Noen som kan se på denne combofix loggen?

Rage · 28. juli 2008

ComboFix 08-07-27.6 - JPS 2008-07-28 19:44:23.1 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1742 [GMT 2:00]

Running from: C:\Documents and Settings\JPS\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\lg\Programdata\macromedia\Flash Player\#SharedObjects\834357HL\interclick.com

C:\Documents and Settings\lg\Programdata\macromedia\Flash Player\#SharedObjects\834357HL\interclick.com\ud.sol

C:\Documents and Settings\lg\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Documents and Settings\lg\Programdata\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\WINDOWS\BM4f6f64ed.txt

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\beitbi.dll

C:\WINDOWS\system32\bumcklur.ini

C:\WINDOWS\system32\bxkwdqxb.dll

C:\WINDOWS\system32\byXQKbAs.dll

C:\WINDOWS\system32\fackymor.ini

C:\WINDOWS\system32\fccyXpPI.dll

C:\WINDOWS\system32\fewciwxy.ini

C:\WINDOWS\system32\folxpptv.ini

C:\WINDOWS\system32\ftelsvlr.dll

C:\WINDOWS\system32\hklzoh.dll

C:\WINDOWS\system32\ilgjcmyj.dll

C:\WINDOWS\system32\ivqbgjvo.dll

C:\WINDOWS\system32\JH1M03F6.dll

C:\WINDOWS\system32\khfccaAr.dll

C:\WINDOWS\system32\lnhsxnqb.ini

C:\WINDOWS\system32\lumwvf.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mdomxwhr.dll

C:\WINDOWS\system32\mhqivefd.ini

C:\WINDOWS\system32\mujfsnew.ini

C:\WINDOWS\system32\navaaqru.ini

C:\WINDOWS\system32\omihlq.dll

C:\WINDOWS\system32\opnOfCrS.dll

C:\WINDOWS\system32\qdflaynb.dll

C:\WINDOWS\system32\qktjho.dll

C:\WINDOWS\system32\ramtnrly.dll

C:\WINDOWS\system32\saqosurr.dll

C:\WINDOWS\system32\shjhdsip.dll

C:\WINDOWS\system32\ssqNFywT.dll

C:\WINDOWS\system32\sxkhbqqx.dll

C:\WINDOWS\system32\tpmmqytp.dll

C:\WINDOWS\system32\tuvVOGaB.dll

C:\WINDOWS\system32\TwyFNqss.ini

C:\WINDOWS\system32\TwyFNqss.ini2

C:\WINDOWS\system32\uxcqurpi.dll

C:\WINDOWS\system32\vmmjusbu.ini

C:\WINDOWS\system32\vwjlpslg.ini

C:\WINDOWS\system32\wlqkuycn.ini

C:\WINDOWS\system32\wvUoLDtT.dll

C:\WINDOWS\system32\xanknsik.dll

C:\WINDOWS\system32\xdceyv.dll

C:\WINDOWS\system32\yuigmefm.dll

.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))

.

2008-07-28 09:46 . 2008-07-28 09:46 105,472 --a------ C:\WINDOWS\system32\vtrsodcw.dll

2008-07-28 09:46 . 2008-07-28 09:46 105,472 --a------ C:\WINDOWS\system32\vprohy.dll

2008-07-28 09:46 . 2008-07-28 09:46 91,648 --a------ C:\WINDOWS\system32\pklhdxlm.dll

2008-07-28 09:46 . 2008-07-28 09:46 83,456 --a------ C:\WINDOWS\system32\glspljwv.dll

2008-07-28 08:41 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-07-27 15:39 . 2008-07-27 16:33 <DIR> d-------- C:\Documents and Settings\lg\.housecall6.6

2008-07-27 09:45 . 2008-07-27 09:45 105,472 --a------ C:\WINDOWS\system32\ndaogthp.dll

2008-07-27 09:45 . 2008-07-27 09:45 105,472 --a------ C:\WINDOWS\system32\etthtv.dll

2008-07-27 09:45 . 2008-07-27 09:45 91,648 --a------ C:\WINDOWS\system32\yoarpuux.dll

2008-07-27 09:43 . 2008-07-27 09:43 105,472 --a------ C:\WINDOWS\system32\xyyrjs.dll

