Vi kan da prøve om det kan fjernes.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.

Kopier indholdet herind og fortæl hvordan computeren kører nu ?

Så er computeren genstartet og den køre som før, og Bullguard skrev intet om at den havde stoppe malware.

Her er skannings resultatet af anti-malware, men hvad siger den så ??

Malwarebytes’ Anti-Malware 1.44
Database version: 3831
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07-03-2010 17:18:59
mbam-log-2010-03-07 (17-18-59).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|L:\|N:\|)
Objekter skannet: 236485
Tid tilbagelagt: 1 hour(s), 20 minute(s), 10 second(s)

Inficerede Hukommelses Processer: 1
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
C:\WINDOWS\winmbu.exe (Trojan.Downloader) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\winmbu.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\winmbu.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\winmbu.exe (Trojan.Downloader) -> Delete on reboot.

Hvis du har mod på det, så lad os tjekke om der er mere skrammel på computeren ->

Hent Combofix, og gem den på dit skrivebord:
Her

Vigtigt-> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. 

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan også findes her - > C: combofix txt

Kan se at Malware fandt 4 stk. viruser/trojaner vil det sige at Bullguard ikke er god nok men at man skal have andre programmer til at understøtte Bullguard ??

Køre en combofix senere idag.

Så er der en Combofix fil klar til at blive set efter i sømmene.

Da jeg startede internettet efter endt kørsel af Combofix blev jeg spurgt om internet explore skulle være min internet browser, er det normalt da det var den før kørsel.

ComboFix 10-03-08.01 - Bjarne Mikkelsen 08-03-2010 18:47:53.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.723 [GMT 1:00]
Kører fra: c:\documents and settings\Bjarne Mikkelsen\Skrivebord\ComboFix.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bjarne Mikkelsen\Application Data\.#
c:\windows\Downloaded Program Files\IDropPTB.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-02-08 til 2010-03-08 )))))))))))))))))))))))))))))))))))
.

