CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede montesa Nybegynder
03. september 2007 - 00:58 Der er 8 kommentarer

Kan ikke komme af med Virtumondo

Hejsa!

Jeg forgæves forsøgt at komme af med med Virtumundo v.hj.a. diverse værktøjer, men i flg. Norton Antivirus 2006 er den stadig at finde.

Min HiJackThis log ser ud som flg:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:54:05, on 03-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\vsnpstd2.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Trine\Skrivebord\HiJackThis.exe
C:\Programmer\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programmer\WAT_EN\Accessibility_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:\AdgangForAlle\adgangforalle.exe
O9 - Extra 'Tools' menuitem: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:\AdgangForAlle\adgangforalle.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158149880718
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://officebeta.iponet.net/officeupdate/content/opuc4.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 13613 bytes

Er der hjælp at hente?

Mvh. Trine
Avatar billede Computer Hjælp (Gratis) Mester
03. september 2007 - 07:42 #1
Jeps - Har 'spottet' den *S*


-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind sammen med en frisk HiJackThis Log...

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!
Avatar billede montesa Nybegynder
03. september 2007 - 11:16 #2
Hej igen

Her er combofix loggen:

ComboFix 07-08-30.3 - "Trine" 2007-09-03 10:37:58.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.228 [GMT 2:00]


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.tmp
C:\WINDOWS\system32\nnnnlmn.dll
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\winrvc32.dll


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


(((((((((((((((((((((((((  Files Created from 2007-08-03 to 2007-09-03  )))))))))))))))))))))))))))))))


2007-09-03 10:36    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-09-03 00:22    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Menuen Start
2007-09-03 00:22    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Foretrukne
2007-09-03 00:22    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Dokumenter
2007-09-03 00:22    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Skabeloner
2007-09-03 00:22    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Printere
2007-09-03 00:22    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Lokale indstillinger
2007-09-03 00:22    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Andre computere
2007-09-03 00:22    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Skrivebord
2007-09-03 00:00    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-09-03 00:00    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-09-03 00:00    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-09-02 23:57    40,960    --a------    C:\Look2Me-Destroyer.exe
2007-09-02 23:55    111,616    --a------    C:\VundoFix.exe
2007-09-02 22:28    <DIR>    d--------    C:\VundoFix Backups
2007-08-31 13:31    <DIR>    d--hs----    C:\FOUND.011
2007-08-31 13:01    <DIR>    d--------    C:\WINDOWS\system32\wdqpokti
2007-08-30 18:59    102,400    --a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\vcdapkti.dll
2007-08-30 18:58    95,232    --a------    C:\WINDOWS\system32\drvkog.dll
2007-08-28 15:04    <DIR>    d--------    C:\Programmer\Yahoo!
2007-08-28 15:03    <DIR>    d--------    C:\Programmer\CCleaner
2007-08-28 14:43    5,020    --a------    C:\WINDOWS\system32\tmp.reg
2007-08-24 16:24    446,464    --a------    C:\WINDOWS\system32\vp31vfw.dll
2007-08-24 16:21    <DIR>    d--------    C:\Programmer\Postmand Per - PC SPIL
2007-08-22 11:37    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-20 12:52    <DIR>    d--------    C:\DOCUME~1\Trine\CDCARDS
2007-08-20 12:52    <DIR>    d--------    C:\DOCUME~1\Trine\.oces
2007-08-16 09:50    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-08-14 14:13    <DIR>    d--------    C:\Programmer\F‘lles filer\PCSuite
2007-08-14 14:13    <DIR>    d--------    C:\Programmer\F‘lles filer\Nokia
2007-08-14 14:11    <DIR>    d--------    C:\Programmer\PC Connectivity Solution
2007-08-14 11:58    8,320    --a------    C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-14 11:58    65,536    --a------    C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-14 11:58    137,216    --a------    C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-14 11:58    12,288    --a------    C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-14 11:56    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-08-14 00:39    574,508    --a------    C:\WINDOWS\system32\iyawntwy_bak.exe
2007-08-03 10:03    <DIR>    d--hs----    C:\FOUND.010


