HDSoftware Skrevet 10. november 2010 Del Skrevet 10. november 2010 Har et resultat søk her. Ser at det er noe som heter SWEETIE som jeg ikek vet hva er. I tillegg så feiler Internet Explorer under oppstart. Takker for hjelp... ComboFix 10-11-09.01 - Markus 10.11.2010 10:01:58.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.2045.944 [GMT 1:00] Kjører fra: c:\users\Markus\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\drv\Tuner\Yuan\Resources\_desktop.ini c:\windows\File1.exe c:\windows\File2.exe c:\windows\system\BisonC07.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-10-10 til 2010-11-10 ))))))))))))))))))))))))))))))))) . 2010-11-10 09:17 . 2010-11-10 09:18 -------- d-----w- c:\users\Markus\AppData\Local\temp 2010-11-10 09:17 . 2010-11-10 09:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-10 08:33 . 2010-11-10 08:33 -------- d-----w- c:\users\Markus\AppData\Roaming\Malwarebytes 2010-11-10 08:33 . 2010-11-10 08:33 -------- d-----w- c:\programdata\Malwarebytes 2010-11-10 08:33 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-10 08:33 . 2010-11-10 08:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-10 08:33 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-09 23:46 . 2010-11-09 23:46 -------- d-----w- c:\program files\Paint.NET 2010-11-09 23:45 . 2010-11-09 23:48 -------- d-----w- c:\users\Markus\AppData\Local\Paint.NET 2010-11-09 23:31 . 2010-11-09 23:31 -------- d-----w- C:\PerfLogs 2010-11-09 13:19 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{097486CB-3640-42FB-AC30-1BFEAF94BF4D}\mpengine.dll 2010-11-07 17:04 . 2010-11-08 16:54 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-11-06 21:27 . 2010-11-06 21:27 -------- d-----w- c:\users\Markus\AppData\Roaming\DivX 2010-11-06 21:26 . 2010-11-06 21:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-11-06 21:26 . 2010-11-06 21:26 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-11-06 21:23 . 2010-11-06 21:27 -------- d-----w- c:\program files\DivX 2010-11-06 21:22 . 2010-11-06 21:27 -------- d-----w- c:\programdata\DivX 2010-11-06 21:12 . 2010-11-06 21:12 -------- d-----w- c:\program files\Xvid 2010-11-06 21:12 . 2008-12-13 19:01 77824 ----a-w- c:\windows\system32\xvid.ax 2010-11-06 21:12 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll 2010-11-06 21:12 . 2008-12-04 20:42 815104 ----a-w- c:\windows\system32\xvidcore.dll 2010-11-01 21:43 . 2010-11-01 21:43 -------- d-----w- c:\users\Markus\AppData\Roaming\OpenOffice.org 2010-11-01 21:36 . 2010-11-01 21:36 -------- d-----w- c:\program files\JRE 2010-11-01 21:36 . 2010-11-01 21:36 -------- d-----w- c:\program files\OpenOffice.org 3 2010-11-01 15:00 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2010-10-30 19:39 . 2010-10-30 19:39 -------- d-----w- c:\users\Markus\AppData\Roaming\.minecraft . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-09 23:15 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-11-09 23:15 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-10-19 09:41 . 2010-06-13 15:08 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-15 03:50 . 2010-08-15 20:57 472808 ----a-w- c:\windows\system32\deployJava1.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2010-06-13 15:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-07-04 322352] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-09-10 107864] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Google Update"="c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-12 136176] "Steam"="c:\program files\steam1\Steam.exe" [2010-10-02 1242448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "Skytel"="Skytel.exe" [2007-06-15 1826816] "BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-11 1286144] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 768520] "PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400] "autodetect"="c:\windows\system32\SupportAppXL\AutoDect.exe" [2008-11-04 91648] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-15 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-15 8534560] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-15 81920] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IMVU.lnk - c:\users\Markus\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [2010-9-10 21760] OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-21 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-11-04 7168] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-24 691696] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 41456] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-09-10 238952] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-08-31 36608] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - FSUSBEXDISK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2206534716-1610247508-465571353-1000Core.job - c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-12 21:36] 2010-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2206534716-1610247508-465571353-1000UA.job - c:\users\Markus\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-12 21:36] 2010-11-08 c:\windows\Tasks\Norton Security Scan for Markus.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-07 07:48] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://home.sweetim.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://home.sweetim.com uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\0bamjce3.default\ FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Markus\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\users\Markus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd HKLM-Run-eRecoveryService - (no file) HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe HKLM-Run-NPSStartup - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-10 10:18 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2010-11-10 10:22:53 ComboFix-quarantined-files.txt 2010-11-10 09:22 Pre-Run: 62 149 369 856 byte ledig Post-Run: 62 846 435 328 byte ledig - - End Of File - - 7740CAF29D57A422962DAF35BD4FDC09 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå