Prama Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 23:21:41, on 21-03-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\DigitalPersona\Bin\DPWinLct.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\DigitalPersona\Bin\DpHost.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\PDF Complete\pdfsty.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\DigitalPersona\Bin\DPAgnt.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe I:\SAS\SUPERAntiSpyware.exe C:\program files\steam\steam.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe I:\MagicDisc\MagicDisc.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe I:\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gate.enterdir.com:8080 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Get-Torrent BHO - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - I:\Get-Torrent\TorrentManager.dll O2 - BHO: XBTP01621 Class - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~2\BEARSH~2\MediaBar.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: BearShareMediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Administrator\My Documents\Winamp\wianmpa.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\qttask.exe" -atboottime O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [Live Bone Audio Safe] C:\Documents and Settings\All Users\Application Data\Lies obj live bone\Ping noun.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [internet Privacy Protector] I:\IPP2\IPP.exe O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [setup readme] C:\DOCUME~1\ADMINI~1\APPLIC~1\BOREWA~1\ballstoremix.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] I:\SAS\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [PC Suite Tray] "I:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Startup: MagicDisc.lnk = I:\MagicDisc\MagicDisc.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192312665390 O16 - DPF: {7B41B7AC-3496-4C13-A70F-DE6B60A6A8A8} (MGAME manager Class) - http://legendofares.netgame.com/download/m...anagerv1001.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: !SASWinLogon - I:\SAS\SASWINLO.dll O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - I:\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/22/2008 at 01:01 AM Application Version : 4.0.1154 Core Rules Database Version : 3422 Trace Rules Database Version: 1414 Scan type : Complete Scan Total Scan Time : 00:58:29 Memory items scanned : 635 Memory threats detected : 0 Registry items scanned : 5355 Registry threats detected : 8 File items scanned : 39794 File threats detected : 4 Adware.HotBar/ShopperReports (Low Risk) HKLM\Software\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465} HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465} HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465} HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32 HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32#ThreadingModel HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ProgID HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\TypeLib HKCR\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\VersionIndependentProgID C:\PROGRAM FILES\SHOPPINGREPORT\BIN\2.0.22\SHOPPINGREPORT.DLL Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt BearShare File Sharing Client I:\ARTO\BEARSHARE\BEARSHARE.EXE Lenke til kommentar
snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 (endret) Velkommen. Litt grums er det jo Må ha litt mere info. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt -------------------------- Hent NoLop legg det på skrivebordet. Kjør programmet. Trykk "Search and Destroy"-knappen. Hvis den finner noe, bli du bedt om å trykke på Reboot-knappen. post logg C:\NoLop txt. --------------------------- BearShare finn helts et annet p2p program. Dra med seg en del grums. Endret 22. mars 2008 av SNIPPSAT Lenke til kommentar
Prama Skrevet 22. mars 2008 Forfatter Del Skrevet 22. mars 2008 NoLop Log: NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\Administrator\Desktop [22-03-2008] [13:35:21] ---Infection Files Found/Removed--- C:\WINDOWS\tasks\96B1088A875AA102.job ComboFix Log: ComboFix 08-03-21.2 - Administrator 2008-03-22 13:43:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1177 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000111_.tmp.dll D:\Autorun.inf I:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))) . 2008-03-22 13:37 . 2008-03-22 13:37 <DIR> d-------- C:\NoLopBackups 2008-03-22 13:35 . 2008-03-22 13:38 212 --a------ C:\delete.bat 2008-03-21 23:03 . 2008-03-21 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2008-03-21 13:55 . 2008-03-21 17:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-21 13:55 . 2008-03-21 13:55 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-20 14:55 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys 2008-03-20 14:55 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys 2008-03-20 00:47 . 2008-03-20 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-20 00:47 . 