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 13:38    806    --a------    C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-14 13:38    8014    --a------    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-14 13:38    48776    --a------    C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-14 13:38    115000    --a------    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 19:24    ---------    d--------    C:\Programmer\Bamse
2007-07-25 13:22    ---------    d--------    C:\DOCUME~1\TRINE\APPLIC~1\Apple Computer
2007-07-25 13:21    ---------    d--------    C:\Programmer\Safari
2007-07-25 13:21    ---------    d--------    C:\Programmer\Apple Software Update
2007-07-25 13:21    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-19 08:58    3583488    --a------    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 10:31    ---------    d--------    C:\DOCUME~1\TRINE\APPLIC~1\CD-LabelPrint
2007-07-13 01:31    765952    --a------    C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 20:49    ---------    d--------    C:\Programmer\Skyline
2007-06-27 16:05    823808    --a------    C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:05    671232    --a------    C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:05    6058496    --a------    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:05    52224    --a------    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:05    477696    --a------    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:05    459264    --a------    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:05    44544    --a------    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:05    27648    --a------    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:05    267776    --a------    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:05    232960    --a------    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:05    193024    --a------    C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:05    1152000    --a------    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:05    105984    --a------    C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:05    102400    --a------    C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:04    384512    --a------    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:04    383488    --a------    C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:04    230400    --a------    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:04    153088    --a------    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:04    132608    --a------    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:04    124928    --a------    C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27    63488    --a------    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27    13824    --a------    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:25    625152    --a------    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00    161792    --a------    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
2007-06-13 10:33    51716    --a------    C:\WINDOWS\system32\pdf995mon.dll
2007-06-13 10:33    249856    --a------    C:\WINDOWS\system32\pdfmona.dll
    ---------        C:\Programmer\Fælles filer\PCSuite
    ---------        C:\Programmer\Fælles filer\Nokia


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12F0FD41-880D-4FEF-B097-61EE791620E0}]
            C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F5E9987-FD12-408E-3612-018845CDF059}]
            C:\Programmer\Skpohzuc\ivauwgnz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B702DA3-F9BC-464B-88F4-BDA18DF69655}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F493347-FFE5-4A77-8EFD-2B8A2C4644AF}]
            C:\WINDOWS\system32\ddcyv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 16:49]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 21:05]
"LaunchAp"="C:\Programmer\Launch Manager\LaunchAp.exe" [2005-03-30 15:29]
"PowerKey"="C:\Programmer\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"LManager"="C:\Programmer\Launch Manager\HotkeyApp.exe" [2005-05-19 14:45]
"CtrlVol"="C:\Programmer\Launch Manager\CtrlVol.exe" [2003-09-16 14:28]
"LMgrOSD"="C:\Programmer\Launch Manager\OSDCtrl.exe" [2004-10-11 10:47]
"Wbutton"="C:\Programmer\Launch Manager\Wbutton.exe" [2005-04-18 11:41]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 C:\WINDOWS\SOUNDMAN.EXE]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 19:05]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" []
"OpwareSE2"="C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Adobe Version Cue CS2"="C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"SSBkgdUpdate"="C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" []
"OpwareSE4"="C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"PCSuiteTrayApplication"="C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-03-23 13:52]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00]
"updateMgr"="C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 13:13 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvvvu]
byxvvvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trine^Menuen Start^Programmer^Start^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Trine\Menuen Start\Programmer\Start\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUsbSound]
RunDll32 cmcnfgu.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvkog.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime Alternative\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
C:\WINDOWS\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\iusawpht.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"DomainService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SAVScan"=3 (0x3)

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 POWERKEY;POWERKEY;\??\C:\Programmer\Launch Manager\POWERKEY.sys
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys
S3 SI15CI;SI15CI;\??\c:\elements\1stboot\SI15CI.SYS
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    Pml Driver HPZ12 Net Driver HPZ12


Contents of the 'Scheduled Tasks' folder
2007-08-31 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Trine.job - C:\PROGRA~1\NORTON~1\Navw32.exe
2007-09-03 09:05:02 C:\WINDOWS\Tasks\User_Feed_Synchronization-{F347DE67-5826-4261-AAC9-380F2BEC92D6}.job - C:\WINDOWS\system32\msfeedssync.exe
2007-09-03 08:55:22 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Trine.job - C:\PROGRA~1\NORTON~1\Navw32.exe
2007-08-27 15:18:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programmer\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-03 11:04:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

Completion time: 2007-09-03 11:08:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-03 11:08

