LØST Kan noen sjekke ut denne Hjt loggen?

kattami · 4. april 2008

Hadde Vundo på dataen tidligere dag men fikk den fjernet med SAS. Men nå får jeg opp tre feilmeldinger når jeg starter pcen.

Feil ved lasting av:

C:user.....\Temp\Mapdeijw.dll

C:user.....\Temp\hgGxXoom.dll

C:user.....\Temp\opnLdDsp.dll

Håper inderlig å få de vekk. :ermm:

Klikk for å se/fjerne innholdet nedenfor

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\System32\CtHelper.exe

C:\Windows\System32\Ctxfihlp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Users\Katrine\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Komplett

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Katrine\AppData\Local\Temp\hgGxXoom.dll,#1

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Katrine\AppData\Local\Temp\opnLdDsp.dll,c

O4 - HKCU\..\Run: [1879064b] rundll32.exe "C:\Users\Katrine\AppData\Local\Temp\mapdeijw.dll",b

O4 - HKCU\..\Run: [bM1b4a35d7] Rundll32.exe "C:\Users\Katrine\AppData\Local\Temp\vibquvln.dll",s

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\Windows\system32\pr2agqwb.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 6131 bytes

Endret 5. april 2008 av kattami

snippsat · 4. april 2008

Ja det er noe som kjører fra temp.

Det skal være greit og fjerne.

Kan se på en combofix logg om det ligger noe mere som bør fjernes.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Endret 4. april 2008 av SNIPPSAT

kattami · 4. april 2008

Okei, combofix er kjørt og her er loggen:

Klikk for å se/fjerne innholdet nedenfor

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-04 21:59 6,736 ----a-w C:\Windows\system32\drivers\PROCEXP90.SYS

2008-04-04 21:55 --------- d-----w C:\Users\Katrine\AppData\Roaming\uTorrent

2008-04-04 14:03 --------- d-----w C:\Program Files\SpywareBlaster

2008-04-04 14:00 --------- d-----w C:\ProgramData\TEMP

2008-04-04 13:13 --------- d-----w C:\Program Files\CCleaner

2008-04-04 12:54 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-04-04 12:53 --------- d-----w C:\Users\Katrine\AppData\Roaming\SUPERAntiSpyware.com

2008-04-04 12:53 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-04-04 12:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-04-04 12:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-04-04 12:45 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-04-04 07:59 --------- d-----w C:\ProgramData\Lavasoft

2008-04-04 07:58 --------- d-----w C:\Program Files\Lavasoft

2008-04-01 14:02 --------- d-----w C:\Users\Katrine\AppData\Roaming\dvdcss

2008-03-25 00:15 --------- d-----w C:\ProgramData\Symantec

2008-03-22 17:58 --------- d-----w C:\Users\Katrine\AppData\Roaming\PC Suite

2008-03-22 17:53 --------- d-----w C:\Users\Katrine\AppData\Roaming\Nokia Multimedia Player

2008-03-22 17:51 --------- d-----w C:\Users\Katrine\AppData\Roaming\Nokia

2008-03-22 17:51 --------- d-----w C:\ProgramData\PC Suite

2008-03-22 17:51 --------- d-----w C:\Program Files\DIFX

2008-03-22 17:50 --------- d-----w C:\Program Files\Nokia

2008-03-22 17:50 --------- d-----w C:\Program Files\Common Files\PCSuite

2008-03-22 17:50 --------- d-----w C:\Program Files\Common Files\Nokia

2008-03-22 17:49 --------- d-----w C:\Program Files\PC Connectivity Solution

2008-03-22 17:47 --------- d-----w C:\ProgramData\Installations

2008-03-20 19:38 --------- d-----w C:\Program Files\Google

2008-03-16 14:28 --------- d-----w C:\Users\Katrine\AppData\Roaming\Winamp

2008-03-16 14:26 --------- d-----w C:\ProgramData\OrbNetworks

2008-03-16 14:26 --------- d-----w C:\Program Files\Winamp Remote

2008-03-16 14:26 --------- d-----w C:\Program Files\Winamp

2008-03-14 21:36 --------- d-----w C:\Program Files\Cyanide

2008-03-14 20:07 --------- d-----w C:\Users\Katrine\AppData\Roaming\Turbine

2008-03-14 19:03 --------- d-----w C:\Program Files\Codemasters

2008-03-14 12:07 --------- d-----w C:\Program Files\uTorrent

2008-03-14 12:06 --------- d-----w C:\Users\Katrine\AppData\Roaming\vlc

2008-03-14 12:06 --------- d-----w C:\Program Files\VideoLAN

2008-03-14 12:01 --------- d-----w C:\Program Files\Norton AntiVirus

2008-03-14 12:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-03-14 09:15 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF

2008-03-14 09:15 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS

2008-03-14 09:15 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT

2008-03-14 09:15 --------- d-----w C:\Program Files\Symantec

2008-03-14 09:05 --------- d-----w C:\Program Files\Windows Mail

2008-03-14 09:00 57,625,520 ----a-w C:\Program Files\nav2008.exe

2008-03-14 08:56 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-03-14 08:56 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-03-14 08:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-03-14 08:53 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-03-14 08:53 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-03-14 08:53 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-03-14 08:53 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-03-14 08:52 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-03-14 08:47 --------- d-sh--w C:\ProgramData\Start-meny

2008-03-14 08:47 --------- d-sh--w C:\ProgramData\Skrivebord

2008-03-14 08:47 --------- d-sh--w C:\ProgramData\Programdata

2008-03-14 08:47 --------- d-sh--w C:\ProgramData\Maler

2008-03-14 08:47 --------- d-sh--w C:\ProgramData\Favoritter

2008-03-14 08:47 --------- d-sh--w C:\ProgramData\Dokumenter

2008-03-14 08:47 --------- d-sh--w C:\Program Files\Fellesfiler

2008-03-07 22:00 268,435,456 --sha-w C:\WinPEpge.sys

2008-03-07 13:25 --------- d-----w C:\ProgramData\NVIDIA

2008-03-07 13:22 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-07 13:19 409,600 ----a-w C:\Windows\System32\wrap_oal.dll

2008-03-07 13:19 114,688 ----a-w C:\Windows\System32\OpenAL32.dll

2008-03-07 13:16 --------- d-----w C:\ProgramData\Creative

2008-03-07 13:16 --------- d-----w C:\Program Files\OpenAL

2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2008-01-15 09:14 87,040 ----a-w C:\Windows\System32\msoert2.dll

2008-01-15 09:14 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2008-01-15 09:14 39,424 ----a-w C:\Windows\System32\ACCTRES.dll

2008-01-15 09:14 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2008-01-15 09:14 205,824 ----a-w C:\Windows\System32\msoeacct.dll

2008-01-15 09:14 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-01-15 09:13 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2008-01-15 09:13 542,720 ----a-w C:\Windows\System32\sysmain.dll

2008-01-15 09:13 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2008-01-15 09:13 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2008-01-15 09:13 297,984 ----a-w C:\Windows\System32\wlansec.dll

2008-01-15 09:13 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2008-01-15 09:13 2,923,520 ----a-w C:\Windows\explorer.exe

2008-01-15 09:11 86,016 ----a-w C:\Windows\System32\icfupgd.dll

2008-01-15 09:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2008-01-15 09:11 7,680 ----a-w C:\Windows\System32\spwmp.dll

2008-01-15 09:11 61,952 ----a-w C:\Windows\System32\cmifw.dll

2008-01-15 09:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2008-01-15 09:11 396,800 ----a-w C:\Windows\System32\MPSSVC.dll

2008-01-15 09:11 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll

2008-01-15 09:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2008-01-15 09:11 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll

2008-01-15 09:11 16,896 ----a-w C:\Windows\System32\wfapigp.dll

2008-01-15 09:10 1,191,936 ----a-w C:\Windows\System32\msxml3.dll

2008-01-15 09:09 8,704 ----a-w C:\Windows\System32\hcrstco.dll

2008-01-15 09:09 8,704 ----a-w C:\Windows\System32\hccoin.dll

2008-01-15 09:09 1,327,104 ----a-w C:\Windows\System32\quartz.dll

2008-01-15 09:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL

2008-01-15 09:08 57,856 ----a-w C:\Windows\System32\SLUINotify.dll

2008-01-15 09:08 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll

2008-01-15 09:08 39,936 ----a-w C:\Windows\System32\slcinst.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-03-14 11:15 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-15 11:07 1232896]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-20 21:38 171448]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

