[Løst]Loggsjekk - Mistenker VirtuMonde

[Borastar]

Jeg har kjørt både Spybot og Ad-aware flere ganger uten å fjerne det jeg tror er VirtuMonde. Hver gang PCen restarter så kommer problemet tilbake. Har postet logger fra de tre programmene under. Håper noen kan hjelpe meg.

 

MBAM

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.30

Database versjon: 1445

Windows 5.1.2600 Service Pack 2

 

02.12.2008 15:16:36

mbam-log-2008-12-02 (15-16-36).txt

 

Skanntype: Rask Skann

Objekter skannet: 54550

Tid tilbakelagt: 4 minute(s), 4 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 4

Registernøkler infisert: 16

Registerverdier infisert: 2

Registerfiler infisert: 2

Mapper infisert: 0

Filer infisert: 84

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

E:\WINDOWS\system32\luxgtrbs.dll (Trojan.Vundo.H) -> Delete on reboot.

E:\WINDOWS\system32\xxyywTmJ.dll (Trojan.Vundo.H) -> Delete on reboot.

E:\WINDOWS\system32\omvabw.dll (Trojan.Vundo.H) -> Delete on reboot.

E:\WINDOWS\system32\wvUmnOgf.dll (Trojan.Vundo) -> Delete on reboot.

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvumnogf (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2b52b5c0-8b10-4bd2-b23f-d521bc0cb1c0} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{2b52b5c0-8b10-4bd2-b23f-d521bc0cb1c0} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f687d6f-9aa7-4d09-93ff-bbe1edabf4e7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2f687d6f-9aa7-4d09-93ff-bbe1edabf4e7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f687d6f-9aa7-4d09-93ff-bbe1edabf4e7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b52b5c0-8b10-4bd2-b23f-d521bc0cb1c0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run�0000af (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{07faa62b-2f85-4009-ada2-f2b5d7e74c74} (Trojan.Vundo) -> Delete on reboot.

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: e:\windows\system32\xxyywtmj -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: e:\windows\system32\xxyywtmj -> Delete on reboot.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

E:\WINDOWS\system32\wvUmnOgf.dll (Trojan.Vundo.H) -> Delete on reboot.

E:\WINDOWS\system32\xxyywTmJ.dll (Trojan.Vundo.H) -> Delete on reboot.

E:\WINDOWS\system32\JmTwyyxx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\JmTwyyxx.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\omvabw.dll (Trojan.Vundo.H) -> Delete on reboot.

E:\WINDOWS\system32\borjacyy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\yycajrob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\hwfsafvj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\jvfasfwh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ifwlgpwa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\awpglwfi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\kbvxgwkc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ckwgxvbk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\luxgtrbs.dll (Trojan.Vundo.H) -> Delete on reboot.

E:\WINDOWS\system32\sbrtgxul.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\memjdktf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ftkdjmem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\yifusecd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\dcesufiy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\onjnmmac.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ipphhx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\jpadvc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\kadcwknk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ldhojq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\nkmninpr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\rjdqpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\rkgycqxf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ubeqolep.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\vmoymp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\vrneyfqb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\vxqbrfda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\vyoyiffh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\usuxigvx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\uxliglwv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\wlwaxmiu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ektjdm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\gzbsdo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\mshjoj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\mtxcey.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\myifxi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\nyxtoa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\oadpdfhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ofdyqc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\offchljk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ojjvmyev.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\pqoaeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\stqxjnpa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\strlyrow.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\suwwcq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\sygwqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\tladai.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\tqnrimxj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\wqylhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\iuciwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\ixgtjpox.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\cojhtqut.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\rccrzt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\blgxmxhl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\boeucfhs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\nunvok.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\fiztir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\fkoqsacm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\fngqanom.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\xvorqs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\xxdgpsdt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\yekmgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\asnfjsbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\xfnfub.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\xkdxcekb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\xlmpoe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\kjnnvtcw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\kvelwyjm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\kwkcutdv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\bxdwposf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\vbsfms.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\htajxi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\qnrwgn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\jbbhsgfo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\jnqous.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\mjbxyb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\lmxvsg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\maonfils.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\frqpes.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

E:\WINDOWS\system32\fsgogdnt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 08-12-01.01 - *FJERNET* 2008-12-02 15:25:33.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2721 [GMT 1:00]

Kjører fra: e:\documents and settings\*FJERNET*\Skrivebord\ComboFix.exe

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

e:\windows\system32\afwxovfb.dll

e:\windows\system32\akenkqjo.ini

e:\windows\system32\awlbakhx.ini

e:\windows\system32\aydoooqp.dll

e:\windows\system32\bggdrmef.ini

e:\windows\system32\bmmxeyns.ini

e:\windows\system32\bnayonux.ini

e:\windows\system32\CcceKnnn.ini

e:\windows\system32\CcceKnnn.ini2

e:\windows\system32\ckwfrred.ini

e:\windows\system32\colnrktn.ini

e:\windows\system32\ctwciodw.ini

e:\windows\system32\cugluaum.ini

e:\windows\system32\dixxwdjj.ini

e:\windows\system32\dpnehdjs.dll

e:\windows\system32\dsinqp.dll

e:\windows\system32\dttazu.dll

e:\windows\system32\ejlrolst.ini

e:\windows\system32\fbteqa.dll

e:\windows\system32\fwsgoshs.ini

e:\windows\system32\gcpervbf.ini

e:\windows\system32\gkfaptuy.ini

e:\windows\system32\greccijd.ini

e:\windows\system32\gskvtmxa.ini

e:\windows\system32\hqqvuwjd.ini

e:\windows\system32\ihqopmkx.ini

e:\windows\system32\iiienrff.ini

e:\windows\system32\ivtgwwxh.ini

e:\windows\system32\jikqcyek.ini

e:\windows\system32\jindgjkn.ini

e:\windows\system32\jsqynvoq.ini

e:\windows\system32\jtepgomh.ini

e:\windows\system32\kxryjrad.ini

e:\windows\system32\locvrmyq.ini

e:\windows\system32\ltsumqpf.ini

e:\windows\system32\lwdqja.dll

e:\windows\system32\lzdflk.dll

e:\windows\system32\memucy.dll

e:\windows\system32\mhfbohaw.ini

e:\windows\system32\mhgldldt.ini

e:\windows\system32\mmoxessh.ini

e:\windows\system32\mogphyib.ini

e:\windows\system32\ndtkcp.dll

e:\windows\system32\nvcxlitb.dll

e:\windows\system32\nwcrwgcl.ini

e:\windows\system32\pibsusss.ini

e:\windows\system32\qcymkfvq.dll

e:\windows\system32\qodrguyv.ini

e:\windows\system32\qrhtyxfi.dll

e:\windows\system32\quwixwal.ini

e:\windows\system32\qyfknlqi.ini

e:\windows\system32\rkieminf.ini

e:\windows\system32\rlgaqbhe.ini

e:\windows\system32\saocerfj.ini

e:\windows\system32\shkfmrns.ini

e:\windows\system32\sifnhxet.dll

e:\windows\system32\sovkpqwu.ini

e:\windows\system32\srmvpbum.ini

e:\windows\system32\stidhhmd.ini

e:\windows\system32\svdflfrw.ini

e:\windows\system32\svvjutmn.ini

e:\windows\system32\tgwhsp.dll

e:\windows\system32\tsdacnoh.dll

e:\windows\system32\ttacthcr.ini

e:\windows\system32\ukukfybe.ini

e:\windows\system32\urpoktsy.ini

e:\windows\system32\vliuinof.dll

e:\windows\system32\vuxHOqss.ini

e:\windows\system32\vuxHOqss.ini2

e:\windows\system32\vyblzw.dll

e:\windows\system32\waomch.dll

e:\windows\system32\wptrhpcf.ini

e:\windows\system32\wvjdbxbf.ini

e:\windows\system32\xaytyaux.dll

e:\windows\system32\xmcrtoli.ini

e:\windows\system32\xophsdrh.ini

e:\windows\system32\xtrojwba.ini

e:\windows\system32\xxorhr.dll

e:\windows\system32\xyefshns.dll

e:\windows\system32\ydbiubph.ini

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-02 til 2008-12-02 )))))))))))))))))))))))))))))))))

.