2008-03-20 00:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-03-19 03:58 . 2008-03-19 03:58 <DIR> d-------- C:\Program Files\DIFX 2008-03-19 03:58 . 2008-03-19 03:58 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-03-19 03:58 . 2008-03-19 04:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-03-19 03:58 . 2008-03-19 04:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia 2008-03-19 03:57 . 2008-03-19 03:57 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-03-19 03:57 . 2008-03-19 03:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite 2008-03-19 03:57 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2008-03-19 03:57 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-03-19 03:57 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2008-03-19 03:57 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2008-03-19 03:57 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2008-03-19 03:56 . 2008-03-19 03:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-03-16 14:37 . 2008-03-21 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan 2008-03-16 02:27 . 2008-03-16 02:27 <DIR> d-------- C:\Program Files\Borewaitweb 2008-03-16 02:27 . 2008-03-16 02:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lies obj live bone 2008-03-16 02:27 . 2008-03-16 02:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Borewaitweb 2008-03-13 12:27 . 2008-03-13 12:34 <DIR> d-------- C:\Program Files\Warcraft III 2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\QuickTimePlayer.Resources 2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\QTComponents 2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\PropertyPanels 2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\Plugins 2008-03-04 00:14 . 2008-03-04 00:14 <DIR> d-------- C:\PictureViewer.Resources 2008-02-27 14:03 . 2008-02-27 14:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sierra Entertainment 2008-02-27 13:41 . 2008-02-27 13:41 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2008-02-27 13:41 . 2008-03-20 00:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-27 13:41 . 2008-02-27 13:41 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-02-27 07:42 . 2008-02-27 07:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield 2008-02-26 22:34 . 2008-02-26 22:34 <DIR> d-------- C:\Program Files\Disk Cleaner 2008-02-26 22:34 . 2008-02-26 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Disk Cleaner 2008-02-26 22:33 . 2008-02-26 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Registry Helper 2008-02-26 22:21 . 2008-02-26 22:21 <DIR> d-------- C:\Program Files\Registry Helper . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-22 12:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA 2008-03-21 22:04 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-21 21:25 --------- d-----w C:\Program Files\Steam 2008-03-21 15:39 --------- d-----w C:\Program Files\LimeWire 2008-03-21 15:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-03-21 15:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-03-21 15:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent 2008-03-20 22:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-19 02:58 --------- d-----w C:\Program Files\Common Files\Nokia 2008-03-19 02:57 --------- d-----w C:\Program Files\Nokia 2008-03-16 23:45 --------- d-----w C:\Program Files\Smart Protector 2008-03-10 21:34 --------- d-----w C:\Program Files\iTunes 2008-02-27 02:01 --------- d-----w C:\Program Files\Windows Live 2008-02-17 15:29 3,333 ----a-w C:\Program Files\INSTALL.LOG 2008-02-16 21:08 --------- d-----w C:\Program Files\Common Files\MAGIX Shared 2008-02-16 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX 2008-02-11 19:30 --------- d-----w C:\Program Files\Java 2008-02-08 17:06 --------- d-----w C:\Program Files\dizzler 2008-02-08 17:05 --------- d-----w C:\Program Files\Common Files\SWF Studio 2008-02-01 10:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-01-31 22:13 892,928 ----a-w C:\QTOControl.dll 2008-01-31 22:13 819,200 ----a-w C:\QTOLibrary.dll 2008-01-31 22:13 737,280 ----a-w C:\QTInfo.exe 2008-01-31 22:13 7,525,680 ----a-w C:\QuickTimePlayer.exe 2008-01-31 22:13 512,000 ----a-w C:\PictureViewer.exe 2008-01-31 22:13 385,024 ----a-w C:\QTTask.exe 2008-01-31 22:13 364,544 ----a-w C:\QTUIPanelControl.dll 2008-01-30 21:39 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\SecuROM 2008-01-22 21:52 --------- d-----w C:\Program Files\Maxis 2001-09-28 16:00 164,864 ----a-w C:\Program Files\UNWISE.EXE 2007-10-13 22:34 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2007-09-30 13:04 389120 --a------ C:\Program Files\BearShare applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}] 2007-09-11 09:58 77824 --a------ I:\Get-Torrent\TorrentManager.