CID Popups Logs

[Prama]

HijackThis:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:21:41, on 21-03-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\DigitalPersona\Bin\DPWinLct.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\DigitalPersona\Bin\DpHost.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PDF Complete\pdfsvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\PDF Complete\pdfsty.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

I:\SAS\SUPERAntiSpyware.exe

C:\program files\steam\steam.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\DNA\btdna.exe

I:\MagicDisc\MagicDisc.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

I:\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gate.enterdir.com:8080

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Get-Torrent BHO - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - I:\Get-Torrent\TorrentManager.dll

O2 - BHO: XBTP01621 Class - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: BearShareMediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\BearShareMediaBar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Administrator\My Documents\Winamp\wianmpa.exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime

O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [Live Bone Audio Safe] C:\Documents and Settings\All Users\Application Data\Lies obj live bone\Ping noun.exe

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [internet Privacy Protector] I:\IPP2\IPP.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [setup readme] C:\DOCUME~1\ADMINI~1\APPLIC~1\BOREWA~1\ballstoremix.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] I:\SAS\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [PC Suite Tray] "I:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Startup: MagicDisc.lnk = I:\MagicDisc\MagicDisc.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192312665390

O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://legendofares.netgame.com/download/m...anagerv1001.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: !SASWinLogon - I:\SAS\SASWINLO.dll

O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe

O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - I:\Common\Database\bin\fbserver.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

 

 

SAS:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/22/2008 at 01:01 AM

 

Application Version : 4.0.1154

 

Core Rules Database Version : 3422

Trace Rules Database Version: 1414

 

Scan type : Complete Scan

Total Scan Time : 00:58:29

 

Memory items scanned : 635

Memory threats detected : 0

Registry items scanned : 5355

Registry threats detected : 8

File items scanned : 39794

File threats detected : 4

 

Adware.HotBar/ShopperReports (Low Risk)

HKLM\Software\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32#ThreadingModel

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ProgID

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\TypeLib

HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\VersionIndependentProgID

C:\PROGRAM FILES\SHOPPINGREPORT\BIN\2.0.22\SHOPPINGREPORT.DLL

 

Adware.Tracking Cookie

C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

 

BearShare File Sharing Client

I:\ARTO\BEARSHARE\BEARSHARE.EXE

[snippsat]

Velkommen.

 

Litt grums er det jo

 

Må ha litt mere info.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

--------------------------

Hent NoLop legg det på skrivebordet.

Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen.

post logg C:\NoLop txt.

---------------------------

BearShare finn helts et annet p2p program.

Dra med seg en del grums.

Endret 22. mars 2008 av SNIPPSAT

[Prama]

NoLop Log:

 

NoLop! Log by Skate_Punk_21

 

Fix running from: C:\Documents and Settings\Administrator\Desktop

[22-03-2008]

[13:35:21]

 

---Infection Files Found/Removed---

C:\WINDOWS\tasks\96B1088A875AA102.job

 

ComboFix Log:

 

ComboFix 08-03-21.2 - Administrator 2008-03-22 13:43:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1177 [GMT 1:00]

Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\_000111_.tmp.dll

D:\Autorun.inf

I:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))

.

 

2008-03-22 13:37 . 2008-03-22 13:37 <DIR> d-------- C:\NoLopBackups

2008-03-22 13:35 . 2008-03-22 13:38 212 --a------ C:\delete.bat

2008-03-21 23:03 . 2008-03-21 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

2008-03-21 13:55 . 2008-03-21 17:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-21 13:55 . 2008-03-21 13:55 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-20 14:55 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys

2008-03-20 14:55 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys

2008-03-20 00:47 . 2008-03-20 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-03-20 00:47 . 2008-03-20 00:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2008-03-19 03:58 . 2008-03-19 03:58 <DIR> d-------- C:\Program Files\DIFX

2008-03-19 03:58 . 2008-03-19 03:58 <DIR> d-------- C:\Program Files\Common Files\PCSuite

2008-03-19 03:58 . 2008-03-19 04:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-03-19 03:58 . 2008-03-19 04:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia

2008-03-19 03:57 . 2008-03-19 03:57 <DIR> d-------- C:\Program Files\PC Connectivity Solution