 

2008-12-02 15:11 . 2008-12-02 15:11 <DIR> d-------- e:\programfiler\Malwarebytes' Anti-Malware

2008-12-02 15:11 . 2008-12-02 15:11 <DIR> d-------- e:\documents and settings\*FJERNET*\Programdata\Malwarebytes

2008-12-02 15:11 . 2008-12-02 15:11 <DIR> d-------- e:\documents and settings\All Users\Programdata\Malwarebytes

2008-12-02 15:11 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys

2008-12-02 15:11 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys

2008-11-27 00:05 . 2008-11-27 00:05 <DIR> d-------- e:\programfiler\iTunes

2008-11-27 00:05 . 2008-11-27 00:05 <DIR> d-------- e:\programfiler\iPod

2008-11-27 00:05 . 2008-11-27 00:05 <DIR> d-------- e:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-20 13:21 . 2008-11-20 13:21 244 --ah----- E:\sqmnoopt04.sqm

2008-11-20 13:21 . 2008-11-20 13:21 232 --ah----- E:\sqmdata04.sqm

2008-11-10 15:57 . 2008-11-10 15:56 410,976 --a------ e:\windows\system32\deploytk.dll

2008-11-04 01:14 . 2008-11-04 01:14 <DIR> d-------- e:\programfiler\Soundcrank

2008-11-04 01:14 . 2008-12-02 15:22 <DIR> d-------- e:\documents and settings\*FJERNET*\Programdata\soundcrank

2008-11-03 18:36 . 2008-11-03 18:36 664 --a------ e:\windows\system32\d3d9caps.dat

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-02 14:23 --------- d---a-w e:\documents and settings\All Users\Programdata\TEMP

2008-12-02 14:18 --------- d-----w e:\programfiler\Dl_cats

2008-12-02 14:04 --------- d-----w e:\programfiler\Mozilla Thunderbird

2008-12-02 13:53 --------- d-----w e:\programfiler\QuickTime

2008-12-02 11:59 --------- d-----w e:\documents and settings\*FJERNET*\Programdata\uTorrent

2008-12-01 19:40 --------- d-----w e:\programfiler\Folder Lock

2008-11-30 20:25 --------- d-----w e:\documents and settings\*FJERNET*\Programdata\LimeWire

2008-11-28 18:54 --------- d-----w e:\documents and settings\*FJERNET*\Programdata\dvdcss

2008-11-27 20:56 --------- d-----w e:\programfiler\LimeWire

2008-11-26 23:05 --------- d-----w e:\programfiler\Fellesfiler\Apple

2008-11-17 20:53 22,328 ----a-w e:\windows\system32\drivers\PnkBstrK.sys

2008-11-17 20:53 103,736 ----a-w e:\windows\system32\PnkBstrB.exe

2008-11-13 16:06 --------- d-----w e:\documents and settings\*FJERNET*\Programdata\OpenOffice.org2

2008-11-10 14:56 --------- d-----w e:\programfiler\Java

2008-10-16 23:05 --------- d-----w e:\programfiler\Opera

2008-10-16 14:02 35,363 ----a-w e:\windows\system32\windrvNT.sys

2008-10-09 10:40 --------- d-----w e:\programfiler\Spybot - Search & Destroy

2008-10-09 10:40 --------- d-----w e:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2008-10-06 19:37 --------- d-----w e:\documents and settings\All Users\Programdata\Lavasoft

2008-10-06 19:36 --------- d-----w e:\programfiler\Lavasoft

2008-10-06 19:36 --------- d-----w e:\programfiler\Fellesfiler\Wise Installation Wizard

2008-09-23 01:45 73,728 ----a-w e:\windows\ALCFDRTM.EXE

2008-09-22 00:30 315,392 ----a-w e:\windows\HideWin.exe

2008-09-05 20:16 1,900,544 ----a-w e:\windows\system32\usbaaplrc.dll

2007-12-01 15:22 22,328 ----a-w e:\documents and settings\*FJERNET*\Programdata\PnkBstrK.sys

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2007-08-02 15360]

"MSMSGS"="e:\programfiler\Messenger\msmsgs.exe" [2004-10-13 1694208]

"DAEMON Tools"="e:\programfiler\DAEMON Tools\daemon.exe" [2007-11-17 171464]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

"H/PC Connection Agent"="e:\programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2007-04-12 8429568]

"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2007-04-12 81920]

"Adobe Reader Speed Launcher"="e:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]

"dlcxmon.exe"="e:\programfiler\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]

"MemoryCardManager"="e:\programfiler\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]