2008-07-27 09:43 . 2008-07-27 09:43 105,472 --a------ C:\WINDOWS\system32\xlwtdfvy.dll

2008-07-27 09:42 . 2008-07-27 09:42 91,648 --a------ C:\WINDOWS\system32\yidnkjew.dll

2008-07-27 08:18 . 2008-07-27 08:18 <DIR> d-------- C:\Programfiler\Windows Defender

2008-07-26 15:37 . 2008-07-26 15:55 <DIR> d-------- C:\Programfiler\Windows Live Safety Center

2008-07-26 09:40 . 2008-07-26 09:40 268 --ah----- C:\sqmdata00.sqm

2008-07-26 09:40 . 2008-07-26 09:40 244 --ah----- C:\sqmnoopt00.sqm

2008-07-26 09:11 . 2008-07-26 09:11 105,472 --a------ C:\WINDOWS\system32\sxfyvkka.dll

2008-07-26 09:11 . 2008-07-26 09:11 105,472 --a------ C:\WINDOWS\system32\mqfobu.dll

2008-07-26 09:11 . 2008-07-26 09:11 91,648 --a------ C:\WINDOWS\system32\cfoaskoa.dll

2008-07-25 08:08 . 2008-07-25 08:08 105,472 --a------ C:\WINDOWS\system32\lvlljxou.dll

2008-07-25 08:08 . 2008-07-25 08:08 105,472 --a------ C:\WINDOWS\system32\jilzns.dll

2008-07-25 08:05 . 2008-07-25 08:05 91,648 --a------ C:\WINDOWS\system32\jvojuyxh.dll

2008-07-22 06:13 . 2008-07-22 07:52 <DIR> d-------- C:\Documents and Settings\JPS\.housecall6.6

2008-07-21 23:12 . 2008-07-28 17:14 <DIR> dr-h----- C:\Documents and Settings\JPS\Siste

2008-07-21 10:05 . 2008-07-21 10:05 0 --a------ C:\WINDOWS\system32\jhJmLCfV.exe.a_a

2008-07-21 10:00 . 2008-07-21 10:00 <DIR> dr------- C:\Documents and Settings\NetworkService\Favoritter

2008-07-21 08:05 . 2008-07-22 07:39 35,842 --a------ C:\WINDOWS\system32\jhJmLCfV.exe

2008-07-21 07:54 . 2008-07-21 07:53 29,760 --a------ C:\WINDOWS\system32\6R4gOXaA.exe

2008-07-21 07:54 . 2008-07-21 07:54 0 --a------ C:\WINDOWS\system32\6R4gOXaA.exe.a_a

2008-07-20 12:05 . 2008-07-20 12:05 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite

2008-07-20 12:05 . 2008-07-20 12:05 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia

2008-07-20 12:05 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-07-20 12:04 . 2008-07-20 12:04 <DIR> d-------- C:\Programfiler\PC Connectivity Solution

2008-07-20 10:18 . 2008-07-20 10:18 <DIR> d-------- C:\Programfiler\ToniArts

2008-07-18 07:32 . 2008-07-28 19:49 111,618 --a------ C:\WINDOWS\BM4f6f64ed.xml

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-27 13:33 --------- d-----w C:\Programfiler\Trend Micro

2008-07-24 14:28 --------- d-----w C:\Programfiler\Azureus

2008-07-20 10:05 --------- d-----w C:\Programfiler\Nokia

2008-07-20 10:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations

2008-07-20 08:24 --------- d-----w C:\Documents and Settings\JPS\Programdata\Azureus

2008-07-20 08:18 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-06-21 12:43 --------- d-----w C:\Programfiler\Google

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-02 17:27 --------- d-----w C:\Programfiler\Microsoft SQL Server

2008-06-02 17:25 --------- d-----w C:\Programfiler\Windows Live

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{add445c2-f58c-4440-9110-cb803d5bd31b}]

2008-07-28 09:46 105472 --a------ C:\WINDOWS\system32\vprohy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 11:57 65536]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

"PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]

"Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-10 00:01 138008]

"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2006-08-14 13:54 253952]

"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2004-03-24 07:40 196608]

"DpUtil"="C:\Programfiler\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-08 15:43 155648]