2010-03-07 14:55 . 2010-03-07 14:55   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\Malwarebytes
2010-03-07 14:54 . 2010-01-07 15:07   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 14:54 . 2010-03-07 14:54   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-07 14:54 . 2010-01-07 15:07   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2010-02-16 20:35 . 2010-02-16 20:43   ————  d——-w-  c:\windows\system32\Adobe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 17:46 . 2009-10-05 19:52   1345   —sha-w-  c:\windows\system32\mmf.sys
2010-03-08 17:44 . 2009-09-20 17:39   ————  d——-w-  c:\documents and settings\All Users\Application Data\BullGuard
2010-02-22 05:42 . 2009-09-27 18:32   ————  d——-w-  c:\documents and settings\All Users\Application Data\NOS
2010-02-21 19:51 . 2009-09-30 17:13   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus
2010-02-12 19:21 . 2009-09-17 19:22   ————  d——-w-  c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-12 19:01 . 2009-10-31 12:16   87376   ——a-w-  c:\windows\system32\BGLsp.dll
2010-02-12 19:01 . 2008-09-19 13:48   14160   ——a-w-  c:\windows\system32\client_cc.dll
2010-02-12 19:01 . 2009-10-31 12:09   256792   ——a-r-  c:\windows\system32\drivers\AfwCore.sys
2010-02-12 19:01 . 2008-09-18 09:17   31640   ——a-r-  c:\windows\system32\drivers\Afw.sys
2010-02-06 22:05 . 2009-10-02 20:38   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\vlc
2010-02-06 15:49 . 2009-09-24 19:22   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\GARMIN
2010-02-06 15:48 . 2010-02-04 21:00   ————  d——-w-  c:\programmer\Garmin
2010-02-06 15:34 . 2010-02-06 15:34   ————  d——-w-  c:\programmer\DIFX
2010-02-04 21:08 . 2009-09-27 18:33   ————  d——-w-  c:\programmer\Google
2010-01-31 21:07 . 2010-01-31 21:07   ————  d——-w-  c:\documents and settings\All Users\Application Data\GARMIN
2010-01-31 20:25 . 2010-01-31 18:47   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\Download Manager
2010-01-19 20:37 . 2010-01-19 20:37   ————  d——-w-  c:\programmer\Common Files
2010-01-16 21:41 . 2010-01-16 21:39   ————  d——-w-  c:\programmer\Windows Live Safety Center
2010-01-12 20:46 . 2010-01-12 20:46   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\TeamViewer
2010-01-10 15:26 . 2010-01-03 18:08   ————  d——-w-  c:\programmer\SystemRequirementsLab
2010-01-06 14:48 . 2009-09-17 18:34   88520   ——a-w-  c:\documents and settings\Bjarne Mikkelsen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 15:39 . 2006-03-02 12:00   89158   ——a-w-  c:\windows\system32\perfc006.dat
2010-01-02 15:39 . 2006-03-02 12:00   475910   ——a-w-  c:\windows\system32\perfh006.dat
2010-01-01 23:16 . 2009-11-25 21:09   990544   ——a-w-  c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-01-01 23:00 . 2009-11-29 16:15   137544   ——a-w-  c:\windows\system32\drivers\PnkBstrK.sys
2010-01-01 23:00 . 2009-11-27 21:49   189480   ——a-w-  c:\windows\system32\PnkBstrB.exe
2009-12-31 16:50 . 2006-03-02 12:00   353792   ——a-w-  c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00   916480   ——a-w-  c:\windows\system32\wininet.dll
2009-12-18 20:52 . 2009-12-18 20:52   10134   ——a-r-  c:\documents and settings\Bjarne Mikkelsen\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-12-17 07:41 . 2009-09-17 17:32   344576   ——a-w-  c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2006-03-02 12:00   33280   ——a-w-  c:\windows\system32\csrsrv.dll
2009-12-09 08:42 . 2009-09-17 18:29   348160   ——a-w-  c:\windows\system32\msvcr71.dll
2009-12-09 08:16 . 2009-12-04 21:53   43520   ——a-w-  c:\windows\system32\CmdLineExt03.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47   333192   ——a-w-  c:\programmer\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”= “c:\programmer\AskBarDis\bar\bin\askBar.dll” [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{3041D03E-FD4B-44E0-B742-2D9B88305F98}”= “c:\programmer\AskBarDis\bar\bin\askBar.dll” [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-09-27 39408]
“BullGuard”=“e:\antivirus\BullGuard\bullguard.exe” [2010-02-12 304464]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe” [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2004-10-27 61952]
“SoundMAXPnP”=“c:\programmer\Analog Devices\Core\smax4pnp.exe” [2005-05-20 925696]
“Launch Ai Booster”=“e:\asus\OverClk.exe” [2005-08-04 3627008]
“HP Software Update”=“e:\hp printer\HP Software Update\HPWuSchd2.exe” [2004-09-13 49152]
“GrooveMonitor”=“e:\office 2007\Office12\GrooveMonitor.exe” [2008-10-25 31072]
“BullGuard”=“e:\antivirus\BullGuard\bullguard.exe” [2010-02-12 304464]
“SunJavaUpdateSched”=“e:\java\bin\jusched.exe” [2009-10-11 149280]
“NeroFilterCheck”=“c:\programmer\Fælles filer\Nero\Lib\NeroCheck.exe” [2007-03-01 153136]
“NBKeyScan”=“e:\nero\Nero 8\Nero BackItUp\NBKeyScan.exe” [2007-08-08 1828136]
“QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2009-11-27 417792]
“Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 35696]
“Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-11-20 12669544]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-11-20 110184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - e:\hp printer\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Hurtig start.lnk - e:\hp printer\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@=“Service”

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“e:\\Office 2007\\Office12\\OUTLOOK.EXE”=
“e:\\Office 2007\\Office12\\GROOVE.EXE”=
“e:\\Office 2007\\Office12\\ONENOTE.EXE”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“e:\\MailStoreHome\\MailStore Home\\MailStoreLocal.exe”=
“c:\\Programmer\\deepinvent\\MailStore Home\\MailStoreLocal.exe”=
“c:\\Programmer\\Messenger\\msmsgs.exe”=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16-01-2010 22:23 28552]
R2 ASKService;ASKService;c:\programmer\AskBarDis\bar\bin\AskService.exe [30-09-2009 18:12 464264]
R2 ASKUpgrade;ASKUpgrade;c:\programmer\AskBarDis\bar\bin\ASKUpgrade.exe [30-09-2009 18:12 234888]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [31-10-2009 13:08 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [02-03-2006 13:00 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [02-03-2006 13:00 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [02-03-2006 13:00 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [18-09-2008 10:17 31640]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [31-10-2009 13:09 256792]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-11-2009 20:05 721904]
S2 gupdate;Google Update Service (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [24-01-2010 20:59 135664]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [05-10-2009 20:52 2560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard   REG_MULTI_SZ     BgMainSvc BsFileScan BsMailProxy BsFire
.
Indhold af mappen ‘Planlagte Opgaver’

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-24 19:59]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-24 19:59]

2010-03-07 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programmer\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]

2010-03-08 c:\windows\Tasks\User_Feed_Synchronization-{38211D6A-50A6-4AF4-A557-E6764E8F3ED5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.com/
IE: E&ksporter; til Microsoft Excel - e:\office~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\bglsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-nwiz - nwiz.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-NVIDIA Display Control Panel - c:\programmer\NVIDIA Corporation\Uninstall\nvuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 18:57
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-606747145-1177238915-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb; SDB36o \D25BC253F035D347]
“1”=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
  25
“2”=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
  c3
“3”=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
  8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb; SDB36o \D25BC253F035D347\B3E62936FE1487AF4E0CC9BD2A26433C]
“1”=hex:df,c7,3a,96,ab,66,13,d2,35,84,aa,2e,3b,c4,59,82
“2”=hex:a5,2d,b1,39,25,57,b6,7c,bd,55,f5,f4,85,30,c7,12
“3”=hex:81,20,8f,ab,28,6a,52,9c
“4”=hex:2f,ad,a2,e7,8a,bf,05,5e
“5”=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
  1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
“6”=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
  51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
“7”=hex:93,41,de,56,34,94,a7,b2,13,ca,26,2f,35,a5,e0,53,1e,d5,e7,20,4a,dd,09,
  c9,2d,37,7b,a2,3c,71,f4,5e,ed,02,2a,97,fd,fb,2c,72,12,5f,23,ff,c4,2a,48,c4,\
“8”=hex:1e,e9,4a,6b,fc,a1,34,4c,9c,4d,41,17,f3,df,e9,45,90,ad,84,e7,ee,4b,df,
  fd,09,e4,45,87,a9,df,af,91,60,99,80,07,3f,cb,a7,62
“9”=hex:81,20,8f,ab,28,6a,52,9c
“18”=hex:b6,dd,00,4d,9d,38,11,d1
“10”=hex:81,20,8f,ab,28,6a,52,9c
“11”=hex:81,20,8f,ab,28,6a,52,9c
“12”=hex:81,20,8f,ab,28,6a,52,9c
“13”=hex:81,20,8f,ab,28,6a,52,9c
“14”=hex:81,20,8f,ab,28,6a,52,9c
“24”=hex:81,20,8f,ab,28,6a,52,9c
“26”=hex:81,20,8f,ab,28,6a,52,9c
“27”=hex:81,20,8f,ab,28,6a,52,9c
“19”=hex:81,20,8f,ab,28,6a,52,9c
“22”=hex:81,20,8f,ab,28,6a,52,9c
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘lsass.exe’(488)
c:\windows\system32\bglsp.dll
.
Gennemført tid: 2010-03-08 18:58:37
ComboFix-quarantined-files.txt 2010-03-08 17:58

Pre-Kørsel: 8.553.013.248 byte ledig
Post-Kørsel: 8.833.830.912 byte ledig

- - End Of File - - BEC62753388A8309D5661B9B4E1F6CB7

Kan se at Malware fandt 4 stk. viruser/trojaner vil det sige at Bullguard ikke er god nok

Det er altså kun en, hvis du nærlæser Malwarebytesloggen.
Desuden lukker du selv op for alverdens infektioner >> Azureus << , så kan det være ligemeget med beskyttelse!
Drop fildeling >> http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus
c:\programmer\AskBarDis
Driver::
ASKService
ASKUpgrade
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{3041D03E-FD4B-44E0-B742-2D9B88305F98}”=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Hvad er det lige for en mappe jeg skal åbne som du hentyder til ??

Den mappe hvor Combofix ligger i.
Men den ligger på skrivebord, kan jeg se, så laver du bare CFScript på skrivebordet.

Så er det gjort.

ComboFix 10-03-08.01 - Bjarne Mikkelsen 08-03-2010 20:47:01.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.421 [GMT 1:00]
Kører fra: c:\documents and settings\Bjarne Mikkelsen\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Bjarne Mikkelsen\Skrivebord\CFScript.txt
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *enabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\.certs
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\.keystore
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\.lock
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\active\cache.dat
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\azureus.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\azureus.statistics
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\cache\1191085919.ico
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\cnetworks.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\devices.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\devices.config.bak
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\dht\general.dat
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\dht\version.dat
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\downloads.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\CNetworks_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\Devices_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\metasearch.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\net\pm_35376.dat
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\plugins\azupnpav\cd.dat
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\rcm.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\rcm.config.bak
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\subscriptions.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\tables.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\tables.config.bak
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\tmp\AZU1897286230490635184.tmp
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\tmp\AZU2797258434426307140.tmp
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\tmp\AZU6102183167903575894.tmp
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\tmp\AZU7677987868044265176.tmp
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\tmp\speedTestTorrent.torrent
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\torrents\AZU4935332687057133408.tmp
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\torrents\AZU5824265174947727233.tmp
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\torrents\AZU8173042206064462244.tmp
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\torrents\AZU8305652660860929019.tmp
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\update.log
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\update.properties
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Bjarne Mikkelsen\Application Data\Azureus\VuzeActivities.config.bak
c:\programmer\AskBarDis
c:\programmer\AskBarDis\bar\bin\askBar.dll
c:\programmer\AskBarDis\bar\bin\askPopStp.dll
c:\programmer\AskBarDis\bar\bin\AskService.exe
c:\programmer\AskBarDis\bar\bin\AskSplash.exe
c:\programmer\AskBarDis\bar\bin\AskTBApp.exe
c:\programmer\AskBarDis\bar\bin\ASKUpgrade.exe
c:\programmer\AskBarDis\bar\bin\psvince.dll
c:\programmer\AskBarDis\bar\Cache\00A29C8A
c:\programmer\AskBarDis\bar\Cache\00A2A218
c:\programmer\AskBarDis\bar\Cache\00A2A45A.bin
c:\programmer\AskBarDis\bar\Cache\00A2A6AC.bin
c:\programmer\AskBarDis\bar\Cache\00A2A861.bin
c:\programmer\AskBarDis\bar\Cache\00A2A9E8.bin
c:\programmer\AskBarDis\bar\Cache\00A2AB3F.bin
c:\programmer\AskBarDis\bar\Cache\00A2BA14.bin
c:\programmer\AskBarDis\bar\Cache\00A2BBBA.bin
c:\programmer\AskBarDis\bar\Cache\files.ini
c:\programmer\AskBarDis\bar\History\search
c:\programmer\AskBarDis\bar\Settings\AskLogo.ico
c:\programmer\AskBarDis\bar\Settings\config.dat
c:\programmer\AskBarDis\bar\Settings\config.dat.bak
c:\programmer\AskBarDis\bar\Settings\prevcfg.htm
c:\programmer\AskBarDis\unins000.dat
c:\programmer\AskBarDis\unins000.exe

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_ASKSERVICE
———-\Legacy_ASKUPGRADE
———-\Service_ASKService
———-\Service_ASKUpgrade

(((((((((((((((((((((((((((((  Filer skabt fra 2010-02-08 til 2010-03-08 )))))))))))))))))))))))))))))))))))
.

2010-03-07 14:55 . 2010-03-07 14:55   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\Malwarebytes
2010-03-07 14:54 . 2010-01-07 15:07   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 14:54 . 2010-03-07 14:54   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-07 14:54 . 2010-01-07 15:07   19160   ——a-w-  c:\windows\system32\drivers\mbam.sys
2010-02-16 20:35 . 2010-02-16 20:43   ————  d——-w-  c:\windows\system32\Adobe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 19:56 . 2009-09-20 17:39   ————  d——-w-  c:\documents and settings\All Users\Application Data\BullGuard
2010-03-08 19:55 . 2009-10-05 19:52   1345   —sha-w-  c:\windows\system32\mmf.sys
2010-02-22 05:42 . 2009-09-27 18:32   ————  d——-w-  c:\documents and settings\All Users\Application Data\NOS
2010-02-12 19:21 . 2009-09-17 19:22   ————  d——-w-  c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-12 19:01 . 2009-10-31 12:16   87376   ——a-w-  c:\windows\system32\BGLsp.dll
2010-02-12 19:01 . 2008-09-19 13:48   14160   ——a-w-  c:\windows\system32\client_cc.dll
2010-02-12 19:01 . 2009-10-31 12:09   256792   ——a-r-  c:\windows\system32\drivers\AfwCore.sys
2010-02-12 19:01 . 2008-09-18 09:17   31640   ——a-r-  c:\windows\system32\drivers\Afw.sys
2010-02-06 22:05 . 2009-10-02 20:38   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\vlc
2010-02-06 15:49 . 2009-09-24 19:22   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\GARMIN
2010-02-06 15:48 . 2010-02-04 21:00   ————  d——-w-  c:\programmer\Garmin
2010-02-06 15:34 . 2010-02-06 15:34   ————  d——-w-  c:\programmer\DIFX
2010-02-04 21:08 . 2009-09-27 18:33   ————  d——-w-  c:\programmer\Google
2010-01-31 21:07 . 2010-01-31 21:07   ————  d——-w-  c:\documents and settings\All Users\Application Data\GARMIN
2010-01-31 20:25 . 2010-01-31 18:47   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\Download Manager
2010-01-19 20:37 . 2010-01-19 20:37   ————  d——-w-  c:\programmer\Common Files
2010-01-16 21:41 . 2010-01-16 21:39   ————  d——-w-  c:\programmer\Windows Live Safety Center
2010-01-12 20:46 . 2010-01-12 20:46   ————  d——-w-  c:\documents and settings\Bjarne Mikkelsen\Application Data\TeamViewer
2010-01-10 15:26 . 2010-01-03 18:08   ————  d——-w-  c:\programmer\SystemRequirementsLab
2010-01-06 14:48 . 2009-09-17 18:34   88520   ——a-w-  c:\documents and settings\Bjarne Mikkelsen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 15:39 . 2006-03-02 12:00   89158   ——a-w-  c:\windows\system32\perfc006.dat
2010-01-02 15:39 . 2006-03-02 12:00   475910   ——a-w-  c:\windows\system32\perfh006.dat
2010-01-01 23:16 . 2009-11-25 21:09   990544   ——a-w-  c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-01-01 23:00 . 2009-11-29 16:15   137544   ——a-w-  c:\windows\system32\drivers\PnkBstrK.sys
2010-01-01 23:00 . 2009-11-27 21:49   189480   ——a-w-  c:\windows\system32\PnkBstrB.exe
2009-12-31 16:50 . 2006-03-02 12:00   353792   ——a-w-  c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00   916480   ———w-  c:\windows\system32\wininet.dll
2009-12-18 20:52 . 2009-12-18 20:52   10134   ——a-r-  c:\documents and settings\Bjarne Mikkelsen\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-12-17 07:41 . 2009-09-17 17:32   344576   ——a-w-  c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2006-03-02 12:00   33280   ——a-w-  c:\windows\system32\csrsrv.dll
2009-12-09 08:42 . 2009-09-17 18:29   348160   ——a-w-  c:\windows\system32\msvcr71.dll
2009-12-09 08:16 . 2009-12-04 21:53   43520   ——a-w-  c:\windows\system32\CmdLineExt03.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-09-27 39408]
“BullGuard”=“e:\antivirus\BullGuard\bullguard.exe” [2010-02-12 304464]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe” [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2004-10-27 61952]
“SoundMAXPnP”=“c:\programmer\Analog Devices\Core\smax4pnp.exe” [2005-05-20 925696]
“Launch Ai Booster”=“e:\asus\OverClk.exe” [2005-08-04 3627008]
“HP Software Update”=“e:\hp printer\HP Software Update\HPWuSchd2.exe” [2004-09-13 49152]
“GrooveMonitor”=“e:\office 2007\Office12\GrooveMonitor.exe” [2008-10-25 31072]
“BullGuard”=“e:\antivirus\BullGuard\bullguard.exe” [2010-02-12 304464]
“SunJavaUpdateSched”=“e:\java\bin\jusched.exe” [2009-10-11 149280]
“NeroFilterCheck”=“c:\programmer\Fælles filer\Nero\Lib\NeroCheck.exe” [2007-03-01 153136]
“NBKeyScan”=“e:\nero\Nero 8\Nero BackItUp\NBKeyScan.exe” [2007-08-08 1828136]
“QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2009-11-27 417792]
“Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 35696]
“Adobe ARM”=“c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe” [2009-09-04 935288]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2009-11-20 12669544]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2009-11-20 110184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - e:\hp printer\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Hurtig start.lnk - e:\hp printer\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= “c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll” [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@=“Service”

