Nail.exe i windows mappa

[Mojo Pin]

Hei!

 

Har hørt at hvis man har "nail.exe" i windows-mappa, og det ikke går ann å slette den, så har man aurora-viruset. Vel, jeg har fått slettet filen.

 

Men hver gang jeg starter windows, kommer det opp en feilmelding:

 

"Kunne ikke finne nail.exe" eller noe sånt.

 

Så det må være et eller annet program i oppstarten som trenger filen for å kjøre, sikkert noe dritt. Men jeg aner ikke hvilket program det er.

 

Noen som vet om filer jeg skal se etter i oppstart-mappa, som kan ha noe med nail.exe å gjøre?

 

Mojo

[norbat]

Hei,

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster, så tar vi det derfra.

[Mojo Pin]

Okei

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:13, on 17.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Sygate\SPF\smc.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ps2.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe
C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eier\Skrivebord\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.online.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fra Online ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programfiler\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [qdkyue] c:\windows\system32\qdkyue.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Coz] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Tsun] C:\Documents and Settings\Eier\Programdata\aoel.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: DLHelperEXE.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programfiler\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - https://secure.centrebet.com/poker/centrebetpokerlauncher.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stinemor89.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100026955328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://sjusjoen.axiscam.net/activex/AMC.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36F9271C-E087-4978-99C5-2ED6E2C83597}: NameServer = 148.122.208.99,148.122.161.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C0BA71-BCC1-4541-BB0E-11F78FF85DBD}: NameServer = 193.213.112.4 130.67.60.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{36F9271C-E087-4978-99C5-2ED6E2C83597}: NameServer = 148.122.208.99,148.122.161.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{36F9271C-E087-4978-99C5-2ED6E2C83597}: NameServer = 148.122.208.99,148.122.161.3
O22 - SharedTaskScheduler: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\frennk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

--
End of file - 10400 bytes

 

Mulig jeg tok med mye unødvendig, men..

 

Tusen takk, hvis du gidder å ta en titt på det

[norbat]

Neida, du tok med akkurat det du skulle

 

1. Denne ipadressen er knyttet til Russland. Er det noe du kjenner til? 213.159.117.134

 

2. Hent Combofix, og legg det på skrivebordet.

 

3. Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked':

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [qdkyue] c:\windows\system32\qdkyue.exe

O4 - Startup: DLHelperEXE.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programfiler\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab

O22 - SharedTaskScheduler: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\frennk.dll (file missing)

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

 

 

4. Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

5. Last ned SAS, installer, oppdater og kjør en full (Complete) scan.

 

6. Post loggfilen fra combofix (vanligvis c:\combofix.txt), SAS-loggen (preferences->statistics/logs) + ny hjt-logg

Endret 17. september 2007 av norbat

[Mojo Pin]

Neida, du tok med akkurat det du skulle 

 

1.  Denne ipadressen er knyttet til Russland. Er det noe du kjenner til? 213.159.117.134

 

2.  Hent Combofix, og legg det på skrivebordet.

 

3.  Kjør HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk 'Fix checked':

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [qdkyue] c:\windows\system32\qdkyue.exe

O4 - Startup: DLHelperEXE.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programfiler\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/dlhelper/ve...n7/dlhelper.cab

O22 - SharedTaskScheduler: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\frennk.dll (file missing)

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

 

 

4.  Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

5.  Last ned SAS, installer, oppdater og kjør en full (Complete) scan.

 

6.  Post loggfilen fra combofix (vanligvis c:\combofix.txt), SAS-loggen (preferences->statistics/logs) + ny hjt-logg

9515852[/snapback]

 

Okei!

 

Men på den SAS-sjekken. Skal jeg slette alt han oppdaga, eller skal jeg vente med alt sånn til du har lest loggene?

[norbat]

Når SAS har scannet ferdig, klikker du bare next e.l. SAS vil da slette alt den har funnet og i de fleste tilfeller vil PC-en restarte.

 

Grunnen til at jeg ønsker å se SAS-loggen er for å se hva den fant (hvis den fant noe)

[Mojo Pin]

Når SAS har scannet ferdig, klikker du bare next e.l. SAS vil da slette alt den har funnet og i de fleste tilfeller vil PC-en restarte.

 

Grunnen til at jeg ønsker å se SAS-loggen er for å se hva den fant (hvis den fant noe)

9517072[/snapback]

 

Okei, så den sletter bare filer jeg ikke har bruk for, og ikke viktige systemfiler eller vesentlige filer til seriøse programmer?

 

Skal jeg f.eks merke av alle (198) Adware tracking coockies?

 

og merke av "Registry cleaner trial (6 )

Endret 17. september 2007 av Mojo Pin

[norbat]

SAS fjerner filer som er klassifisert som spyware, adware, div. rootkit etc. Så ingen viktige systemfiler fjernes.

 

EDIT: Alle filene SAS finner blir forvalgt for sletting. Cookies er rimelig unødvendige filer (noen er også knyttet til adware) og kan slettes.

Hvis Registry Cleaner har kommer på lista er det fordi dette programmet ikke nødvendigvis er det den utgir seg for eller at den inneholder tilleggsprogram (spyware,adware etc.).

Endret 17. september 2007 av norbat

[Mojo Pin]

Okei.

 

Her er loggene

 

HJT-logg:

 

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55:14, on 17.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Sygate\SPF\smc.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\ps2.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe
C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Eier\Skrivebord\HJT\HijackThis.exe
C:\Programfiler\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.online.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Online Start Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programfiler\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Coz] C:\WINDOWS\system32\r?ndll.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Tsun] C:\Documents and Settings\Eier\Programdata\aoel.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.online.no/
O15 - Trusted IP range: 209.8.20.130
O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - https://secure.centrebet.com/poker/centrebetpokerlauncher.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stinemor89.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100026955328
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://sjusjoen.axiscam.net/activex/AMC.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36F9271C-E087-4978-99C5-2ED6E2C83597}: NameServer = 148.122.208.99,148.122.161.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C0BA71-BCC1-4541-BB0E-11F78FF85DBD}: NameServer = 193.213.112.4 130.67.60.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{36F9271C-E087-4978-99C5-2ED6E2C83597}: NameServer = 148.122.208.99,148.122.161.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{36F9271C-E087-4978-99C5-2ED6E2C83597}: NameServer = 148.122.208.99,148.122.161.3
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe

--
End of file - 9672 bytes

 

 

 

Combofix:

 

 

ComboFix 07-09-17.2 - "Eier" 2007-09-17 22:36:54.1 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.104 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mcroso~1.net
C:\WINDOWS\system32\mcroso~1.net\M?crosoft.NET\
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2007-08-17 to 2007-09-17  )))))))))))))))))))))))))))))))
.

2007-09-17 22:35	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-09-16 12:35	<DIR>	dr-------	C:\DOCUME~1\NETWOR~1\Favoritter
2007-09-16 12:29	83,096	--a------	C:\WINDOWS\system32\SSSensor.dll
2007-09-16 12:29	60,496	--a------	C:\WINDOWS\system32\drivers\Teefer.sys
2007-09-16 12:29	21,075	--a------	C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-09-16 12:29	14,568	--a------	C:\WINDOWS\system32\drivers\wg6n.sys
2007-09-16 12:29	14,568	--a------	C:\WINDOWS\system32\drivers\wg5n.sys
2007-09-16 12:29	14,568	--a------	C:\WINDOWS\system32\drivers\wg4n.sys
2007-09-16 12:29	14,568	--a------	C:\WINDOWS\system32\drivers\wg3n.sys
2007-09-16 12:29	<DIR>	d--------	C:\Programfiler\Sygate
2007-09-16 12:22	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2007-09-16 12:22	94,416	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-16 12:22	92,848	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-16 12:22	801,144	--a------	C:\WINDOWS\system32\aswBoot.exe
2007-09-16 12:22	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-16 12:22	26,624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-16 12:22	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-16 12:21	<DIR>	d--------	C:\Programfiler\Alwil Software
2007-09-16 11:17	<DIR>	d--------	C:\DOCUME~1\Eier\Contacts
2007-09-15 12:37	<DIR>	d--------	C:\DOCUME~1\Eier\PROGRA~1\ArcSoft
2007-09-14 16:53	<DIR>	d--------	C:\DOCUME~1\Stine\Contacts
2007-09-14 16:52	<DIR>	d----c---	C:\WINDOWS\system32\DRVSTORE
2007-09-08 11:17	<DIR>	d--------	C:\DOCUME~1\Stine\PROGRA~1\Media Player Classic
2007-09-07 23:29	<DIR>	d--------	C:\Programfiler\uTorrent
2007-09-07 23:29	<DIR>	d--------	C:\DOCUME~1\Stine\PROGRA~1\uTorrent
2007-08-27 20:56	61,288	--a------	C:\DOCUME~1\Eier\PROGRA~1\GDIPFONTCACHEV1.DAT
2007-08-23 20:10	442,368	-ra------	C:\WINDOWS\system32\vp6vfw.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 12:28	---------	d--------	C:\Programfiler\Fellesfiler\Wise Installation Wizard
2007-09-16 12:20	---------	d--------	C:\Programfiler\Symantec
2007-09-16 12:20	---------	d--------	C:\Programfiler\Fellesfiler\Symantec Shared
2007-09-16 12:12	---------	d--------	C:\DOCUME~1\ALLUSE~1\PROGRA~1\Symantec
2007-09-16 11:12	---------	d--------	C:\Programfiler\Google
2007-09-15 12:42	---------	d--------	C:\Programfiler\Microsoft AntiSpyware
2007-09-15 12:41	---------	d--------	C:\Programfiler\Axis Communications
2007-09-15 12:40	---------	d--h-----	C:\Programfiler\InstallShield Installation Information
2007-09-15 12:20	---------	d--------	C:\Programfiler\Creative
2007-09-15 12:20	---------	d--------	C:\DOCUME~1\ALLUSE~1\PROGRA~1\Creative
2007-09-15 12:11	---------	d--------	C:\DOCUME~1\ALLUSE~1\PROGRA~1\Google
2007-09-14 16:53	---------	d--------	C:\Programfiler\MSN Messenger
2007-09-06 12:00	26624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-16 20:57	29392	--a------	C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-15 18:18	---------	d--------	C:\Programfiler\Electronic Arts
2007-07-30 19:19	92504	--a------	C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19	549720	--a------	C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19	53080	--a------	C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19	43352	--a------	C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19	325976	--a------	C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19	203096	--a------	C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19	1712984	--a------	C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18	33624	--a------	C:\WINDOWS\system32\wups.dll
2007-07-22 13:44	---------	d--------	C:\DOCUME~1\Eier\PROGRA~1\Help
2007-07-22 13:26	---------	d--------	C:\DOCUME~1\Eier\PROGRA~1\Opera
2007-06-26 08:10	1104896	--a------	C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:33	282112	--a------	C:\WINDOWS\system32\gdi32.dll
---------  C:\Programfiler\Elkjøp Home Photo Service
2004-11-22 00:18:44	56	-csh--r	C:\WINDOWS\system32\7F31996AD3.sys
2005-10-20 20:05:29	6,686	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 07:07]
"CamMonitor"="c:\Programfiler\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 07:23]
"HPHUPD05"="c:\Programfiler\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 03:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 02:58]
"StorageGuard"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-02-13 08:01]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 23:19]
"nwiz"="nwiz.exe" [2003-05-02 23:19 C:\WINDOWS\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 02:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 22:10]
"Sunkist2k"="C:\Programfiler\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 12:27]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57]
"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"Microsoft Works Update Detection"="C:\Programfiler\Fellesfiler\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 04:20]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"OM_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19]
"AVFX Engine"="C:\Programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20:44]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2005-02-13 17:23]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"Coz"="C:\WINDOWS\system32\r?ndll.exe" []
"OM_Monitor"="C:\Programfiler\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"Tsun"="C:\Documents and Settings\Eier\Programdata\aoel.exe" []