"SunJavaUpdateSched"="e:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"Acrobat Assistant 8.0"="e:\programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

"DLCXCATS"="e:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

"NeroFilterCheck"="e:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="e:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"CloneCDTray"="e:\programfiler\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"AppleSyncNotifier"="e:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"iTunesHelper"="e:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"QuickTime Task"="e:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696]

"nwiz"="nwiz.exe" [2007-04-12 e:\windows\system32\nwiz.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 e:\windows\KHALMNPR.Exe]

"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 e:\windows\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2007-08-02 15360]

 

e:\documents and settings\Ari††\Start-meny\Programmer\Oppstart\

MagicDisc.lnk - e:\programfiler\MagicDisc\MagicDisc.exe [2008-03-05 546816]

 

e:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - e:\programfiler\ANYCOM\Blue USB-200-250\BTTray.exe [2006-01-05 618557]

Logitech SetPoint.lnk - e:\programfiler\Logitech\SetPoint\SetPoint.exe [2007-11-29 692224]

SoundcrankLoader.lnk - e:\programfiler\Soundcrank\SoundcrankLoader.exe [2008-10-23 112912]

START VDRS PROFESSIONAL.lnk - e:\programfiler\ALNET SYSTEMS\VDRS PROFESSIONAL\PROFESSIONAL\Start DR-S.exe [2007-06-16 638976]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=omvabw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.dvsd"= pdvcodec.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"e:\\Programfiler\\uTorrent\\uTorrent.exe"=

"e:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"e:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"e:\\WINDOWS\\system32\\PnkBstrA.exe"=

"e:\\WINDOWS\\system32\\PnkBstrB.exe"=

"e:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"e:\\WINDOWS\\system32\\dlcxcoms.exe"=

"e:\\Programfiler\\Eidos\\Kane and Lynch Dead Men\\kaneandlynch.exe"=

"e:\\Programfiler\\LimeWire\\LimeWire.exe"=

"e:\programfiler\Microsoft ActiveSync\rapimgr.exe"= e:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"e:\programfiler\Microsoft ActiveSync\wcescomm.exe"= e:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"e:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= e:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"e:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"e:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"=

"e:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"e:\\Programfiler\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"27996:UDP"= 27996:UDP:utorrent port

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R2 dlcx_device;dlcx_device;e:\windows\system32\dlcxcoms.exe -service []

R2 FBSI LiveUpdate;FBSI LiveUpdate;e:\programfiler\Fellesfiler\FBSI\LiveUpdate\fbsi_upd.exe [2008-01-16 20480]

R3 CAPAM;CAPAM;e:\windows\system32\drivers\CapAM.sys [2007-03-06 196190]

R3 GPWADrv;Service for L6 GuitarPort Driver (WDM);e:\windows\system32\Drivers\GPWADrv.sys [2007-11-29 514432]

R3 OEM;OEM;e:\windows\system32\drivers\CapSV.sys [2007-03-06 114432]

S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [2007-01-25 42000]

S3 USBAAPL;Apple Mobile USB Driver;e:\windows\system32\Drivers\usbaapl.sys [2007-11-29 32000]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d5a1164-8965-11dd-8916-00508d9ccc25}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

 

*Newly Created Service* - PROCEXP90

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2008-11-27 e:\windows\Tasks\AppleSoftwareUpdate.job

- e:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - TOMME PEKERE FJERNET - - - -

 

BHO-{2CEA352F-25F4-4E2F-BBBA-C25891FA628A} - e:\windows\system32\nnnKeccC.dll

BHO-{9A454919-FD2E-4D3D-984C-BF85619E7834} - e:\windows\system32\ssqOHxuv.dll

 

 

.

------- Tilleggsskanning -------

.

