[Løst]Pcn sliter med litt av vært - virus? Trojaner?

[Gjest]

Sitter nå og prøver å komme på internett, den sliter med å åpne firefox, internett explorer :|

Kan noen gi meg veiledninge guiden? Skriver på ipod sa orker ikke å skrive sa mye...

[raWrz]

følg veiledningen som er linket øverst i signaturen min og si hvor mye du klarer

[Gjest]

Malwarebytes' Anti-Malware - viste om keyloggeren.....

 

Malwarebytes' Anti-Malware 1.34

Database version: 1802

Windows 5.1.2600 Service Pack 3

 

25.02.2009 20:42:07

mbam-log-2009-02-25 (20-42-07).txt

 

Scan type: Quick Scan

Objects scanned: 73525

Time elapsed: 4 minute(s), 16 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 3

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Program Files\POL (Keylogger.Ardamax) -> Quarantined and deleted successfully.

 

Files Infected:

C:\Program Files\POL\POL.001 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

C:\Program Files\POL\POL.002 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

C:\Program Files\POL\POL.005 (Keylogger.Ardamax) -> Quarantined and deleted successfully.

 

 

 

Combofix!

 

 

ComboFix 09-02-24.02 - eak2k 2009-02-25 20:47:52.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2366 [GMT 1:00]

Kjører fra: H:\ComboFix.exe

AV: AVG Internet Security *On-access scanning disabled* (Updated)

AV: COMODO Antivirus *On-access scanning disabled* (Updated)

FW: AVG Firewall *disabled*

FW: COMODO Firewall *disabled*

* Opprettet nytt gjenopprettingspunkt

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\33FCC80478.dll

c:\windows\system32\Cache

 

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

 

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-25 til 2009-02-25 )))))))))))))))))))))))))))))))))

.

 

2009-02-25 20:27 . 2009-02-25 20:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-25 20:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-25 20:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-25 18:54 . 2009-02-25 19:16 <DIR> d-------- c:\program files\ToggleNO

2009-02-25 18:54 . 2009-02-25 18:54 <DIR> d-------- c:\program files\Conduit

2009-02-25 18:30 . 2009-02-25 18:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!

2009-02-25 16:10 . 2009-02-25 16:10 <DIR> d-------- c:\program files\Messenger Plus! Live

2009-02-24 23:13 . 2009-02-24 23:13 <DIR> d-------- c:\program files\AskBarDis

2009-02-24 23:13 . 2009-02-24 23:13 253,688 --a------ c:\windows\system32\cssdll32.dll

2009-02-24 23:13 . 2009-02-24 23:13 155,384 --a------ c:\windows\system32\guard32.dll

2009-02-24 23:13 . 2009-02-24 23:13 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys

2009-02-24 23:13 . 2009-02-24 23:13 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys

2009-02-24 00:34 . 2007-12-26 17:30 1,970,176 --a------ c:\windows\system32\d3dx9.dll

2009-02-24 00:34 . 2007-12-26 17:30 679,936 --a------ c:\windows\system32\D3DX81ab.dll

2009-02-21 23:32 . 2009-02-21 23:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\MySQL

2009-02-20 23:41 . 2009-02-20 23:43 <DIR> d-------- c:\program files\Google

2009-02-20 23:41 . 2009-02-25 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater

2009-02-20 02:47 . 2009-02-20 04:17 <DIR> d-------- C:\HammerAutosave

2009-02-19 00:26 . 2009-02-19 00:26 <DIR> d-------- c:\program files\EASEUS

2009-02-18 22:23 . 2009-02-24 23:13 <DIR> d-------- c:\program files\COMODO

2009-02-18 22:23 . 2009-02-18 22:23 <DIR> d-------- c:\documents and settings\eak2k\Application Data\Comodo

2009-02-18 22:23 . 2009-02-25 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo

2009-02-17 22:58 . 2009-02-25 19:16 <DIR> d-------- c:\program files\MSN Messenger