"TouchED"="C:\Programfiler\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 15:26 102400]

"SmoothView"="C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe" [2007-05-11 12:13 143360]

"TMERzCtl.EXE"="C:\Programfiler\TOSHIBA\TME3\TMERzCtl.EXE" [2006-09-01 13:21 90112]

"TMESRV.EXE"="C:\Programfiler\TOSHIBA\TME3\TMESRV31.EXE" [2006-01-19 19:53 118784]

"TosHKCW.exe"="C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 11:42 49152]

"TAudEffect"="C:\Programfiler\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-09 19:48 344144]

"DDWMon"="C:\Programfiler\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 11:49 495616]

"PSQLLauncher"="C:\Programfiler\Protector Suite QL\launcher.exe" [2006-05-05 17:36 30208]

"topi"="C:\Programfiler\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536]

"OfficeScanNT Monitor"="C:\Programfiler\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-11-03 00:32 372813]

"BM4f6f64ed"="C:\WINDOWS\system32\pklhdxlm.dll" [2008-07-28 09:46 91648]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 02:05 16125440 C:\WINDOWS\RTHDCPL.exe]

"TFNF5"="TFNF5.exe" [2006-04-11 03:14 622592 C:\WINDOWS\system32\TFNF5.exe]

"TPSODDCtl"="TPSODDCtl.exe" [2007-04-20 16:28 102400 C:\WINDOWS\system32\TPSODDCtl.exe]

"TPSMain"="TPSMain.exe" [2007-04-20 16:28 299008 C:\WINDOWS\system32\TPSMain.exe]

"TOSDCR"="TOSDCR.EXE" [2005-12-12 18:54 57344 C:\WINDOWS\system32\TOSDCR.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]

"Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-05-05 17:48 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]

2006-07-22 04:54 65536 C:\WINDOWS\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\WINDOWS\system32\DRIVERS\thpdrv.sys [2007-03-22 13:07]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\WINDOWS\system32\DRIVERS\Thpevm.SYS [2007-03-09 15:23]

R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2004-06-16 11:08]

R2 FdRedir;FdRedir;C:\Programfiler\Fellesfiler\Protector Suite QL\Drivers\FdRedir.sys [2006-05-05 18:00]

R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Programfiler\Fellesfiler\Protector Suite QL\Drivers\filedisk.sys [2006-05-05 17:59]

R2 smihlp;SMI helper driver;C:\Programfiler\Protector Suite QL\smihlp.sys [2006-05-05 17:33]

R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 12:22]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 12:15]

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 22:26]

R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2007-02-21 18:20]

.

Contents of the 'Scheduled Tasks' folder

2008-07-28 C:\WINDOWS\Tasks\At13.job

- C:\WINDOWS\system32\6R4gOXaA.exe [2008-07-21 07:53]

2008-07-28 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/

R1 -: HKCU-Internet Settings,ProxyServer = hxxp://WS-SRV-01:8080

O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-28 19:48:29

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\pskt.ini 21 bytes

C:\WINDOWS\BM4f6f64ed.txt 208 bytes

scan completed successfully

hidden files: 2

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Programfiler\Trend Micro\Client Server Security Agent\NTRtScan.exe

C:\WINDOWS\system32\ThpSrv.exe

C:\Programfiler\Trend Micro\Client Server Security Agent\TmListen.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Programfiler\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

C:\WINDOWS\temp\PZ3F41.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxext.exe

C:\Programfiler\TOSHIBA\TME3\TMEEJME.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Programfiler\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe

C:\Programfiler\Apoint2K\ApntEx.exe

C:\Programfiler\Protector Suite QL\psqltray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Programfiler\Fellesfiler\Nokia\MPAPI\MPAPI3s.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

.

**************************************************************************

.

