Kan ikke komme af med Virtumondo

Jeps - Har 'spottet' den *S*


-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind sammen med en frisk HiJackThis Log...

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!

Hej igen

Her er combofix loggen:

ComboFix 07-08-30.3 - "Trine" 2007-09-03 10:37:58.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.228 [GMT 2:00]


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.tmp
C:\WINDOWS\system32\nnnnlmn.dll
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\winrvc32.dll


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


(((((((((((((((((((((((((  Files Created from 2007-08-03 to 2007-09-03  )))))))))))))))))))))))))))))))


2007-09-03 10:36    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-09-03 00:22    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Menuen Start
2007-09-03 00:22    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Foretrukne
2007-09-03 00:22    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Dokumenter
2007-09-03 00:22    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Skabeloner
2007-09-03 00:22    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Printere
2007-09-03 00:22    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Lokale indstillinger
2007-09-03 00:22    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Andre computere
2007-09-03 00:22    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Skrivebord
2007-09-03 00:00    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-09-03 00:00    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-09-03 00:00    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-09-02 23:57    40,960    --a------    C:\Look2Me-Destroyer.exe
2007-09-02 23:55    111,616    --a------    C:\VundoFix.exe
2007-09-02 22:28    <DIR>    d--------    C:\VundoFix Backups
2007-08-31 13:31    <DIR>    d--hs----    C:\FOUND.011
2007-08-31 13:01    <DIR>    d--------    C:\WINDOWS\system32\wdqpokti
2007-08-30 18:59    102,400    --a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\vcdapkti.dll
2007-08-30 18:58    95,232    --a------    C:\WINDOWS\system32\drvkog.dll
2007-08-28 15:04    <DIR>    d--------    C:\Programmer\Yahoo!
2007-08-28 15:03    <DIR>    d--------    C:\Programmer\CCleaner
2007-08-28 14:43    5,020    --a------    C:\WINDOWS\system32\tmp.reg
2007-08-24 16:24    446,464    --a------    C:\WINDOWS\system32\vp31vfw.dll
2007-08-24 16:21    <DIR>    d--------    C:\Programmer\Postmand Per - PC SPIL
2007-08-22 11:37    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-20 12:52    <DIR>    d--------    C:\DOCUME~1\Trine\CDCARDS
2007-08-20 12:52    <DIR>    d--------    C:\DOCUME~1\Trine\.oces
2007-08-16 09:50    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-08-14 14:13    <DIR>    d--------    C:\Programmer\F‘lles filer\PCSuite
2007-08-14 14:13    <DIR>    d--------    C:\Programmer\F‘lles filer\Nokia
2007-08-14 14:11    <DIR>    d--------    C:\Programmer\PC Connectivity Solution
2007-08-14 11:58    8,320    --a------    C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-14 11:58    65,536    --a------    C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-14 11:58    137,216    --a------    C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-14 11:58    12,288    --a------    C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-14 11:56    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-08-14 00:39    574,508    --a------    C:\WINDOWS\system32\iyawntwy_bak.exe
2007-08-03 10:03    <DIR>    d--hs----    C:\FOUND.010


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-14 13:38    806    --a------    C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-14 13:38    8014    --a------    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-14 13:38    48776    --a------    C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-14 13:38    115000    --a------    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\dllcache\wups.dll
2007-07-28 19:24    ---------    d--------    C:\Programmer\Bamse
2007-07-25 13:22    ---------    d--------    C:\DOCUME~1\TRINE\APPLIC~1\Apple Computer
2007-07-25 13:21    ---------    d--------    C:\Programmer\Safari
2007-07-25 13:21    ---------    d--------    C:\Programmer\Apple Software Update
2007-07-25 13:21    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-19 08:58    3583488    --a------    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 10:31    ---------    d--------    C:\DOCUME~1\TRINE\APPLIC~1\CD-LabelPrint
2007-07-13 01:31    765952    --a------    C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-10 20:49    ---------    d--------    C:\Programmer\Skyline
2007-06-27 16:05    823808    --a------    C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:05    671232    --a------    C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:05    6058496    --a------    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:05    52224    --a------    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:05    477696    --a------    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:05    459264    --a------    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:05    44544    --a------    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:05    27648    --a------    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:05    267776    --a------    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:05    232960    --a------    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:05    193024    --a------    C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:05    1152000    --a------    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:05    105984    --a------    C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:05    102400    --a------    C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:04    384512    --a------    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:04    383488    --a------    C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:04    230400    --a------    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:04    153088    --a------    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:04    132608    --a------    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:04    124928    --a------    C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27    63488    --a------    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27    13824    --a------    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:25    625152    --a------    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00    161792    --a------    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
2007-06-13 10:33    51716    --a------    C:\WINDOWS\system32\pdf995mon.dll
2007-06-13 10:33    249856    --a------    C:\WINDOWS\system32\pdfmona.dll
    ---------        C:\Programmer\Fælles filer\PCSuite
    ---------        C:\Programmer\Fælles filer\Nokia