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 03:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 20:42 68856] "Setup readme"="C:\DOCUME~1\ADMINI~1\APPLIC~1\BOREWA~1\ballstoremix.exe" [2008-03-16 02:27 418816] "SUPERAntiSpyware"="I:\SAS\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] "Steam"="c:\program files\steam\steam.exe" [2007-12-01 23:35 1266936] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-07 09:32 23395368] "Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [2008-02-25 20:31 3728680] "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-08 01:18 360448] "Disk Cleaner"="C:\Program Files\Disk Cleaner\DiskCleaner.exe" [2008-01-23 19:10 3298592] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-19 16:14 287040] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27 219520] "PC Suite Tray"="I:\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-19 06:15 7634944] "WinampAgent"="C:\Documents and Settings\Administrator\My Documents\Winamp\wianmpa.exe" [ ] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 09:51 172032] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-07-10 19:53 872448] "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 21:08 16050688 C:\WINDOWS\RTHDCPL.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26 68640] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 22:44 761856] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 20:50 1138688] "QuickTime Task"="C:\qttask.exe" [2008-01-31 23:13 385024] "PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2006-07-14 16:43 279576] "nwiz"="nwiz.exe" [2007-03-19 06:15 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-19 06:15 86016] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368] "Live Bone Audio Safe"="C:\Documents and Settings\All Users\Application Data\Lies obj live bone\Ping noun.exe" [2008-03-21 20:11 789504] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17 52256] "Internet Privacy Protector"="I:\IPP2\IPP.exe" [2003-03-20 12:17 346112] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 09:50 204800] "DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 17:24 913408] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-02-28 03:00 110592 C:\WINDOWS\system32\bthprops.cpl] "BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 03:00 15360] "Nokia.PCSync"="I:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-01-29 22:42:10 122880] MagicDisc.lnk - I:\MagicDisc\MagicDisc.exe [2008-01-30 22:20:03 557568] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46 118784] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 10:10:00 394856] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= I:\SAS\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] I:\SAS\SASWINLO.dll 2007-04-19 12:41 294912 I:\SAS\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ] C:\WINDOWS\system32\DPWLEvHd.dll 2004-10-13 17:29 102400 C:\WINDOWS\system32\DPWLEvHd.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\system32\\dxdiag.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Program Files\\Steam\\SteamApps\\nextpaint\\counter-strike source\\hl2.exe"= "C:\\Program Files\\Steam\\SteamApps\\nextpaint\\counter-strike\\hl.exe"= "C:\\Program Files\\Steam\\SteamApps\\nextpaint\\dedicated server\\hlds.exe"= "C:\\GAMES\\THPS_4\\Game\\Skate4.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"= "C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"= "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "I:\\BitTorrent\\bittorrent.exe"= "I:\\Sierra Entertainment\\Empire Earth III\\EE3.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:Warcraft III "6119:TCP"= 6119:TCP:Warcraft III "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2006-07-14 16:43] R2 WebCamHelper;WebCamHelper;I:\AVWEBC~1\WebCamHelper.sys [2007-07-06 15:58] S3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2004-08-04 15:58] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;I:\Common\Database\bin\fbserver.exe [2005-11-17 14:18] S3 geebers12;geebers12;C:\Documents and Settings\Administrator\Desktop\Buffy Engine\nvid888.sys [2007-05-03 13:37] S3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2004-08-04 15:59] S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\sminst\VirtDisk.sys [2006-05-06 00:34] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f0badff-ea3c-11db-a9f0-001a4bb6f368}] \Shell\AutoRun\command - J:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder "2008-03-22 12:00:00 C:\WINDOWS\Tasks\96B1088A875AA102.job" - c:\docume~1\admini~1\applic~1\borewa~1\barbpileanti.exe "2008-03-17 10:00:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-21 17:00:07 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-03-22 11:49:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job" Lenke til kommentar
snippsat Skrevet 22. mars 2008 Del Skrevet 22. mars 2008 C:\Program Files\Borewaitweb Er dette en folder du kjenner til,viss ikke slett Last ned oppdatere og kjør full scan SAS free Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx. Kjør register-renser og. Restart og en ny HijackThis logg. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå