uiop Skrevet 20. februar 2008 Del Skrevet 20. februar 2008 Tror jeg har fått et trojanervirus. Har tatt ut en hijackthis -logg. Håper noen kan se på dette. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:32:52, on 20.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bluetooth\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Norman\npm\bin\niu.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NetProject\sbmntr.exe C:\Program Files\NetProject\sbsm.exe C:\Program Files\NetProject\scit.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\NetProject\scm.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Hotkey Management\FuncKey.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Norman\Npm\bin\ZLH.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\WINDOWS\eHome\ehmsas.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\Bluetooth\Bluetooth-programvare\BTTray.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Jørn\Desktop\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203525143.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKUS\S-1-5-21-4197560266-47200806-733977668-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Kristin') O4 - HKUS\S-1-5-21-4197560266-47200806-733977668-1007\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Kristin') O4 - HKUS\S-1-5-21-4197560266-47200806-733977668-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe (User 'Kristin') O4 - HKUS\S-1-5-21-4197560266-47200806-733977668-1007\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (User 'Kristin') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie_ctx.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?a909b3e9d16b4752a9947d3c2671a487 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?a909b3e9d16b4752a9947d3c2671a487 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing) O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ImageUploader4.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 12362 bytes Lenke til kommentar
XDeaDeadeye Skrevet 20. februar 2008 Del Skrevet 20. februar 2008 Heisann... det er en rekke programmer man kan laste ned for å fjerne slike rakkere... Ett program som jeg virkelig kan ambefale er spyware doctor fra Pc tools. du kan laste ned programmet HER dette programet koster ca 180 norske kroner, men er virkelig vært det!! kjøpte det som nedlastbar fil for 3 dager siden, og skal love deg det fant mye dritt:| Det er en sikker, og god investering. programmet har dessuten sanntidssøking, så om du skulle komme borti en fil eller annet på nett med feks en trojaner skjult, vil programmet umiddelbart blokkere filen fra å skade pcen. Lenke til kommentar
r2d290 Skrevet 20. februar 2008 Del Skrevet 20. februar 2008 sånn ja, her var det litt crap... jeg ville ha startet med å kjøre sas, for å få en sikker fjerning av mest mulig... Last ned SuperAntispyware (SAS) Installer programmet, oppdater og kjør en full scan (complete, ikke quick scan). Post logg fra SAS (Start programmet. Velg: Preferences->statistics/logs) hva gjør SAS: - Det scanner gjennom PC-en, lister opp de infeksjonene det finner og sletter dem. Programmet vil sannsynligvis be om en restart av PC-en. Det lages også en logg som du poster i denne tråden. Etter dette restart maskinen, og post ny HijackThis log. Lenke til kommentar
snippsat Skrevet 21. februar 2008 Del Skrevet 21. februar 2008 Ta med denne og Last ned SmitfraudFix legg det på skrivebordet. Boot trykk f8 sikkerhetmodus Kjør Smitfraudfix, velg valg 2. Post loggen C:\rapport.txt Og en ny HijackThis logg. Lenke til kommentar
uiop Skrevet 21. februar 2008 Forfatter Del Skrevet 21. februar 2008 Har nå kjørt SAS og legger ved loggen fra SAS og Hijack SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/21/2008 at 00:35 AM Application Version : 3.9.1008 Core Rules Database Version : 3406 Trace Rules Database Version: 1398 Scan type : Complete Scan Total Scan Time : 01:15:18 Memory items scanned : 588 Memory threats detected : 7 Registry items scanned : 5748 Registry threats detected : 59 File items scanned : 80350 File threats detected : 417 Trojan.Media-Codec/V5 C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE C:\PROGRAM FILES\NETPROJECT\SBSM.EXE C:\PROGRAM FILES\NETPROJECT\SBSM.EXE C:\PROGRAM FILES\NETPROJECT\SCIT.EXE C:\PROGRAM FILES\NETPROJECT\SCIT.EXE C:\PROGRAM FILES\NETPROJECT\SCM.EXE C:\PROGRAM FILES\NETPROJECT\SCM.EXE C:\PROGRAM FILES\NETPROJECT\WAMDL.DLL C:\PROGRAM FILES\NETPROJECT\WAMDL.DLL C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL [start] C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE [some] C:\PROGRAM FILES\NETPROJECT\SCIT.EXE HKLM\Software\Classes\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE} HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE} HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE} HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\Implemented Categories HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\Implemented Categories\{00021493-0000-0000-C000-000000000046} HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\InprocServer32 HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Internet Explorer\Toolbar#{81705D67-3F73-4983-859B-97D0922E5ABE} C:\PROGRAM FILES\NETPROJECT\SBUN.EXE C:\PROGRAM FILES\NETPROJECT\SCU.EXE C:\PROGRAM FILES\NETPROJECT\WAUN.EXE C:\WINDOWS\Prefetch\SBMNTR.EXE-22367E87.pf C:\WINDOWS\Prefetch\SBSM.EXE-0482749B.pf C:\WINDOWS\Prefetch\SCIT.EXE-08C95C8D.pf