    --- E O F ---

HiJackThis loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:55, on 03-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\vsnpstd2.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Trine\Skrivebord\Alternative.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F0FD41-880D-4FEF-B097-61EE791620E0} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Programmer\Skpohzuc\ivauwgnz.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B702DA3-F9BC-464B-88F4-BDA18DF69655} - (no file)
O2 - BHO: (no name) - {8F493347-FFE5-4A77-8EFD-2B8A2C4644AF} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programmer\WAT_EN\Accessibility_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:\AdgangForAlle\adgangforalle.exe
O9 - Extra 'Tools' menuitem: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:\AdgangForAlle\adgangforalle.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158149880718
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://officebeta.iponet.net/officeupdate/content/opuc4.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxvvvu - byxvvvu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 15085 bytes

Mvh. Trine
Avatar billede Computer Hjælp (Gratis) Mester
03. september 2007 - 12:49 #3
BINGO...

Efterfølgende oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {12F0FD41-880D-4FEF-B097-61EE791620E0} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Programmer\Skpohzuc\ivauwgnz.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B702DA3-F9BC-464B-88F4-BDA18DF69655} - (no file)
O2 - BHO: (no name) - {8F493347-FFE5-4A77-8EFD-2B8A2C4644AF} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O20 - Winlogon Notify: byxvvvu - byxvvvu.dll (file missing)

Genstart normalt...

Fortæl hvordan PC'en så kører nu ?

------------------------------------------------------------------------
Avatar billede Computer Hjælp (Gratis) Mester
11. september 2007 - 19:17 #4
???
Avatar billede montesa Nybegynder
04. november 2007 - 17:22 #5
Den kører  super godt - kan du ikke smide et "svar" så jeg kan give dig point?

Mhv. Trine
Avatar billede Computer Hjælp (Gratis) Mester
05. november 2007 - 09:56 #6
Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede montesa Nybegynder
05. november 2007 - 10:16 #7
Det har har jeg forlængst gjort.. :-)

Men tak for tippene!

Mhv. Trine
Avatar billede Computer Hjælp (Gratis) Mester
05. november 2007 - 11:02 #8
Ping...
(Her er [svar] *S*)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:15 Personlige indstillinger på Facebook Af nu_igen i Sociale medier
I går 17:56 Bluetooth Højttalersæt Af valby i Andet hardware
I går 16:52 Flextids registrering Af Kenneth Kirsgart i Excel
I går 14:28 Telenor og Iphone skal genstarte ofte Af Carpathia i Mobilnetværk
I går 13:47 Kan man sælge et ApS Af LHans i Fri debat
White papers
Flere white papers »


Premium
Teaser billede
Efter forbud fra Datatilsynet: Nu ændres data-håndteringen i din kørekort-app
Læs mere »
Halter mange år bagefter: Sløve software-udviklere står i vejen for kæmpe digitalt løft af Billund Lufthavn
Disse 10 it-virksomheder klarer sig bedst i Computerworlds store image-undersøgelse
Rejsekort skal aflevere fuld redegørelse om brug af GPS-data i Rejsekort-appen inden for få uger: Datatilsynet åbner sag
Se alle »
Computerworld
Teaser billede
Softwarefirmaet Teamviewer med 640.000 kunder globalt ramt af avanceret hackerangreb
Læs mere »
En pladesaks, 1000W og et Nvidia-grafikkort til 14.000 kroner - sådan opgraderede jeg min pc
Dansk-stiftet ingeniørfirma blev franarret 178 millioner kroner i deepfake-svindel
Test: Endelig en skærm der er god til alt - lige fra gaming og underholdning til kontorbrug
Se alle »
CIO
Teaser billede
Efter stort hackerangreb mod Teamviewer: Stop dine opdateringer og tjek opsætningen nu
Læs mere »
I dag træder nye de regler om registrering af din arbejdstid i kraft: Er du klar?
Frygtet melding: Russiske hackere har stjålet Microsoft-kunders e-mails
Russisk hack af Microsoft er meget større end først antaget
Se alle »
Job & Karriere
Teaser billede
Bo solgte sit software-system for et treciftret millionbeløb: Brugte pengene på at købe 80 medarbejdere til ny storsatsning
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
Kontorer er ofte øde og tomme - især efter frokost og op til ferier: Nu vil Dell give de ansatte farve-stempler efter deres fremmøde
Se alle »
White paper
Teaser billede
SASE: Træf det rette valg – første gang
Læs mere »
Opdag fordelene ved cloud-baseret backup og recovery
Sådan gør du: Elektronisk dokumentudveksling i praksis
Sådan høster du forretningsfordelene ved Internet of Things
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »