Security Tool

Kom med log :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:08, on 21-11-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\SvcHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Karina\Skrivebord\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=80744
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [653663913] "C:\Documents and Settings\Karina\Lokale indstillinger\Application Data\653663913.exe" 4 29
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Programmer\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Programmer\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: UI Assistant Service - Unknown owner - C:\Programmer\Mobile Broadband\AssistantServices.exe

--
End of file - 8250 bytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5162

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

21-11-2010 13:37:00
mbam-log-2010-11-21 (13-37-00).txt

Scan type: Full scan (C:\|)
Objects scanned: 213666
Time elapsed: 37 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Har du scannet fra fejlsikker tilstand?
Kom lige med logs fra normal tilstand.

Jeg kan ikke starte Hijakthis eller Malwarebytes i normal tilstand.

Start hijackthis, klik på "do  a system scan only" og sæt flueben ved følgende.

O4 - HKCU\..\RunOnce: [653663913] "C:\Documents and Settings\Karina\Lokale indstillinger\Application Data\653663913.exe" 4 29

Luk så alle andre vinduer og klik "fix checked"

Genstart og prøv igen.

Så blev scan færdig så her har du logfilerne. ;-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:29, on 21-11-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\SvcHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
C:\WINDOWS\System32\SvcHost.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Mobile Broadband\AssistantServices.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Wireless LAN Utility\SiWake.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Karina\Skrivebord\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=80744
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Programmer\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Programmer\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SAVScan - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: UI Assistant Service - Unknown owner - C:\Programmer\Mobile Broadband\AssistantServices.exe

--
End of file - 8953 bytes



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5162

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21-11-2010 16:51:53
mbam-log-2010-11-21 (16-51-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 214843
Time elapsed: 1 hour(s), 49 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Karina\Menuen Start\Programmer\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

<john_stigers>: Kører du videre ?
Husk der er 'rester' efter Symantec/Norton...

Er de 'rester' det eneste der er [i]tilbage[i]

Jeg tror desværre ikke <john_stigers> kommer tilbage.

Hent og kør Norton Removal Tool

------

Hent og gem ComboFix på dit skrivebord.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

(Jeg oplever ikke forsinkelse på mail, men derimod manglende mails :()

f-arn du overtager bare hvis du vil.

Hej f-arn

Jeg får først computeren igen næste weekend.

Der vil jeg gøre som beskrevet. ;-)

Foreløbig tak.
Jan

@john_stigers
Fint, det gør jeg så.

@orkiderejser


Det gør du bare  ;-)

Så har jeg kørt Norton Removal Tool og
ComboFix.

Her er den ønskede log. ;-)

ComboFix 10-11-27.01 - Karina 28-11-2010  16:37:44.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.447.183 [GMT 1:00]
Kører fra: c:\documents and settings\Karina\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Karina\Skrivebord\CFScript
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karina\Application Data\.#
c:\programmer\AntiMalware
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-10-28 til 2010-11-28  )))))))))))))))))))))))))))))))))))
.

2010-11-21 10:53 . 2010-11-21 10:53    --------    d-----w-    c:\documents and settings\Karina\Application Data\Malwarebytes
2010-11-21 09:43 . 2010-11-21 09:43    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-11-21 09:42 . 2010-04-29 14:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-21 09:42 . 2010-11-21 11:59    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-11-21 09:42 . 2010-11-21 09:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-21 09:42 . 2010-04-29 14:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-11-21 09:12 . 2010-11-21 09:12    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Software Inspection Library
2010-11-21 09:07 . 2010-11-21 09:12    --------    d-----w-    c:\documents and settings\Administrator\Application Data\BullGuard
2010-11-21 09:02 . 2010-11-21 09:02    --------    d-----w-    c:\programmer\CCleaner
2010-11-21 08:46 . 2010-11-21 08:46    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2010-11-20 11:40 . 2010-11-20 11:40    --------    d-----w-    c:\documents and settings\Karina\Application Data\Software Inspection Library
2010-11-20 11:19 . 2010-11-20 11:19    --------    d-----w-    c:\programmer\BullGuard Ltd
2010-11-11 05:28 . 2010-11-11 05:28    --------    d-----w-    C:\f57076dd7010261bee516c006c0c