2008-03-19 03:57 . 2008-03-19 03:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite

2008-03-19 03:57 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys

2008-03-19 03:57 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-03-19 03:57 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys

2008-03-19 03:57 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys

2008-03-19 03:57 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys

2008-03-19 03:56 . 2008-03-19 03:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-03-16 14:37 . 2008-03-21 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan

2008-03-16 02:27 . 2008-03-16 02:27 <DIR> d-------- C:\Program Files\Borewaitweb

2008-03-16 02:27 . 2008-03-16 02:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lies obj live bone

2008-03-16 02:27 . 2008-03-16 02:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Borewaitweb

2008-03-13 12:27 . 2008-03-13 12:34 <DIR> d-------- C:\Program Files\Warcraft III

2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\QuickTimePlayer.Resources

2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\QTComponents

2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\PropertyPanels

2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\Plugins

2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\PictureViewer.Resources

2008-02-27 14:03 . 2008-02-27 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sierra Entertainment

2008-02-27 13:41 . 2008-02-27 13:41 <DIR> d-------- C:\WINDOWS\system32\AGEIA

2008-02-27 13:41 . 2008-03-20 00:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-02-27 13:41 . 2008-02-27 13:41 <DIR> d-------- C:\Program Files\AGEIA Technologies

2008-02-27 07:42 . 2008-02-27 07:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield

2008-02-26 22:34 . 2008-02-26 22:34 <DIR> d-------- C:\Program Files\Disk Cleaner

2008-02-26 22:34 . 2008-02-26 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner

2008-02-26 22:33 . 2008-02-26 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Registry Helper

2008-02-26 22:21 . 2008-02-26 22:21 <DIR> d-------- C:\Program Files\Registry Helper

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-22 12:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA

2008-03-21 22:04 --------- d-----w C:\Program Files\Windows Live Toolbar

2008-03-21 21:25 --------- d-----w C:\Program Files\Steam

2008-03-21 15:39 --------- d-----w C:\Program Files\LimeWire

2008-03-21 15:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire

2008-03-21 15:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype

2008-03-21 15:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent

2008-03-20 22:47 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-19 02:58 --------- d-----w C:\Program Files\Common Files\Nokia

2008-03-19 02:57 --------- d-----w C:\Program Files\Nokia

2008-03-16 23:45 --------- d-----w C:\Program Files\Smart Protector

2008-03-10 21:34 --------- d-----w C:\Program Files\iTunes

2008-02-27 02:01 --------- d-----w C:\Program Files\Windows Live

2008-02-17 15:29 3,333 ----a-w C:\Program Files\INSTALL.LOG

2008-02-16 21:08 --------- d-----w C:\Program Files\Common Files\MAGIX Shared

2008-02-16 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX

2008-02-11 19:30 --------- d-----w C:\Program Files\Java

2008-02-08 17:06 --------- d-----w C:\Program Files\dizzler

2008-02-08 17:05 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-02-01 10:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-01-31 22:13 892,928 ----a-w C:\QTOControl.dll

2008-01-31 22:13 819,200 ----a-w C:\QTOLibrary.dll

2008-01-31 22:13 737,280 ----a-w C:\QTInfo.exe

2008-01-31 22:13 7,525,680 ----a-w C:\QuickTimePlayer.exe

2008-01-31 22:13 512,000 ----a-w C:\PictureViewer.exe

2008-01-31 22:13 385,024 ----a-w C:\QTTask.exe

2008-01-31 22:13 364,544 ----a-w C:\QTUIPanelControl.dll

2008-01-30 21:39 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\SecuROM

2008-01-22 21:52 --------- d-----w C:\Program Files\Maxis

2001-09-28 16:00 164,864 ----a-w C:\Program Files\UNWISE.EXE

2007-10-13 22:34 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2007-09-30 13:04 389120 --a------ C:\Program Files\BearShare applications\BearShare MediaBar\BearShareIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]

2007-09-11 09:58 77824 --a------ I:\Get-Torrent\TorrentManager.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 03:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 20:42 68856]

"Setup readme"="C:\DOCUME~1\ADMINI~1\APPLIC~1\BOREWA~1\ballstoremix.exe" [2008-03-16 02:27 418816]