C:\WINDOWS\Prefetch\SCM.EXE-10EE30C5.pf Adware.E404 Helper/Variant-A C:\PROGRAM FILES\HELPER\1203525143.DLL C:\PROGRAM FILES\HELPER\1203525143.DLL Unclassified.Unknown Origin HKLM\Software\Classes\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8} HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8} HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8} HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\InprocServer32 HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\InprocServer32#ThreadingModel HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\ProgID HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\Programmable HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\TypeLib HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\VersionIndependentProgID HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C566C34-7D72-4DC1-9BBE-1121A76698F8} Trojan.Media-Codec/V4 HKLM\Software\Classes\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}#xxx HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32 HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\NetProject\scit.exe ] Trojan.Smitfraud Variant/IE Anti-Spyware HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} Adware.Tracking Cookie C:\Documents and Settings\Jørn\Cookies\jørn@winpcdoctor[1].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt C:\Documents and Settings\Jørn\Cookies\jørn@advancedcleaner[1].txt C:\Documents and Settings\Jørn\Cookies\jørn@antispykit[1].txt C:\Documents and Settings\Jørn\Cookies\jørn@winspycontrol[1].txt C:\Documents and Settings\Jørn\Cookies\jørn@atdmt[2].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt C:\Documents and Settings\Jørn\Cookies\jørn@1070847646[1].txt C:\Documents and Settings\Jørn\Cookies\jørn@cgi-bin[1].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt C:\Documents and Settings\Jørn\Cookies\jørn@cgi-bin[2].txt C:\Documents and Settings\Jørn\Cookies\jørn@toplist[1].txt C:\Documents and Settings\Jørn\Cookies\jørn@mediaplex[1].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt C:\Documents and Settings\Jørn\Cookies\jørn@puresafetyhere[1].txt C:\Documents and Settings\Jørn\Cookies\jørn@adultfriendfinder[1].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt C:\Documents and Settings\Jørn\Cookies\jørn@adtech[1].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt C:\Documents and Settings\Jørn\Cookies\jørn@winsecureav[2].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt C:\Documents and Settings\Jørn\Cookies\jørn@revsci[2].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt C:\Documents and Settings\Jørn\Cookies\jørn@winanonymous[1].txt C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\andrea@2o7[2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@adbrite[2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\andrea@adrevolver[2].txt C:\Documents and Settings\Andrea\Cookies\andrea@adrevolver[3].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@adserver[1].txt C:\Documents and Settings\Andrea\Cookies\andrea@adtech[1].txt C:\Documents and Settings\Andrea\Cookies\andrea@advertising[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\andrea@atdmt[2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\andrea@casalemedia[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@clickaider[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\andrea@countercentral[2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@doubleclick[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@fastclick[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\andrea@hitbox[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@indexstats[1].txt C:\Documents and Settings\Andrea\Cookies\andrea@indextools[2].txt C:\Documents and Settings\Andrea\Cookies\andrea@linksynergy[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@mediaplex[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@mtgnewmedia[1].txt C:\Documents and Settings\Andrea\Cookies\andrea@partypoker[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@pro-market[2].txt C:\Documents and Settings\Andrea\Cookies\andrea@questionmarket[1].txt C:\Documents and Settings\Andrea\Cookies\andrea@realmedia[1].txt C:\Documents and Settings\Andrea\Cookies\andrea@revenue[1].txt C:\Documents and Settings\Andrea\Cookies\andrea@revsci[2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\andrea@serving-sys[1].txt C:\Documents and Settings\Andrea\Cookies\andrea@serving-sys[2].txt C:\Documents and Settings\Andrea\Cookies\andrea@serving-sys[3].txt C:\Documents and Settings\Andrea\Cookies\andrea@serving-sys[4].txt C:\Documents and Settings\Andrea\Cookies\andrea@specificclick[2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@statcounter[2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@tacoda[2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@tradedoubler[2].txt C:\Documents and Settings\Andrea\Cookies\andrea@tribalfusion[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\andrea@windowsmedia[1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt C:\Documents and Settings\Andrea\Cookies\andrea@yadro[1].txt C:\Documents and Settings\Andrea\Cookies\andrea@zedo[2].txt C:\Documents and Settings\Kari\Cookies\[email protected][1].txt C:\Documents and Settings\Kari\Cookies\kari@advertising[2].txt C:\Documents and Settings\Kari\Cookies\kari@atdmt[1].txt C:\Documents and Settings\Kari\Cookies\[email protected][2].txt C:\Documents and