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Programfiler\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programfiler\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenor Online Start]
"C:\Programfiler\Telenor\Online Start\Telenor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
"C:\Programfiler\Save\Save.exe"

R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S2 SvcProc;System Startup Service;C:\WINDOWS\svcproc.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-17 22:39:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
"ImagePath"="\"C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp1]
"ImagePath"="System32\DRIVERS\viaagp1.sys"
.
Completion time: 2007-09-17 22:41:18
C:\ComboFix-quarantined-files.txt ... 2007-09-17 22:40
.
--- E O F ---

 

 

 

SAS:

 

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/17/2007 at 11:32 PM

Application Version : 3.9.1008

Core Rules Database Version : 3307
Trace Rules Database Version: 1313

Scan type       : Complete Scan
Total Scan Time : 00:43:27

Memory items scanned      : 447
Memory threats detected   : 0
Registry items scanned    : 5577
Registry threats detected : 9
File items scanned        : 54870
File threats detected     : 199

Adware.Aurora/Nail
HKLM\System\ControlSet001\Services\SvcProc
C:\WINDOWS\SVCPROC.EXE
HKLM\System\ControlSet002\Services\SvcProc
HKLM\System\CurrentControlSet\Services\SvcProc

Adware.Tracking Cookie
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@komtrack[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@atwola[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@4145751[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@cliks[2].txt
C:\Documents and Settings\Eier\Cookies\eier@a[1].txt
C:\Documents and Settings\Eier\Cookies\eier@mediaplex[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@findwhat[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@1071921625[1].txt
C:\Documents and Settings\Eier\Cookies\eier@herfirstanalsex[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@2o7[2].txt
C:\Documents and Settings\Eier\Cookies\eier@0[1].txt
C:\Documents and Settings\Eier\Cookies\eier@count[1].txt
C:\Documents and Settings\Eier\Cookies\eier@bestoffersnetworks[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@559[1].txt
C:\Documents and Settings\Eier\Cookies\eier@valueclick[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@casalemedia[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@paycounter[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@maxserving[1].txt
C:\Documents and Settings\Eier\Cookies\eier@atdmt[2].txt
C:\Documents and Settings\Eier\Cookies\eier@webpower[2].txt
C:\Documents and Settings\Eier\Cookies\eier@amsterdamlivexxx[1].txt
C:\Documents and Settings\Eier\Cookies\eier@mediavantage[2].txt
C:\Documents and Settings\Eier\Cookies\eier@yadro[1].txt
C:\Documents and Settings\Eier\Cookies\eier@hitbox[2].txt
C:\Documents and Settings\Eier\Cookies\eier@cgi-bin[1].txt
C:\Documents and Settings\Eier\Cookies\eier@1071009974[2].txt
C:\Documents and Settings\Eier\Cookies\eier@spylog[1].txt
C:\Documents and Settings\Eier\Cookies\eier@nextag[1].txt
C:\Documents and Settings\Eier\Cookies\eier@roiservice[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@nojet[1].txt
C:\Documents and Settings\Eier\Cookies\eier@teens-dream[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@ad-logics[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@zango[1].txt
C:\Documents and Settings\Eier\Cookies\eier@tribalfusion[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@tradedoubler[1].txt
C:\Documents and Settings\Eier\Cookies\eier@internetfuel[2].txt
C:\Documents and Settings\Eier\Cookies\eier@ebookers[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@apmebf[1].txt
C:\Documents and Settings\Eier\Cookies\eier@clickbank[2].txt
C:\Documents and Settings\Eier\Cookies\eier@xiti[1].txt
C:\Documents and Settings\Eier\Cookies\eier@pro-market[2].txt
C:\Documents and Settings\Eier\Cookies\eier@adtech[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@247realmedia[1].txt
C:\Documents and Settings\Eier\Cookies\eier@bluestreak[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@indexstats[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@adrenaline[1].txt
C:\Documents and Settings\Eier\Cookies\eier@overture[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@39153014[1].txt
C:\Documents and Settings\Eier\Cookies\eier@1069256659[2].txt
C:\Documents and Settings\Eier\Cookies\eier@xxxtoolbar[1].txt
C:\Documents and Settings\Eier\Cookies\eier@oinadserve[2].txt
C:\Documents and Settings\Eier\Cookies\eier@brail[1].txt
C:\Documents and Settings\Eier\Cookies\eier@sbahn[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@qksrv[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@xtendmedia[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@aua[1].txt