2009-02-15 16:01 . 2009-02-15 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech

2009-02-14 16:47 . 2009-02-15 20:24 <DIR> d-------- c:\windows\.jagex_cache_32

2009-02-13 21:25 . 2009-02-13 21:25 <DIR> d-------- c:\program files\VOIPlay

2009-02-13 21:25 . 2009-02-13 21:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\VOIPlay

2009-02-08 22:27 . 2009-02-08 22:30 <DIR> d-------- c:\program files\URLSnooper2

2009-02-08 22:27 . 2009-02-08 22:27 46 --a------ c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat

2009-02-08 21:43 . 2009-02-08 21:43 <DIR> d-------- c:\program files\Microsoft Office Outlook Connector

2009-02-03 21:46 . 2009-02-22 21:42 <DIR> d-------- c:\program files\Cain

2009-02-03 18:30 . 2009-02-03 18:30 <DIR> d-------- c:\program files\WinAVI MP4 Converter

2009-01-31 16:38 . 2009-01-31 16:38 <DIR> d-------- c:\documents and settings\eak2k\Application Data\Bump Technologies, Inc

2009-01-31 15:37 . 2009-01-31 15:37 <DIR> d-------- c:\program files\WinSCP

2009-01-28 16:00 . 2009-01-28 16:00 <DIR> d--hs---- c:\documents and settings\eak2k\IECompatCache

2009-01-28 15:59 . 2009-01-28 15:59 <DIR> d--hs---- c:\documents and settings\eak2k\PrivacIE

2009-01-28 15:59 . 2009-01-28 15:59 <DIR> d--hs---- c:\documents and settings\eak2k\IETldCache

2009-01-28 00:06 . 2009-01-28 00:06 <DIR> d--h-c--- c:\windows\ie8

2009-01-26 01:40 . 2009-01-26 01:40 452,304 --ah----- c:\windows\system32\mlfcache.dat

2009-01-25 04:28 . 2009-01-25 04:28 <DIR> d-------- c:\program files\K-Lite Codec Pack

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-25 18:18 --------- d-----w c:\program files\Steam

2009-02-25 17:51 --------- d-----w c:\documents and settings\eak2k\Application Data\FileZilla

2009-02-25 15:10 --------- d-----w c:\program files\Windows Live

2009-02-23 23:48 --------- d-----w c:\program files\Cheat Engine

2009-02-22 01:29 --------- d-----w c:\documents and settings\eak2k\Application Data\uTorrent

2009-02-21 22:47 --------- d-----w c:\program files\MySQL

2009-02-21 21:16 --------- d-----w c:\program files\CCleaner

2009-02-21 21:14 --------- d-----w c:\program files\Microsoft Games

2009-02-21 15:07 --------- d-----w c:\documents and settings\eak2k\Application Data\Spotify

2009-02-21 00:22 --------- d-----w c:\documents and settings\eak2k\Application Data\dvdcss

2009-02-20 22:08 --------- d-----w c:\documents and settings\eak2k\Application Data\NoNameScript

2009-02-20 22:04 --------- d-----w c:\program files\mIRC

2009-02-19 21:43 --------- d---a-w c:\documents and settings\All Users\Application Data\Temp

2009-02-18 23:26 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-18 23:07 --------- d-----w c:\program files\HTV

2009-02-18 20:41 --------- d-----w c:\program files\Common Files\Adobe

2009-02-15 15:01 --------- d-----w c:\program files\Common Files\Logitech

2009-02-11 20:44 --------- d-----w c:\program files\Bonjour

2009-02-03 20:36 --------- d-----w c:\documents and settings\eak2k\Application Data\Hamachi

2009-01-24 16:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-01-22 23:00 --------- d-----w c:\program files\Auslogics

2009-01-22 23:00 --------- d-----w c:\documents and settings\eak2k\Application Data\Auslogics