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12F0FD41-880D-4FEF-B097-61EE791620E0}]
            C:\WINDOWS\system32\awvvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F5E9987-FD12-408E-3612-018845CDF059}]
            C:\Programmer\Skpohzuc\ivauwgnz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B702DA3-F9BC-464B-88F4-BDA18DF69655}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F493347-FFE5-4A77-8EFD-2B8A2C4644AF}]
            C:\WINDOWS\system32\ddcyv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 16:49]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 21:05]
"LaunchAp"="C:\Programmer\Launch Manager\LaunchAp.exe" [2005-03-30 15:29]
"PowerKey"="C:\Programmer\Launch Manager\PowerKey.exe" [2002-08-30 15:02]
"LManager"="C:\Programmer\Launch Manager\HotkeyApp.exe" [2005-05-19 14:45]
"CtrlVol"="C:\Programmer\Launch Manager\CtrlVol.exe" [2003-09-16 14:28]
"LMgrOSD"="C:\Programmer\Launch Manager\OSDCtrl.exe" [2004-10-11 10:47]
"Wbutton"="C:\Programmer\Launch Manager\Wbutton.exe" [2005-04-18 11:41]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 C:\WINDOWS\SOUNDMAN.EXE]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 19:05]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" []
"OpwareSE2"="C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Adobe Version Cue CS2"="C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"SSBkgdUpdate"="C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" []
"OpwareSE4"="C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"PCSuiteTrayApplication"="C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 16:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-03-23 13:52]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00]
"updateMgr"="C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 13:13 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvvvu]
byxvvvu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trine^Menuen Start^Programmer^Start^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Trine\Menuen Start\Programmer\Start\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmUsbSound]
RunDll32 cmcnfgu.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvkog.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime Alternative\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
C:\WINDOWS\vsnpstd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\iusawpht.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"DomainService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SAVScan"=3 (0x3)

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 POWERKEY;POWERKEY;\??\C:\Programmer\Launch Manager\POWERKEY.sys
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys
S3 SI15CI;SI15CI;\??\c:\elements\1stboot\SI15CI.SYS
S3 snpstd2;Trust WB-3100P Portable Webcam;C:\WINDOWS\system32\DRIVERS\snpstd2.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    Pml Driver HPZ12 Net Driver HPZ12


Contents of the 'Scheduled Tasks' folder
2007-08-31 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Trine.job - C:\PROGRA~1\NORTON~1\Navw32.exe
2007-09-03 09:05:02 C:\WINDOWS\Tasks\User_Feed_Synchronization-{F347DE67-5826-4261-AAC9-380F2BEC92D6}.job - C:\WINDOWS\system32\msfeedssync.exe
2007-09-03 08:55:22 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Trine.job - C:\PROGRA~1\NORTON~1\Navw32.exe
2007-08-27 15:18:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programmer\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-03 11:04:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

Completion time: 2007-09-03 11:08:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-03 11:08

    --- E O F ---

HiJackThis loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:55, on 03-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\PowerKey.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSDCtrl.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\vsnpstd2.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Trine\Skrivebord\Alternative.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F0FD41-880D-4FEF-B097-61EE791620E0} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Programmer\Skpohzuc\ivauwgnz.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B702DA3-F9BC-464B-88F4-BDA18DF69655} - (no file)
O2 - BHO: (no name) - {8F493347-FFE5-4A77-8EFD-2B8A2C4644AF} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\Programmer\WAT_EN\Accessibility_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Programmer\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Programmer\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Programmer\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programmer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programmer\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmer\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:\AdgangForAlle\adgangforalle.exe
O9 - Extra 'Tools' menuitem: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:\AdgangForAlle\adgangforalle.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158149880718
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://officebeta.iponet.net/officeupdate/content/opuc4.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxvvvu - byxvvvu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 15085 bytes

Mvh. Trine

BINGO...

Efterfølgende oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {12F0FD41-880D-4FEF-B097-61EE791620E0} - C:\WINDOWS\system32\awvvv.dll (file missing)
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Programmer\Skpohzuc\ivauwgnz.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B702DA3-F9BC-464B-88F4-BDA18DF69655} - (no file)
O2 - BHO: (no name) - {8F493347-FFE5-4A77-8EFD-2B8A2C4644AF} - C:\WINDOWS\system32\ddcyv.dll (file missing)
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O20 - Winlogon Notify: byxvvvu - byxvvvu.dll (file missing)

Genstart normalt...

Fortæl hvordan PC'en så kører nu ?

------------------------------------------------------------------------

???

Den kører  super godt - kan du ikke smide et "svar" så jeg kan give dig point?

Mhv. Trine

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

Det har har jeg forlængst gjort.. :-)

Men tak for tippene!

Mhv. Trine

Ping...
(Her er [svar] *S*)