FireFox -: Profile - e:\documents and settings\*FJERNET*\Programdata\Mozilla\Firefox\Profiles\zcakqtke.default\

FF -: plugin - e:\programfiler\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - e:\programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - e:\programfiler\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - e:\programfiler\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - e:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - e:\programfiler\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - e:\programfiler\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - e:\programfiler\Mozilla Firefox\plugins\npmozax.dll

FF -: plugin - e:\programfiler\Mozilla Firefox\plugins\NPTURNMED.dll

FF -: plugin - e:\programfiler\Opera\program\plugins\npdivx32.dll

FF -: plugin - e:\programfiler\Opera\program\plugins\nppl3260.dll

FF -: plugin - e:\programfiler\Opera\program\plugins\nprpjplug.dll

FF -: plugin - e:\programfiler\Opera\program\plugins\NPTURNMED.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-02 15:30:03

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCXCATS = rundll32 e:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2008-12-02 15:31:29

ComboFix-quarantined-files.txt 2008-12-02 14:30:40

 

Pre-Run: 98 496 376 832 byte ledig

Post-Run: 99,050,164,224 byte ledig

 

257 --- E O F --- 2008-09-23 01:00:26

 

HJT

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:35:27, on 02.12.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Programfiler\Dell Photo AIO Printer 926\dlcxmon.exe

E:\Programfiler\Dell Photo AIO Printer 926\memcard.exe

E:\Programfiler\Java\jre6\bin\jusched.exe

E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

E:\WINDOWS\RTHDCPL.EXE

E:\Programfiler\iTunes\iTunesHelper.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe

E:\Programfiler\Microsoft ActiveSync\wcescomm.exe

E:\Programfiler\ANYCOM\Blue USB-200-250\BTTray.exe

E:\Programfiler\Logitech\SetPoint\SetPoint.exe

E:\PROGRA~1\MICROS~4\rapimgr.exe

E:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE

E:\PROGRA~1\ANYCOM\BLUEUS~1\BTSTAC~1.EXE

E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

E:\Programfiler\Bonjour\mDNSResponder.exe

E:\Programfiler\ANYCOM\Blue USB-200-250\bin\btwdins.exe

E:\WINDOWS\system32\dlcxcoms.exe

E:\Programfiler\Fellesfiler\FBSI\LiveUpdate\fbsi_upd.exe

E:\Programfiler\Java\jre6\bin\jqs.exe

E:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

E:\WINDOWS\ALCFDRTM.EXE

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\PnkBstrA.exe

E:\WINDOWS\system32\svchost.exe

E:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Programfiler\iPod\bin\iPodService.exe

E:\WINDOWS\system32\wbem\wmiapsrv.exe

E:\Programfiler\VideoLAN\VLC\vlc.exe

E:\WINDOWS\explorer.exe

E:\Programfiler\Mozilla Firefox\firefox.exe

E:\Documents and Settings\*FJERNET*\Skrivebord\MYZane.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O1 - Hosts: 00.00.00.00 vg.no

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programfiler\Java\jre6\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programfiler\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dlcxmon.exe] "E:\Programfiler\Dell Photo AIO Printer 926\dlcxmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "E:\Programfiler\Dell Photo AIO Printer 926\memcard.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [DLCXCATS] rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "E:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [CloneCDTray] "E:\Programfiler\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iTunesHelper] "E:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "E:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "E:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "E:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programfiler\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: MagicDisc.lnk = E:\Programfiler\MagicDisc\MagicDisc.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = E:\Programfiler\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: SoundcrankLoader.lnk = E:\Programfiler\Soundcrank\SoundcrankLoader.exe

O4 - Global Startup: START VDRS PROFESSIONAL.lnk = E:\Programfiler\ALNET SYSTEMS\VDRS PROFESSIONAL\PROFESSIONAL\Start DR-S.exe

O8 - Extra context menu item: Append to existing PDF - res://E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth-enhet... - E:\Programfiler\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programfiler\ANYCOM\Blue USB-200-250\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programfiler\ANYCOM\Blue USB-200-250\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programfiler\Messenger\msmsgs.exe

O15 - Trusted Zone: *.line6.net

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196356058312

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: omvabw.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - E:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programfiler\ANYCOM\Blue USB-200-250\bin\btwdins.exe

O23 - Service: dlcx_device - - E:\WINDOWS\system32\dlcxcoms.exe

O23 - Service: FBSI LiveUpdate - FBSI AS - E:\Programfiler\Fellesfiler\FBSI\LiveUpdate\fbsi_upd.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - E:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - E:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Programfiler\WinPcap\rpcapd.exe

 

--

End of file - 11258 bytes

 

 

Noe jeg kan gjøre?

[norbat]

Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O1 - Hosts: 00.00.00.00 vg.no

O20 - AppInit_DLLs: omvabw.dll

 

Fortell om du fortsatt har problemer med Virtumonde'n