2009-01-22 15:23 --------- d-----w c:\program files\decomp

2009-01-22 15:22 --------- d-----w c:\documents and settings\eak2k\Application Data\Red Alert 3

2009-01-22 14:57 --------- d-----w c:\program files\Electronic Arts

2009-01-22 00:01 --------- d-----w c:\program files\FlashGet

2009-01-21 23:58 --------- d-----w c:\program files\LimeWire

2009-01-21 23:18 --------- d-----w c:\program files\EA Games

2009-01-21 23:16 --------- d-----w c:\program files\Rockstar Games

2009-01-21 21:45 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-01-21 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-21 13:39 --------- d-----w c:\documents and settings\NetworkService\Application Data\VMware

2009-01-21 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\VMware

2009-01-15 13:54 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-01-12 00:40 --------- d-----w c:\documents and settings\eak2k\Application Data\VOIPlay

2009-01-11 22:09 --------- dc-h--w c:\documents and settings\All Users\Application Data\{74F6F5F7-A8AA-4867-B9C7-430DDAAC902F}

2009-01-11 22:09 --------- d-----w c:\program files\Eziriz

2009-01-11 20:58 --------- d-----w c:\program files\SamsonSoft

2009-01-11 20:27 --------- d-----w c:\program files\Spotify

2009-01-11 20:10 --------- d-----w c:\documents and settings\eak2k\Application Data\VMware

2009-01-09 19:39 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware

2009-01-09 19:36 --------- d-----w c:\program files\VMware

2009-01-08 17:04 736 ----a-w c:\windows\system32\drivers\hosts

2009-01-08 16:03 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys

2009-01-08 16:03 --------- d-----w c:\program files\Hamachi

2009-01-08 13:27 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys

2009-01-08 13:27 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-01-08 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-01-06 19:32 --------- d-----w c:\documents and settings\eak2k\Application Data\SystemRequirementsLab

2009-01-06 16:46 --------- d-----w c:\program files\MagicISO

2009-01-02 02:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-02 02:14 --------- d-----w c:\documents and settings\eak2k\Application Data\DJJava

2009-01-02 02:10 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis

2009-01-02 02:03 --------- d-----w c:\program files\Java

2009-01-02 01:55 --------- d-----w c:\program files\IZArc

2009-01-01 20:17 --------- d-----w c:\program files\Microsoft Visual Studio 9.0

2009-01-01 20:06 --------- d-----w c:\program files\Common Files\Merge Modules

2009-01-01 03:23 --------- d-----w c:\documents and settings\eak2k\Application Data\Nero

2009-01-01 03:22 --------- d-----w c:\program files\Nero 9

2009-01-01 03:22 --------- d-----w c:\program files\Common Files\Nero

2008-12-29 22:08 --------- d-----w c:\program files\Logitech

2008-12-29 00:10 --------- d-----w c:\documents and settings\eak2k\Application Data\vlc

2008-12-28 07:19 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys

2008-12-28 02:58 --------- d-----w c:\program files\AVG

2008-12-28 02:46 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2008-12-27 02:11 --------- d-----w c:\program files\MSECACHE

2008-12-27 02:03 --------- d-----w c:\program files\Microsoft

2008-12-27 01:48 --------- d-----w c:\program files\Windows Live SkyDrive

2008-12-27 01:40 --------- d-----w c:\program files\Common Files\Windows Live

2008-11-15 23:33 22,328 ----a-w c:\documents and settings\eak2k\Application Data\PnkBstrK.sys

2008-10-17 12:42 32 --sha-r c:\documents and settings\eak2k\Application Data\resmodes.dat

2008-12-12 15:30 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll

2008-12-12 15:30 125,840 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll

2008-12-12 15:30 98,704 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll

2008-12-12 15:30 107,848 ----a-w c:\program files\mozilla firefox\plugins\mwmcli.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{af543a13-f8e6-4423-a4ac-1cc0475ecb44}"= "c:\program files\ToggleNO\tbTog1.dll" [2009-02-25 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}]

