents and Settings \ Eier \ Skrivebord \ HwIOctl.sys []
S3 Ktp3; Elantech touchpad (KTP3); C: \ WINDOWS \ system32 \ drivers \ Ktp3.sy s [2004-09-22 24704]
S3 Memctl; Memctl; C: \ Documents and Settings \ Eier \ Skrivebord \ Memctl.sys []
.
Innholdet i "Scheduled Tasks"-mappen
.
- - - - Orphans fjernet - - - --

HKLM-Run-Layersecurity Servicemonitor - C: \ WINDOWS \ system32 \ LSSMON.EXE
HKLM-RunOnce-MSBLT.EXE - C: \ WINDOWS \ MSBLT.EXE



************************************************** ************************

CatchMe 0.3.1361 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 18:00:27
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...


************************************************** ************************
.
------------------------ Other Running Prosesser ----------------------- --
.
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
C: \ Programfiler \ Bonjour \ mDNSResponder.exe
C: \ Programfiler \ Symantec AntiVirus \ DefWatch.exe
C: \ Programfiler \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
C: \ WINDOWS \ system32 \ IoctlSvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ searchindexer.exe
C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ progra ~ 1 \ micros ~ 3 \ rapimgr.exe
C: \ Programfiler \ Roxio \ Easy CD Creator 6 \ AudioCentral \ Playlist.exe
C: \ Programfiler \ Apoint2K \ ApntEx.exe
C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexingService.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ searchprotocolhost.exe
C: \ WINDOWS \ system32 \ searchfilterhost.exe
.
************************************************** ************************
.
Fullføringstidspunkt: 2008-09-16 18:24:56 - maskinen ble startet på nytt
ComboFix-karantene-files.txt 2008-09-16 22:23:49
ComboFix2.txt 2008-09-16 21:16:14

Pre-Run: 10626510848 bytes gratis
Post-Run: 10616803328 bytes gratis

205 --- EOF --- 2008-09-11 20:07:51
  #6  
Old 16nde Sep 2008, 15:50
Moderator Group
  
Default LSASSMGR.exe (og andre) infisert! Any info / hjelp?

Laste ned TrendMicro HijackThis.exe (HJT) til skrivebordet.
  • Dobbeltklikk på HJTInstall.
  • Klikk på Installer knappen.
  • Det vil automatisk plass HJT i C: \ Programfiler \ TrendMicro \ HijackThis \ HijackThis.exe.
  • Ved å installere, HijackThis skal åpne for deg.
  • Klikk på Gjør et system skanne og lagre en loggfil knappen
  • HijackThis skanner og deretter en logg åpnes i notepad.
  • Kopier og lim alt innholdet i loggen i innlegget.
  • Ikke har HijackThis fikse noe ennå. Det meste av det de finner vil være harmløs eller nødvendig.
__________________
  #7  
Old 23. sep 2008, 09:24
New Member Group
  
Default LSASSMGR.exe (og andre) infisert! Any info / hjelp?

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 12:21:04, på 9/23/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
C: \ Programfiler \ Symantec AntiVirus \ DefWatch.exe
C: \ Programfiler \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
C: \ WINDOWS \ system32 \ IoctlSvc.exe
C: \ Programfiler \ StillSecure \ Safe Access Agent \ SAService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ Explorer.exe
C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ WINDOWS \ system32 \ keyhook.exe
C: \ Programfiler \ Apoint2K \ Apoint.exe
C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Programfiler \ Staples \ easyprint \ dsfhost.exe
C: \ Program Files \ Zune \ ZuneLauncher.exe
C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Apoint2K \ Apntex.exe
C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe
C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexStoreSvr.exe
C: \ progra ~ 1 \ micros ~ 3 \ rapimgr.exe
C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexingService.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe
C: \ Programfiler \ Adobe \ Acrobat 9.0 \ Acrobat \ AcroTray.exe
C: \ Programfiler \ Fellesfiler \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
C: \ WINDOWS \ system32 \ taskmgr.exe
C: \ WINDOWS \ Lsass.exe
C: \ WINDOWS \ system32 \ SPOOLER.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.averatec.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://oqaserver-a/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - c: \ progra ~ 1 \ micros ~ 4 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: AOL Toolbar Launcher - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O2 - BHO: Viewpoint Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ Viewpoint \ Viewpoint Toolbar \ 3.8.0 \ ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programfiler \ Google \ googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8273-0445EE161910) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: SmartSelect - (F4971EE7-DAA0-4053-9964-665D8EE6A077) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programfiler \ Yahoo! \ Companion \ Installerer \ cpn \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programfiler \ Google \ googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - (DE9C389F-3316-41A7-809B-AA305ED9D922) - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Programfiler \ Fellesfiler \ Viewpoint \ Toolbar Kjøretid \ 3.8.0 \ IEViewBar.dll
O3 - Toolbar: Adobe PDF - (47833539-D0C5-4125-9FA8-0819E2EAAC93) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [RoxioEngineUtility] "C: \ Programfiler \ Fellesfiler \ Roxio Shared \ System \ EngUtil.exe"
O4 - HKLM \ .. \ Run: [RoxioAudioCentral] "C: \ Programfiler \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe"
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [SiS Windows KeyHook] C: \ WINDOWS \ system32 \ keyhook.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [Apoint] C: \ Programfiler \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [DSFHost] C: \ Programfiler \ Staples \ easyprint \ dsfhost.exe
O4 - HKLM \ .. \ Run: [Synchronization Manager]% SystemRoot% \ system32 \ mobsync.exe / logon
O4 - HKLM \ .. \ Run: [Zune Launcher] "C: \ Program Files \ Zune \ ZuneLauncher.exe"
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Programfiler \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Programfiler \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe"
O4 - HKLM \ .. \ Run: [Adobe Acrobat Speed Launcher] "C: \ Programfiler \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe"
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ progra ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] C: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKLM \ .. \ Run: [utskriftskøen] C: \ WINDOWS \ system32 \ SPOOLER.EXE
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ qttask.exe"-atboottime
O4 - HKCU \ .. \ Run: [H / PC Connection Agent] "C: \ Programfiler \ Microsoft ActiveSync \ wcescomm.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] "C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexStoreSvr.exe" Aso-616B5711-6DAE-4795-A05F -39A1E5104020
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [AdobeUpdater] C: \ Programfiler \ Fellesfiler \ Adobe \ Updater \ AdobeUpdater.exe
O4 - HKLM \ .. \ Policies \ Explorer \ Run: [LocalSecurityAuthoritySubsystem] C: \ WINDOWS \ Lsass.exe
O4 - Startup: Adobe Gamma.lnk = C: \ Programfiler \ Fellesfiler \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper og Launcher.lnk = C: \ Programfiler \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Programfiler \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra sammenheng menyelement: & AOL Toolbar Search - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ ressurser \ no \ Local \ search.html
O8 - Extra sammenheng menyelement: Legg Link Target til eksisterende PDF - res: / / C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppendSelLinks.html
O8 - Extra sammenheng menyelement: Legg til eksisterende PDF - res: / / C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppend.html
O8 - Extra sammenheng menyelement: Konverter Link Target til Adobe PDF - res: / / C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECaptureSelLinks.html
O8 - Extra sammenheng menyelement: Konverter til Adobe PDF - res: / / C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECapture.html
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 4 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra knappen: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 4 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: S & end til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 4 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: Opprett mobil favoritt - (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 3 \ INetRepl.dll
O9 - Extra knappen: (no name) - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 3 \ INetRepl.dll
O9 - Extra "Verktøy" MENUITEM: Opprett mobil favoritt ... - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 3 \ INetRepl.dll
O9 - Extra knappen: AOL Toolbar - (3369AF0D-62E9-4bda-8103-B4C75499B578) - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ MIC273 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Programfiler \ AIM \ aim.exe
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.averatec.com
O16 - DPF: (0D6BB8B8-0257-420C-B9EB-CFA90DB1026C) -- http://svrnsec01.purchase.edu:88/setup.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Klassifikasjon) -- http://v5.windowsupdate.microsoft.co...?1096453339343
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - c: \ progra ~ 1 \ micros ~ 4 \ Office12 \ GR99D3 ~ 1.DLL
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ FELLES ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programfiler \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Programfiler \ Fellesfiler \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Automatisk LiveUpdate Scheduler - Symantec Corporation - C: \ Programfiler \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C: \ Programfiler \ PrevxCSI \ prevxcsi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Programfiler \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programfiler \ Fellesfiler \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c: \ progra ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C: \ Programfiler \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ Programfiler \ Fellesfiler \ Nero \ Lib \ NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - produktive Technology Inc. - C: \ WINDOWS \ system32 \ IoctlSvc.exe
O23 - Service: Sikker tilgang Agent (SafeAccessAgent) - StillSecure - C: \ Programfiler \ StillSecure \ Safe Access Agent \ SAService.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Programfiler \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Programfiler \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ Security Center \ SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe

--
End of file - 14719 bytes
  #8  
Old 23. sep 2008, 10:25
Moderator Group
  
Default LSASSMGR.exe (og andre) infisert! Any info / hjelp?

Laste ned Malwarebytes' Anti-Malware (MBAM)
  • Dobbeltklikk mbam-setup.exe og følger instruksjonene for å installere programmet.
  • Ved utgangen, må du passe på et merke plasseres ved siden av det følgende:
    • Oppdater Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Deretter klikker du Fullfør.
  • Hvis en oppdatering er funnet, vil laste ned og installere den nyeste versjonen.
  • Når programmet er lastet, velger du Utføre rask skanning, Og klikk Scan.
  • Når skanningen er fullført, klikker du OK, Deretter Vis resultater å vise resultater.
  • Pass på at alt er sjekket, og klikk Fjern valgte.
  • Når desinfeksjon er ferdig, en logg åpnes i Notepad, og du kan bli bedt om å starte. (Se Extra Note)
  • Loggen lagres automatisk ved MBAM og kan vises ved å klikke Logger kategorien i MBAM.
  • Kopier og lim inn hele rapporten i neste svaret.

Ekstra Merk: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli presentert med 1 av 2 ledetekster, klikk OK for å enten og la MBAM fortsette med desinfeksjon prosessen, hvis du blir bedt om å starte datamaskinen på nytt, kan du gjøre det umiddelbart.

----------


Nå kjøre en ny HijackThis skanner og post loggen sammen med MBAM loggen.
__________________
Reply

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Kontakt -- Personvern -- Sitemap -- Topp

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO by vBSEO © 2009, gjennomgå webområdet, Inc.