C:\Documents and Settings\Eier\Cookies\eier@realmedia[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@zedo[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@men4sexnow[1].txt
C:\Documents and Settings\Eier\Cookies\eier@superstats[1].txt
C:\Documents and Settings\Eier\Cookies\eier@advertising[2].txt
C:\Documents and Settings\Eier\Cookies\eier@1[2].txt
C:\Documents and Settings\Eier\Cookies\eier@1067278927[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@revenue[2].txt
C:\Documents and Settings\Eier\Cookies\eier@doubleclick[1].txt
C:\Documents and Settings\Eier\Cookies\eier@valuead[2].txt
C:\Documents and Settings\Eier\Cookies\eier@offeroptimizer[1].txt
C:\Documents and Settings\Eier\Cookies\eier@statcounter[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@cgi-bin[4].txt
C:\Documents and Settings\Eier\Cookies\eier@1061331351[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@berlintourismus[1].txt
C:\Documents and Settings\Eier\Cookies\eier@cgi-bin[2].txt
C:\Documents and Settings\Eier\Cookies\eier@1072738109[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@1071429690[2].txt
C:\Documents and Settings\Eier\Cookies\eier@1068272483[1].txt
C:\Documents and Settings\Eier\Cookies\eier@belnk[1].txt
C:\Documents and Settings\Eier\Cookies\eier@sbahnshop[1].txt
C:\Documents and Settings\Eier\Cookies\eier@1071681776[1].txt
C:\Documents and Settings\Eier\Cookies\eier@web-stat[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@1071363591[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@1485288[2].txt
C:\Documents and Settings\Eier\Cookies\eier@specificclick[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@noeb[1].txt
C:\Documents and Settings\Eier\Cookies\eier@fastclick[2].txt
C:\Documents and Settings\Eier\Cookies\eier@estat[1].txt
C:\Documents and Settings\Eier\Cookies\eier@checkstat[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@701[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@1068557993[1].txt
C:\Documents and Settings\Eier\Cookies\eier@1072441468[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\eier@dhdmedia[2].txt
C:\Documents and Settings\Eier\Cookies\eier@stibmivb[1].txt
C:\Documents and Settings\Eier\Cookies\eier@1071353071[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@sexsearchcom[1].txt
C:\Documents and Settings\Eier\Cookies\eier@brusair[1].txt
C:\Documents and Settings\Eier\Cookies\eier@indextools[2].txt
C:\Documents and Settings\Eier\Cookies\eier@gostats[2].txt
C:\Documents and Settings\Eier\Cookies\eier@click24[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@revsci[2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@1072706820[1].txt
C:\Documents and Settings\Eier\Cookies\eier@toplist[1].txt
C:\Documents and Settings\Eier\Cookies\eier@1070820818[1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][2].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@opentracker[1].txt
C:\Documents and Settings\Eier\Cookies\eier@cgi-bin[3].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\[email protected][1].txt
C:\Documents and Settings\Eier\Cookies\eier@223128535705246[1].txt
C:\Documents and Settings\Eier\Cookies\eier@523478367474333[1].txt
C:\Documents and Settings\Eier\Cookies\eier@cookiestats[1].txt
C:\Documents and Settings\Eier\Cookies\eier@counter[1].txt
C:\Documents and Settings\Stine\Cookies\[email protected][2].txt
C:\Documents and Settings\Stine\Cookies\stine@atdmt[2].txt
C:\Documents and Settings\Stine\Cookies\stine@doubleclick[1].txt
C:\Documents and Settings\Stine\Cookies\[email protected][2].txt
C:\Documents and Settings\Stine\Cookies\[email protected][2].txt
C:\Documents and Settings\Stine\Cookies\stine@fastclick[2].txt
C:\Documents and Settings\Stine\Cookies\[email protected][2].txt
C:\Documents and Settings\Stine\Cookies\stine@hitbox[2].txt
C:\Documents and Settings\Stine\Cookies\stine@indexstats[2].txt
C:\Documents and Settings\Stine\Cookies\stine@indextools[2].txt
C:\Documents and Settings\Stine\Cookies\[email protected][1].txt
C:\Documents and Settings\Stine\Cookies\[email protected][1].txt
C:\Documents and Settings\Stine\Cookies\stine@roiservice[1].txt
C:\Documents and Settings\Stine\Cookies\[email protected][1].txt
C:\Documents and Settings\Stine\Cookies\[email protected][1].txt
C:\Documents and Settings\Stine\Cookies\stine@statcounter[2].txt
C:\Documents and Settings\Stine\Cookies\[email protected][1].txt
C:\Documents and Settings\Stine\Cookies\[email protected][2].txt
C:\Documents and Settings\Stine\Cookies\stine@tradedoubler[1].txt
C:\Documents and Settings\Stine\Cookies\stine@tribalfusion[1].txt
C:\Documents and Settings\Stine\Cookies\[email protected][1].txt
C:\Documents and Settings\Stine\Cookies\[email protected][2].txt