2009-02-25 19:16 1883672 --a------ c:\program files\ToggleNO\tbTog1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

"{af543a13-f8e6-4423-a4ac-1cc0475ecb44}"= "c:\program files\ToggleNO\tbTog1.dll" [2009-02-25 1883672]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{AF543A13-F8E6-4423-A4AC-1CC0475ECB44}"= "c:\program files\ToggleNO\tbTog1.dll" [2009-02-25 1883672]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

 

[HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]

"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-01-20 1451248]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"VOIPlay"="c:\program files\VOIPlay\voiplay.exe" [2008-09-12 1175040]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1024000]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]

"Toshiba Controls Utility"="c:\program files\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]

"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-04-26 774168]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-02-24 278264]

"CFSServ.exe"="CFSServ.exe" [bU]

"NDSTray.exe"="NDSTray.exe" [bU]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoFileUrl"= 0 (0x0)

"NoViewOnDrive"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]

"Shell"="c:\progra~1\SMARTL~1\Client\client.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-01-08 14:27 10520 c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\cssdll32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Monitor.lnk

backup=c:\windows\pss\Bluetooth Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BumpTop.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BumpTop.lnk

backup=c:\windows\pss\BumpTop.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk

backup=c:\windows\pss\Privoxy.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^eak2k^Start Menu^Programs^Startup^hamachi.lnk]

path=c:\documents and settings\eak2k\Start Menu\Programs\Startup\hamachi.lnk

backup=c:\windows\pss\hamachi.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^eak2k^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\eak2k\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^eak2k^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\documents and settings\eak2k\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]

--a------ 2008-04-29 09:33 417792 c:\program files\Camera Assistant Software for Toshiba\traybar.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-11-20 13:20 290088 d:\program filer\Itunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]

--a------ 2005-06-08 14:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a------ 2005-06-08 15:24 458752 c:\program files\Logitech\Video\ISStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2005-06-08 15:14 217088 c:\program files\Logitech\Video\LogiTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-12-02 20:35 1410296 c:\program files\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenorhjelpen]

--a------ 2008-02-07 16:35 189120 c:\program files\Telenor\Telenorhjelpen\Telenor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VOIPlay]

--a------ 2008-09-12 14:43 1175040 c:\program files\VOIPlay\voiplay.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

"wscsvc"=2 (0x2)

"W32Time"=2 (0x2)

"VMware NAT Service"=2 (0x2)

"VMnetDHCP"=2 (0x2)

"VMAuthdService"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Steam\\steamapps\\mr_eak2k\\dedicated server\\hlds.exe"=

"c:\\Program Files\\Steam\\steamapps\\mr_eak2k\\counter-strike\\hl.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Filer\\Itunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3306:TCP"= 3306:TCP:MySQL Server

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-28 12552]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-28 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-28 107272]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-02-24 110992]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-02-24 24336]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-08 1339600]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-10-05 47640]

R2 SPTimer;SharePoint Timer Service;c:\program files\Common Files\Microsoft Shared\web server extensions\50\bin\OWSTIMER.EXE [2001-02-16 345504]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-09-18 54960]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-28 29208]

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2008-09-30 732160]

R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-05-29 6912]

S0 ProtectON;ProtectON;c:\windows\system32\drivers\dksdrv2k.sys --> c:\windows\system32\drivers\dksdrv2k.sys [?]

S2 gupdate1c993ac8ed94452;Googles oppdateringstjeneste (gupdate1c993ac8ed94452);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 133104]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-28 29208]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-10-15 32000]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##hjemme#nfs-mw]

\Shell\AutoRun\command - Y:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##hjemme#nfs-ps]

\Shell\AutoRun\command - Z:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##hjemme#toolkit]

\Shell\AutoRun\command - Z:\autorun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2009-02-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-20 23:41]

 

2009-02-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 23:42]

 

2009-02-25 c:\windows\Tasks\User_Feed_Synchronization-{D090626C-BEA5-4792-B1E3-ECABCDF395B3}.job

- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe

HKLM-Run-HttpDetect - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-FileZilla Server Interface - c:\program files\FileZilla Server\FileZilla Server Interface.exe

MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe

MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2088657

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=lo

alhost:1080

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

FF - ProfilePath - c:\documents and settings\eak2k\Application Data\Mozilla\Firefox\Profiles\anua835c.default\

FF - plugin: c:\documents and settings\eak2k\Application Data\Mozilla\Firefox\Profiles\anua835c.default\extensions\[email protected]\plugins\npRACtrl.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\VOIPlay\npvoiplay.dll

FF - plugin: d:\program filer\Itunes\Mozilla Plugins\npitunes.dll

 

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, true);.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-25 20:53:35

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwClose, ZwOpenFile

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-1060284298-2077806209-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:f7,e5,65,65,d7,54,71,60,ba,33,09,19,aa,d9,19,c1,59,9c,03,7a,2c,

12,18,1b,5a,fd,5d,33,d8,18,18,8c,da,47,4a,69,9a,fe,77,b9,e3,78,18,bb,90,57,\

"rkeysecu"=hex:87,36,03,42,04,f1,82,f4,9b,5f,d9,4e,b5,db,47,9e

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(1752)

c:\windows\system32\guard32.dll

c:\windows\system32\IWPDGINA.DLL

c:\program files\Intel\Wireless\Bin\SsoGnNOR.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

 

- - - - - - - > 'lsass.exe'(1812)

c:\windows\system32\guard32.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\acs.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Toshiba\ConfigFree\CFSvcs.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\AVG\AVG8\avgam.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Intel\Wireless\Bin\WLKEEPER.exe

c:\windows\system32\wscntfy.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Toshiba\ConfigFree\NDSTray.exe

c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe

c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe

c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe

c:\program files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-02-25 20:59:12 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-02-25 19:59:08

 

Pre-Run: 91 091 996 672 bytes free

Post-Run: 90,964,852,736 bytes free

 

403 --- E O F --- 2009-01-15 13:19:11

 

 

Endret 25. februar 2009 av Gjest

[raWrz]

Ardamax ble sletter fra din data bare så du er klar over det Keylogger.Ardamax ble vist tatt som keylogger av Mbam

[Gjest]

Combofix lagt til

 

EDIT:

Har AVG + Comodo og er ikke helt fornøyd med AVG, hva bør jeg bytte til?

Endret 25. februar 2009 av Gjest

[raWrz]

ta en tur innom AV-comparatives.org - trykk på comparatives - og sjekk den nyeste testen som testen viser leder Avira Antivir hvis du skal avinnstalere burde du bruke AVG removal tool: http://www.avg.com/download-tools

[Gjest]

Og hva sier Combofix loggen? ^^

[raWrz]

1. du har 2 antivirus programmer innstalert AVG8 og Comodo Antivirus (du fikk trolig COMODO antivirus da du innstalerte firewallen for hvis du ser litt etter så får du valget mellom om du skal ha med Antiviruet dems eller ikke ) du kan laste ned Comodo innstalasjons fila og avinnstalere antiviruset også instalere comodo igjen og velge bort antiviruset

 

2. Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse:

c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat

Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre.

[Gjest]

Last file scanned at least one scanner reported something about: 8C8B60419DA0AFD214AC120F1FF13161.jpeg (MD5: 8c8b60419da0afd214ac120f1ff13161, size: 2471 bytes), detected by:

 

Scanner Malware name

A-Squared X

AntiVir DR/FakePic.Gen

ArcaVir X

Avast Win32:Tiny-OR

AVG Antivirus X

BitDefender Trojan.Downloader.Agent.ZFJ

ClamAV X

CPsecure Troj.Downloader.W32.Zanoza.mm

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

Ikarus X

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus Mal/PicEx-A

VirusBuster X

VBA32 X