Har kørt en "BananaFIX" og her er følgende LOG. Skal måske lige nævne at jeg ikke fik kopieret eller gemt den første log. Så kørte en gang mere, ved ikke om det betyder noget.
ComboFix 10-02-26.01 - Rasmus Jensen 26-02-2010 23:50:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.2046.1133 [GMT 1:00]
Kører fra: c:\users\Rasmus Jensen\Desktop\BananaFix.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Filer skabt fra 2010-01-26 til 2010-02-26 )))))))))))))))))))))))))))))))))))
.
2010-02-26 22:59 . 2010-02-26 22:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-26 22:59 . 2010-02-26 22:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 22:20 . 2010-02-26 22:41 -------- d-----w- C:\BananaFix
2010-02-23 23:06 . 2010-02-23 23:27 -------- d-----w- c:\program files\Everest Poker
2010-02-23 22:58 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 22:56 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 22:56 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 22:56 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 22:56 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 22:56 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 22:56 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 22:56 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 22:56 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 22:56 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 22:56 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 22:56 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 22:56 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-09 23:08 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-09 23:08 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-09 23:08 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-09 23:08 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-09 23:08 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-09 23:08 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-09 23:07 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-09 23:07 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-09 23:07 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-09 23:07 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-09 23:07 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-09 23:07 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-09 23:07 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-09 23:07 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-09 23:07 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-09 23:07 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-09 23:07 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-01 21:16 . 2010-02-01 21:16 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8EB9.tmp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 22:47 . 2007-12-16 05:28 -------- d-----w- c:\programdata\BullGuard
2010-02-26 22:43 . 2007-10-18 15:09 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-24 22:30 . 2008-01-30 12:08 84856 ----a-w- c:\users\Rasmus Jensen\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-02 23:13 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 23:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-02 00:46 . 2007-12-16 08:28 -------- d-----w- c:\program files\Google
2010-01-20 23:08 . 2009-11-08 12:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 21:43 . 2008-02-02 22:59 368 ----a-w- c:\users\Rasmus Jensen\AppData\Roaming\wklnhst.dat
2009-12-23 18:47 . 2009-12-23 18:47 396552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-07 21:15 . 2009-12-07 21:15 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9425.tmp.exe
2009-12-04 19:48 . 2006-11-21 04:49 77202 ----a-w- c:\windows\system32\perfc006.dat
2009-12-04 19:48 . 2006-11-21 04:49 463344 ----a-w- c:\windows\system32\perfh006.dat
2007-09-12 00:29 . 2007-09-11 07:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BullGuard"="c:\program files\BullGuard Software\BullGuard\BullGuard.exe" [2008-04-11 308552]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 1025320]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 4710400]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"BullGuard"="c:\program files\BullGuard Software\BullGuard\bullguard.exe" [2008-04-11 308552]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-23 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-23 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7a,34,2f,d5,97,61,ca,01
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [01-02-2008 20:31 50896]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [07-07-2008 08:07 21504]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [07-07-2008 08:07 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [18-10-2007 17:19 354840]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\System32\drivers\USBGENE.sys [18-10-2007 17:04 131584]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [13-12-2007 15:39 327168]
R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Software\BullGuard\Reconn.sys [28-06-2007 09:44 16984]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02-02-2010 01:46 135664]
S3 PhilCap;NXP service;c:\windows\System32\drivers\PhilCap.sys [13-12-2007 14:35 908896]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Indhold af mappen 'Planlagte Opgaver'
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:46]
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 00:46]
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.euroinvestor.dk/uSearchURL,(Default) =
hxxp://www.google.com/keyword/%sIE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: tdc.dk\udstedelse.certifikat
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} -
hxxps://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cabDPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} -
hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-26 23:59
Windows 6.0.6002 Service Pack 2 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'Explorer.exe'(2460)
c:\program files\BullGuard Software\BullGuard\antispam\PluginHook.dll
c:\program files\BullGuard Software\BullGuard\res\dk\PluginHookRes.dll
.
Gennemført tid: 2010-02-27 00:02:35
ComboFix-quarantined-files.txt 2010-02-26 23:02
ComboFix2.txt 2010-02-26 22:40
Pre-Kørsel: 164.570.464.256 byte ledig
Post-Kørsel: 164.538.011.648 byte ledig
- - End Of File - - C184265C3DD33D0F048180572334705A