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [  ]

 

 

 

 

Håper du kan se noe ut av det

Endret 17. september 2007 av Mojo Pin

[norbat]

1. Kjenner du til følgende IP-adresse: 213.159.117.134 (hjemhørende i Russland)?

2. Kjenner du til følgende IP-adresse: 209.8.20.130 (hjemhørende i USA)?

3. https-protokollen er lagt inn i Trusted Zone. Er dette noe du har gjort?

 

Det ble noen spørsmål, men det er greit å få vite svarene, da dette har betydning for hva vi gjør med dem. HJT-loggen din ser forøvrig grei ut. Plages du med noe meldinger etc. nå?

Endret 17. september 2007 av norbat

[Mojo Pin]

1. Kjenner du til følgende IP-adresse: 213.159.117.134 (hjemhørende i Russland)?

2. Kjenner du til følgende IP-adresse: 209.8.20.130 (hjemhørende i USA)?

3. https-protokollen er lagt inn i Trusted Zone. Er dette noe du har gjort?

 

Det ble noen spørsmål, men det er greit å få vite svarene, da dette har betydning for hva vi gjør med dem. HJT-loggen din ser forøvrig grei ut. Plages du med noe meldinger etc. nå?

9517336[/snapback]

 

Det er ikke min pc, så jeg vet dessverre ikke så mye om ip-adressene.

Så nei, jeg vet ikke noe om de ip-adressene.

Må ærlig innrømme at jeg ikke vet hva det vil si at "https-protokollen er lagt inn i Trusted Zone", men tror ikke jeg har gjort det

 

Jeg skal restarte datamaskinen nå, og sjekke om jeg får opp feilmeldingen

[Mojo Pin]

Får ikke opp feilmeldingen nå lenger. Takk for hjelpen

 

Veit som sagt ikke noe om de ip-adressene, da det er kjæresten min sin pc som jeg begynte å rydde opp litt på her om dagen.

 

Det med trusted zone vet jeg heller ikke noe om.

[norbat]

Da kan du til slutt gjør følgende:

 

Kjør hjt og fix følgende linjer:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php

O15 - Trusted IP range: 209.8.20.130

O15 - ProtocolDefaults: 'https' protocol is in Trusted Zone, should be Internet Zone (HKLM)

 

Oppdater gjerne java til siste versjon: http://java.com/en/download/index.jsp

 

Rydde litt i temporære filer og registeret:

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Kjør også noen runder med 'Saker' til det ikke finner flere feil.

 

Restart pc

 

Post ny combofix-logg for en liten dobbeltsjekk