Space prøver at åbne program

Lyder helt forkert !!! Er noget rigtigt 'snavs' !!!

---

Hent og instalér CCleaner www.ccleaner.com/ + www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
www.alt-til-windows.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

http://gratisupload.dk/vis/62873/
http://gratisupload.dk/vis/62874/
http://gratisupload.dk/vis/63036/

--------

Hent Malwarebytes Anti-Malware herfra:
www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.09.02

Windows Server 2003 Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PICASSO [administrator]

09-05-2012 21:07:44
mbam-log-2012-05-09 (21-07-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 471112
Time elapsed: 1 hour(s), 29 minute(s), 52 second(s)

Memory Processes Detected: 1
C:\RECYCLER\hex135.exe (Trojan.Agent) -> 4104 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files\Ujfp\Sudgiuphj.gif (Extension.Mismatch) -> Delete on reboot.

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\WinHjqy32 (Trojan.Flooder) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip|DLLPath (Hijack.Iprouter) -> Bad: (C:\windows\xinstall1754900.dll) Good: (%SystemRoot%\System32\iprtrmgr.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 26
C:\Program Files\Ujfp\Sudgiuphj.gif (Extension.Mismatch) -> Delete on reboot.
C:\WINDOWS\system32\WinHkep32.exe (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\boot1.exe (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ101.tmp (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ103.tmp (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ104.tmp (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ161.tmp (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ18B.tmp (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\APQ196.tmp (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\RECYCLER\boot1.exe (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\RECYCLER\st1.exe (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\st1.exe (Trojan.Flooder) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TmpFD.tmp (Trojan.Flooder) -> Delete on reboot.
C:\WINDOWS\XXXXXXF078FF85\svchsot.exe (Trojan.Svchsot) -> Quarantined and deleted successfully.
C:\RECYCLER\boot135.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\hex135.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\s135.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\sh1.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\shcmd520.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\st135.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\xp1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\xp135.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\xpcmd520.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\zy1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\zy135.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\zycmd520.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42:08, on 09-05-2012
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Documents and Settings\Administrator.EUROPAHOTEL\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cpqrcmc.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\WINDOWS\system32\lserver.exe
C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\system32\cmd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINDOWS\system32\cmd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINDOWS\system32\cmd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINDOWS\system32\cmd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\teamviewer\version6\TeamViewer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\HP\NCU\cpqteam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hex135.exe
C:\WINDOWS\system32\hex135.exe
c:\RECYCLER\hex135.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\boot1.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator.EUROPAHOTEL\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://ftp.front-safe.dk/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [CPQTEAM] C:\Program Files\HP\NCU\cpqteam.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator.europahotel\windows\system32\mswsock.dll' missing
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276185056812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276185270687
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europahotel.local
O17 - HKLM\Software\..\Telephony: DomainName = europahotel.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{A59D8329-808E-47D0-8072-AC80EF4B5942}: NameServer = 192.168.0.1,194.239.134.83
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europahotel.local
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\bin\hpapp.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: HP Insight NIC Agents (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\cpqrcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TSM Fil Scheduler - IBM Corporation - C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe

--
End of file - 8833 bytes

Hvordan kan der komme den slags ind på en SERVER ?

Hvordan kører 'dyret' så nu ?

mit bedste svar er nok, for mange administratore der "piller".

Stadig samme fejl mht. mellemrumstasten.

Efter scanningen begyndte symantec antivirus at poppe op med en masse virus den havde fundet.

Men her til morgen stod serveren og lavede et DOS angreb på den gateway via servicen, svchost.exe.

desuden er alle de oprindelige scheduled jobs  blevet slettet nu og erstatet af 24 jobs der er navngivet at1, at2, at3... osv.

Andre må byde ind her ...