"SUPERAntiSpyware"="I:\SAS\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

"Steam"="c:\program files\steam\steam.exe" [2007-12-01 23:35 1266936]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-07 09:32 23395368]

"Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [2008-02-25 20:31 3728680]

"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-08 01:18 360448]

"Disk Cleaner"="C:\Program Files\Disk Cleaner\DiskCleaner.exe" [2008-01-23 19:10 3298592]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-19 16:14 287040]

"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27 219520]

"PC Suite Tray"="I:\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-19 06:15 7634944]

"WinampAgent"="C:\Documents and Settings\Administrator\My Documents\Winamp\wianmpa.exe" [ ]

"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51 172032]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-07-10 19:53 872448]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 21:08 16050688 C:\WINDOWS\RTHDCPL.exe]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640]

"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 22:44 761856]

"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 20:50 1138688]

"QuickTime Task"="C:\qttask.exe" [2008-01-31 23:13 385024]

"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2006-07-14 16:43 279576]

"nwiz"="nwiz.exe" [2007-03-19 06:15 1622016 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-19 06:15 86016]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]

"Live Bone Audio Safe"="C:\Documents and Settings\All Users\Application Data\Lies obj live bone\Ping noun.exe" [2008-03-21 20:11 789504]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256]

"Internet Privacy Protector"="I:\IPP2\IPP.exe" [2003-03-20 12:17 346112]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 09:50 204800]

"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 17:24 913408]

"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 03:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 03:00 15360]

"Nokia.PCSync"="I:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

 

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-01-29 22:42:10 122880]

MagicDisc.lnk - I:\MagicDisc\MagicDisc.exe [2008-01-30 22:20:03 557568]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46 118784]

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 10:10:00 394856]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= I:\SAS\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

I:\SAS\SASWINLO.dll 2007-04-19 12:41 294912 I:\SAS\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]

C:\WINDOWS\system32\DPWLEvHd.dll 2004-10-13 17:29 102400 C:\WINDOWS\system32\DPWLEvHd.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\WINDOWS\\system32\\dxdiag.exe"=

"C:\\WINDOWS\\system32\\dpnsvr.exe"=

"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"=

"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Program Files\\Steam\\SteamApps\\nextpaint\\counter-strike source\\hl2.exe"=

"C:\\Program Files\\Steam\\SteamApps\\nextpaint\\counter-strike\\hl.exe"=

"C:\\Program Files\\Steam\\SteamApps\\nextpaint\\dedicated server\\hlds.exe"=

"C:\\GAMES\\THPS_4\\Game\\Skate4.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"=

"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=

"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"I:\\BitTorrent\\bittorrent.exe"=

"I:\\Sierra Entertainment\\Empire Earth III\\EE3.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:Warcraft III

"6119:TCP"= 6119:TCP:Warcraft III

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2006-07-14 16:43]

R2 WebCamHelper;WebCamHelper;I:\AVWEBC~1\WebCamHelper.sys [2007-07-06 15:58]

S3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2004-08-04 15:58]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;I:\Common\Database\bin\fbserver.exe [2005-11-17 14:18]

S3 geebers12;geebers12;C:\Documents and Settings\Administrator\Desktop\Buffy Engine\nvid888.sys [2007-05-03 13:37]

S3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2004-08-04 15:59]

S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\sminst\VirtDisk.sys [2006-05-06 00:34]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f0badff-ea3c-11db-a9f0-001a4bb6f368}]

\Shell\AutoRun\command - J:\setupSNK.exe

 

.

Contents of the 'Scheduled Tasks' folder

"2008-03-22 12:00:00 C:\WINDOWS\Tasks\96B1088A875AA102.job"

- c:\docume~1\admini~1\applic~1\borewa~1\barbpileanti.exe

"2008-03-17 10:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-03-21 17:00:07 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

"2008-03-22 11:49:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"

[snippsat]

C:\Program Files\Borewaitweb

Er dette en folder du kjenner til,viss ikke slett

 

Last ned oppdatere og kjør full scan SAS free

 

Last ned kjør CCleaner

Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx.

Kjør register-renser og.

 

Restart og en ny HijackThis logg.