"BM1b4a35d7"="C:\Users\Katrine\AppData\Local\Temp\vibquvln.dll" [2008-04-04 15:16 88640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-15 11:12 1006264]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

"CTHelper"="CTHELPER.EXE" [2007-05-10 16:51 19456 C:\Windows\System32\CtHelper.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2007-05-10 16:52 19968 C:\Windows\System32\Ctxfihlp.exe]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DevconDefaultDB"="C:\Windows\system32\READREG /SILENT /FAIL=1" [ ]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

--a------ 2008-01-07 22:02 495616 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{91B5C282-F146-49FE-AAA1-CD2B4B41DE49}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{C6F8BDF1-47CF-486B-AD4C-9FD7FF0B6925}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{F82E673D-2CEC-47D7-84DC-A304720FC122}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter

"{F4F5FFE1-71C7-45D5-8D8C-17540DABB08B}"= UDP:C:\Program Files\Cyanide\Loki\Loki.exe:Loki

"{DD9190A5-EB59-4C7E-8FEC-91423788F4F9}"= TCP:C:\Program Files\Cyanide\Loki\Loki.exe:Loki

"{FFD7D061-F3FA-491D-BCE1-4DD265116997}"= UDP:C:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe:Loki - AutoRun

"{25BF9B32-86ED-4756-91B5-4AB653974887}"= TCP:C:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe:Loki - AutoRun

"{5F8D061B-A2DB-43B8-A7C4-A43CCE8F5938}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{2BEE9C77-F15F-44A2-A357-ABD38EC421B0}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{6EB1A1DE-BC4C-41F5-AA25-035908D72BB3}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{19DC5AFC-64A6-40AF-A1E8-43B40387B059}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{2D4CF990-4688-4A15-AAB3-67BD736DE495}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{922660C8-155D-4C4C-9607-945ECC35EDFA}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{1248DEE9-8209-4F88-A99E-97769265749F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{EF043172-7E70-43A3-9E1B-02D9D32C43A2}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 pe3agqwb;Loki Environment Driver (pe3agqwb);C:\Windows\system32\drivers\pe3agqwb.sys [2007-07-04 18:07]

R0 ps6agqwb;Loki Synchronization Driver (ps6agqwb);C:\Windows\system32\drivers\ps6agqwb.sys [2007-07-04 18:06]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080401.001\IDSvix86.sys [2008-02-13 18:18]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]

R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2007-05-11 11:28]

R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 22:50]

S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb);C:\Windows\system32\pr2agqwb.exe svc []

S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-08-09 12:12]

S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-07-07 16:13]

S4 UGURU;UGURU;C:\Windows\system32\drivers\uguru.sys [2006-10-02 04:10]

.

Contents of the 'Scheduled Tasks' folder

"2008-03-31 18:59:12 C:\Windows\Tasks\Norton AntiVirus Online - Kjør full systemskanning - Katrine.job"

- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-04 23:59:43

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe

-> C:\Users\Katrine\AppData\Local\Temp\vibquvln.dll

.

Completion time: 2008-04-05 0:00:10

ComboFix-quarantined-files.txt 2008-04-04 22:00:06

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

.

2008-03-15 12:54:01 --- E O F ---

norbat · 4. april 2008

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Katrine\AppData\Local\Temp\hgGxXoom.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Katrine\AppData\Local\Temp\opnLdDsp.dll,c

O4 - HKCU\..\Run: [1879064b] rundll32.exe "C:\Users\Katrine\AppData\Local\Temp\mapdeijw.dll",b

O4 - HKCU\..\Run: [bM1b4a35d7] Rundll32.exe "C:\Users\Katrine\AppData\Local\Temp\vibquvln.dll",s

Last ned CCleaner. Under installasjonen får du valget om å installere Yahoo Toolbar. Det vil du kanskje ikke. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Restart PC-en og fortell hvordan det går med 'problemet'.

kattami · 4. april 2008

Av en eller anna grunn fant jeg ikke igjen de tre første filene jeg skulle slette og den fjerde dukket bare opp igjen...Kjørte ccleanern, restartet maskinene og feilmeldingene var borte. :dontgetit:

Ny HJT logg:

Klikk for å se/fjerne innholdet nedenfor

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\CtHelper.exe

C:\Windows\System32\Ctxfihlp.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

c:\Users\Katrine\Downloads\HiJackThis.exe