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“e:\\Office 2007\\Office12\\OUTLOOK.EXE”=
“e:\\Office 2007\\Office12\\GROOVE.EXE”=
“e:\\Office 2007\\Office12\\ONENOTE.EXE”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“e:\\MailStoreHome\\MailStore Home\\MailStoreLocal.exe”=
“c:\\Programmer\\deepinvent\\MailStore Home\\MailStoreLocal.exe”=
“c:\\Programmer\\Messenger\\msmsgs.exe”=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [16-01-2010 22:23 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-11-2009 20:05 721904]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [31-10-2009 13:08 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [02-03-2006 13:00 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [02-03-2006 13:00 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [02-03-2006 13:00 14336]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [05-10-2009 20:52 2560]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\Afw.sys [18-09-2008 10:17 31640]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [31-10-2009 13:09 256792]
S2 gupdate;Google Update Service (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [24-01-2010 20:59 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard   REG_MULTI_SZ     BgMainSvc BsFileScan BsMailProxy BsFire
.
Indhold af mappen ‘Planlagte Opgaver’

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-24 19:59]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-24 19:59]

2010-03-08 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\programmer\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]

2010-03-08 c:\windows\Tasks\User_Feed_Synchronization-{38211D6A-50A6-4AF4-A557-E6764E8F3ED5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.com/
IE: E&ksporter; til Microsoft Excel - e:\office~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\bglsp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
.
- - - - TOMME GENVEJE FJERNET - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Ask Toolbar_is1 - c:\programmer\AskBarDis\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 20:56
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys hal.dll atapi.sys spiz.sys >>UNKNOWN [0x8678D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7873f28
\Driver\ACPI -> ACPI.sys @ 0xf76cdcb8
\Driver\atapi -> atapi.sys @ 0xf7688b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf757fbd4
PacketIndicateHandler -> NDIS.sys @ 0xf758ba21
SendHandler -> NDIS.sys @ 0xf757fd44
user & kernel MBR OK

**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-606747145-1177238915-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb; SDB36o \D25BC253F035D347]
“1”=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
  25
“2”=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
  c3
“3”=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
  8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb; SDB36o \D25BC253F035D347\B3E62936FE1487AF4E0CC9BD2A26433C]
“1”=hex:df,c7,3a,96,ab,66,13,d2,35,84,aa,2e,3b,c4,59,82
“2”=hex:a5,2d,b1,39,25,57,b6,7c,bd,55,f5,f4,85,30,c7,12
“3”=hex:81,20,8f,ab,28,6a,52,9c
“4”=hex:2f,ad,a2,e7,8a,bf,05,5e
“5”=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
  1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
“6”=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
  51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
“7”=hex:93,41,de,56,34,94,a7,b2,13,ca,26,2f,35,a5,e0,53,1e,d5,e7,20,4a,dd,09,
  c9,2d,37,7b,a2,3c,71,f4,5e,ed,02,2a,97,fd,fb,2c,72,12,5f,23,ff,c4,2a,48,c4,\
“8”=hex:1e,e9,4a,6b,fc,a1,34,4c,9c,4d,41,17,f3,df,e9,45,90,ad,84,e7,ee,4b,df,
  fd,09,e4,45,87,a9,df,af,91,60,99,80,07,3f,cb,a7,62
“9”=hex:81,20,8f,ab,28,6a,52,9c
“18”=hex:b6,dd,00,4d,9d,38,11,d1
“10”=hex:81,20,8f,ab,28,6a,52,9c
“11”=hex:81,20,8f,ab,28,6a,52,9c
“12”=hex:81,20,8f,ab,28,6a,52,9c
“13”=hex:81,20,8f,ab,28,6a,52,9c
“14”=hex:81,20,8f,ab,28,6a,52,9c
“24”=hex:81,20,8f,ab,28,6a,52,9c
“26”=hex:81,20,8f,ab,28,6a,52,9c
“27”=hex:81,20,8f,ab,28,6a,52,9c
“19”=hex:81,20,8f,ab,28,6a,52,9c
“22”=hex:81,20,8f,ab,28,6a,52,9c
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘lsass.exe’(508)
c:\windows\system32\bglsp.dll

- - - - - - - > ‘explorer.exe’(2004)
e:\antivirus\BullGuard\antispam\PluginHook.dll
e:\antivirus\BullGuard\res\dk\PluginHookRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
e:\antivirus\BullGuard\BackupShellHook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\nvsvc32.exe
e:\antivirus\BullGuard\BullGuardUpdate.exe
e:\java\bin\jqs.exe
e:\nero\Nero 8\Nero BackItUp\NBService.exe
c:\windows\system32\RUNDLL32.EXE
e:\brænde prg\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\SearchIndexer.exe
e:\hp printer\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\wscntfy.exe
c:\programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
c:\programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-08 20:58:37 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-08 19:58
ComboFix2.txt 2010-03-08 17:58

Pre-Kørsel: 8.844.210.176 byte ledig
Post-Kørsel: 8.706.273.280 byte ledig

Der er ikke mere at komme efter nu.

1. For at rydde op kan du afinstallere Malwarebytes (via Start -> Kontrol Panel -> Tilføj/fjern programmer). ComboFix fjerner du ved at gå i Start -> Kør og skrive combofix /uninstall
Husk mellemrum efter combofix

2. Hvis du vil rydde op i systemgendannelses filerne og starte på en “frisk” så skal du deaktivere systemgendannelse (http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1) - vent et par minutter - aktiver systemgendannelse. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Systemgendannelse og lav et systemgendannelsespunkt, så du har det at vende tilbage til, hvis noget går galt.

3. Du får lige lidt råd med på vejen:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=25&PN=1

God fornøjelse

Har læst på de gode råd, men syntes ikke jeg finder svar om det er nodvendigt at bruge andre programmer end Bullguard ??

Hvad med Malwarebytes må jeg selv bruge det en gang imellem ??

Det burde ikke være nødvendigt med andre programmer end Bullguard.

Du kan sagtens scanne en gang imellem med Malwarebytes, husk at opdatere først.

Super og tak for hjælpen

Der må lukkes.

Velbekomme, og det gør vi bare