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-21 10:56 . 2010-10-12 10:04    19144    ----a-w-    c:\windows\system32\drivers\NSNetmon.sys
2010-11-21 10:56 . 2010-10-12 10:04    787912    ----a-w-    c:\windows\system32\drivers\NSKernel.sys
2010-10-20 15:46 . 2010-10-20 15:46    98184    ----a-w-    c:\windows\system32\BgGamingMonitor.dll
2010-10-20 15:46 . 2010-10-20 15:46    150920    ----a-w-    c:\windows\system32\BGLsp.dll
2010-10-19 12:56 . 2010-10-19 12:56    99136    ----a-w-    c:\windows\system32\BdInstHk.dll
2010-10-12 10:04 . 2010-10-12 10:04    58832    ----a-w-    c:\windows\system32\drivers\BdSpy.sys
2010-10-12 10:04 . 2010-10-12 10:04    34280    ----a-w-    c:\windows\system32\drivers\afw.sys
2010-10-12 10:04 . 2010-10-12 10:04    267624    ----a-w-    c:\windows\system32\drivers\afwcore.sys
2010-09-18 10:23 . 2004-09-14 13:36    974848    ----a-w-    c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-09-14 13:36    974848    ----a-w-    c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-14 13:36    953856    ----a-w-    c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-09-14 13:36    954368    ----a-w-    c:\windows\system32\mfc40.dll
2010-09-10 05:51 . 2004-09-14 13:37    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-09-10 05:51 . 2004-09-14 13:36    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2010-09-10 05:51 . 2004-09-14 13:36    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2004-09-14 13:35    285824    ----a-w-    c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2004-09-14 13:37    1852800    ----a-w-    c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - c:\programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Photosmart Premier Hurtig start.lnk - c:\programmer\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\programmer\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SiWake.lnk - c:\programmer\Wireless LAN Utility\SiWake.exe [2008-3-5 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=

R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [12-10-2010 11:04 58832]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\drivers\NSKernel.sys [12-10-2010 11:04 787912]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\drivers\NSNetmon.sys [12-10-2010 11:04 19144]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [23-01-2008 09:19 501560]
R2 BsBhvScan;BullGuard behavioural detection service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [03-11-2010 15:52 311128]
R2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe -k BullGuard_LowPriv [14-09-2004 14:37 14336]
R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [14-09-2004 14:37 14336]
R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [14-09-2004 14:37 14336]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard [14-09-2004 14:37 14336]
R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [14-09-2004 14:37 14336]
R2 BsUpdate;BullGuard update service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [20-11-2010 12:32 308056]
R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [18-05-2006 16:11 11279]
R2 UI Assistant Service;UI Assistant Service;c:\programmer\Mobile Broadband\AssistantServices.exe [03-09-2010 12:05 251016]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12-10-2010 11:04 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12-10-2010 11:04 267624]
S2 STDSB;STDSB;c:\windows\system32\drivers\STDSB.sys [18-05-2006 16:11 11279]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]
S3 BgRaSvc;BgRaSvc;c:\programmer\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [26-10-2010 10:32 122760]
S3 BsScanner;BullGuard scanning service;c:\programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe [03-11-2010 15:52 243032]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [03-09-2010 12:06 9216]
S3 SIS163u;BT-WUD2015 Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [05-03-2008 07:38 162304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main    REG_MULTI_SZ      BsMain
BullGuard    REG_MULTI_SZ      BsFileScan BsMailProxy BsFire
BullGuard_LowPriv    REG_MULTI_SZ      BsBrowser
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\BGLsp.dll
.
- - - - TOMME GENVEJE FJERNET - - - -

AddRemove-Blue Byte Game Channel - c:\bluebyte\BBGC\uninst.dll
AddRemove-HijackThis - c:\documents and settings\Karina\Skrivebord\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-28 16:48
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-3942416310-3233753045-1949143878-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0f,af,b4,30,28,ef,78,0b,4d,82,34,31,f6,f8,4e,8a,0f,bf,a0,94,06,12,6e,
  72,22,d9,23,d0,e2,c8,9d,ac,a2,3b,4b,d3,4b,62,9a,67,14,90,0b,8f,5d,75,8d,65,\
"??"=hex:36,52,b9,84,8f,da,aa,53,7a,50,e3,19,1b,d9,44,42

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ•€|ù•6~*]
"00000000000000000000000000000000"="c?\\WINDOWS\\Microsoft.NET\\Framework\\v1.0.3705\\mscormmc.cfg"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\BGLsp.dll

- - - - - - - > 'explorer.exe'(2028)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmer\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\windows\system32\slmdmsr.exe
c:\programmer\HP\Digital Imaging\bin\hpqimzone.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Gennemført tid: 2010-11-28  16:55:56 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-11-28 15:55

Pre-Kørsel: 16.815.202.304 byte ledig
Post-Kørsel: 17.081.958.400 byte ledig

- - End Of File - - D2ABB417470648F87BF8EDDCC4A6E0EE

Det ser egentlig pænt nok ud.

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter:
Remove found threats
Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste indlæg.

Hej f-arn

Nu er computeren igen ude af huset og jeg låner den igen fra torsdag aften og hele fredagen.

Jeg sender log til den tid. ;-)

Foreløbig tak igen
Jan

Så er log klar :-)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=571d1222451e634fb1c7ca30fb0ff8f1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-03 10:07:14
# local_time=2010-12-03 11:07:14 (+0100, Rom, normaltid)
# country="Denmark"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 39117705 39117705 0 0
# compatibility_mode=4609 16776533 60 61 4609 4489981 0 0
# compatibility_mode=8192 67108863 100 0 3792 3792 0 0
# scanned=63250
# found=0
# cleaned=0
# scan_time=2994

Det ser godt ud.

Vil du, for en sikkerheds skyld, godt opdatere (to gange) Mallwarebytes, og køre den igen. Kopier loggen herind.

------

hent Security Check af screen317
Start den og følg instruktionerne.
Kopier loggen herind.

Så skulle det også være færdigt.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5162

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03-12-2010 12:41:38
mbam-log-2010-12-03 (12-41-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 206909
Time elapsed: 1 hour(s), 2 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Results of screen317's Security Check version 0.99.6 
Windows XP Service Pack 3 
Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
BullGuard     
ESET Online Scanner v3 
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware   
HijackThis 2.0.2   
CCleaner   
Adobe Flash Player 
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Det er den samme Program og Database version du brugte 21-11-2010 ?

Jeg skrev:


------

Adobe Reader er forældet. Hent en ny her:
http://get.adobe.com/reader/otherversions/

Jeg troede programmet blev opdateret ved opstart :0

Her er en nyinstalleret version:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

03-12-2010 15:23:04
mbam-log-2010-12-03 (15-23-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 197942
Time elapsed: 1 hour(s), 37 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Results of screen317's Security Check version 0.99.6 
Windows XP Service Pack 3 
Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
BullGuard     
ESET Online Scanner v3 
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware   
HijackThis 2.0.2   
CCleaner   
Adobe Flash Player 
Adobe Reader 9.4.0 - Dansk
````````````````````````````````
Process Check: 
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbam.exe 
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Ikke fordi jeg tror der er noget, men den Database version er fra den 29/11.
Nuværende Database version er 3238.

Malwarebytes skal altid opdateres før kørsel, medmindre man har købt en licens.

Ellers er det fint, og jeg kan se du har opdateret Adobe Reader.

------

Klik start, kør og kopier dette: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves

Jeg siger dig som sluthjælper mange tak for din store hjælp.


I andre der har medvirket er jeg også meget taknemlig for jeres hjælp.

Mvh
Jan