Completion time: 2008-07-28 19:53:51 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-28 17:53:48

Pre-Run: 22,327,250,944 byte ledig

Post-Run: 21,295,726,592 byte ledig

235 --- E O F --- 2008-07-10 10:30:31

snippsat · 28. juli 2008

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

File::

C:\WINDOWS\system32\vtrsodcw.dll

C:\WINDOWS\system32\vprohy.dll

C:\WINDOWS\system32\pklhdxlm.dll

C:\WINDOWS\system32\glspljwv.dll

C:\WINDOWS\system32\ndaogthp.dll

C:\WINDOWS\system32\etthtv.dll

C:\WINDOWS\system32\yoarpuux.dll

C:\WINDOWS\system32\xyyrjs.dll

C:\WINDOWS\system32\xlwtdfvy.dll

C:\WINDOWS\system32\yidnkjew.dll

C:\WINDOWS\system32\sxfyvkka.dll

C:\WINDOWS\system32\mqfobu.dll

C:\WINDOWS\system32\cfoaskoa.dll

C:\WINDOWS\system32\lvlljxou.dll

C:\WINDOWS\system32\jilzns.dll

C:\WINDOWS\system32\jvojuyxh.dll

C:\WINDOWS\system32\jhJmLCfV.exe.a_a

C:\WINDOWS\system32\jhJmLCfV.exe

C:\WINDOWS\system32\6R4gOXaA.exe

C:\WINDOWS\system32\6R4gOXaA.exe.a_a

C:\WINDOWS\BM4f6f64ed.xml

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{add445c2-f58c-4440-9110-cb803d5bd31b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BM4f6f64ed"=-

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

---

Last ned MBAM til skrivebordet.

Velg Norsk språkdrakt-->kjør hurtig systemskann.

Når MBAM er ferdig åpner den en logg,den poster du.

---

Restart

---

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log"

Post HijackThis.txt

Endret 28. juli 2008 av SNIPPSAT

Rage · 28. juli 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:20, on 2008-07-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://WS-SRV-01:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32THotkey.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [DpUtil] C:\Programfiler\TOSHIBA\DualPointUtility\TEDTray.exe

O4 - HKLM\..\Run: [TouchED] C:\Programfiler\TOSHIBA\TouchED\TouchED.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [smoothView] C:\Programfiler\TOSHIBA\TOSHIBA zoom\SmoothView.exe

O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Programfiler\TOSHIBA\TME3\TMERzCtl.EXE /Service

O4 - HKLM\..\Run: [TMESRV.EXE] C:\Programfiler\TOSHIBA\TME3\TMESRV31.EXE /Logon

O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programfiler\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [TAudEffect] C:\Programfiler\TOSHIBA\TAudEffect\TAudEff.exe /run

O4 - HKLM\..\Run: [DDWMon] C:\Programfiler\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Programfiler\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [topi] C:\Programfiler\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKCU\..\Run: [TOSCDSPD] C:\Programfiler\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1217078833484

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WorkSelect.local

O17 - HKLM\Software\..\Telephony: DomainName = WorkSelect.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WorkSelect.local

O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programfiler\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOSHIBA Harddiskbeskyttelse (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe

O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Programfiler\TOSHIBA\TME3\Tmesrv31.exe

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--

End of file - 7403 bytes

snippsat · 28. juli 2008

Følg det som er postet

Da skal jeg ha ny logg fra combofix ettter CFScript.txt.

Logg fra MBAM.

Det viktig at jeg får all info,da vil jeg se over det og du blir ren for alt grums.

Endret 28. juli 2008 av SNIPPSAT

Rage · 28. juli 2008

Malwarebytes' Anti-Malware 1.23

Database versjon: 1002

Windows 5.1.2600 Service Pack 2

22:39:23 2008-07-28

mbam-log-7-28-2008 (22-39-23).txt

Skanntype: Rask Skann

Objekter skannet: 45223

Tid tilbakelagt: 4 minute(s), 21 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

ComboFix log kommer

Rage · 28. juli 2008

ComboFix 08-07-27.6 - JPS 2008-07-28 22:40:17.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1434 [GMT 2:00]

Running from: C:\Documents and Settings\JPS\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))

.

2008-07-28 21:15 . 2008-07-28 21:15 <DIR> dr-h----- C:\Documents and Settings\JPS\Siste

2008-07-28 20:06 . 2008-07-28 20:06 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-07-28 20:06 . 2008-07-28 20:06 <DIR> d-------- C:\Documents and Settings\JPS\Programdata\Malwarebytes

2008-07-28 20:06 . 2008-07-28 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-07-28 20:06 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-07-28 20:06 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-07-28 20:02 . 2008-07-28 20:02 <DIR> d-------- C:\Programfiler\CCleaner