Settings\Kari\Cookies\kari@doubleclick[1].txt C:\Documents and Settings\Kari\Cookies\[email protected][2].txt C:\Documents and Settings\Kari\Cookies\[email protected][2].txt C:\Documents and Settings\Kari\Cookies\kari@serving-sys[1].txt C:\Documents and Settings\Kari\Cookies\[email protected][1].txt C:\Documents and Settings\Kari\Cookies\kari@tradedoubler[2].txt C:\Documents and Settings\Kristin\Cookies\kristin@247realmedia[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@2o7[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@adbrite[2].txt C:\Documents and Settings\Kristin\Cookies\kristin@adfair[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@adrevolver[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@adrevolver[2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@adtech[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@adverticum[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@advertising[2].txt C:\Documents and Settings\Kristin\Cookies\kristin@apmebf[2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@atdmt[2].txt C:\Documents and Settings\Kristin\Cookies\kristin@atwola[2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@azjmp[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@casalemedia[2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@doubleclick[2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@fastclick[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@hotlog[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@indexstats[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@indextools[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@kanoodle[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@mediaplex[2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@overture[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@partypoker[2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@pro-market[2].txt C:\Documents and Settings\Kristin\Cookies\kristin@questionmarket[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@realmedia[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@revenue[2].txt C:\Documents and Settings\Kristin\Cookies\kristin@revsci[2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@serving-sys[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@specificclick[2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@statcounter[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@tacoda[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@tracker[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@tradedoubler[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@tribalfusion[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt C:\Documents and Settings\Kristin\Cookies\kristin@weborama[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@windowsmedia[1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt C:\Documents and Settings\Kristin\Cookies\kristin@xiti[1].txt C:\Documents and Settings\Kristin\Cookies\kristin@zedo[2].txt Trojan.Security Toolbar C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url Trojan.DNSChanger-Codec HKCR\CLSID\E404.e404mgr HKCR\CLSID\E404.e404mgr#UserId Adware.E404 Helper/Hij HKCR\E404.e404mgr HKCR\E404.e404mgr\CLSID HKCR\E404.e404mgr\CurVer HKCR\E404.e404mgr.1 HKCR\E404.e404mgr.1\CLSID HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB} HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\win32 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836} HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version Adware.E404 Helper C:\Program Files\SOTFONE\1203525146.dll C:\Program Files\SOTFONE Rogue.VirusHeat HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1} HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\gzdzXk HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocHandler32 HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocHandler32#ThreadingModel HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\LocalServer32 HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\LocalServer32#LocalServer32 HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\mIOmgvjjdsP HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\ProgID HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\qfZOmzdrpnJkW HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Typelib HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Utty HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\vBkgsva HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\xdXtechsVle C:\DOCUMENTS AND SETTINGS\JøRN\LOCAL SETTINGS\TEMP\BR103.EXE C:\PROGRAM FILES\VIRUSHEAT 4.3\VIRUSHEAT 4.3.EXE Browser Hijacker.Favorites C:\RECYCLER\S-1-5-21-4197560266-47200806-733977668-1005\DC2.URL C:\RECYCLER\S-1-5-21-4197560266-47200806-733977668-1005\DC3.URL C:\RECYCLER\S-1-5-21-4197560266-47200806-733977668-1005\DC4.URL C:\RECYCLER\S-1-5-21-4197560266-47200806-733977668-1005\DC5.URL Trace.Known Threat Sources C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\js_pog_old[2].js C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\zango_logo[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\Britney_Spears_Green_Bikini_Top[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\topframe_close_btn[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\Keira_Knightley_Getting_It_On_large[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\Britney_Spears_See_Through[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\Jennifer_Aniston_Naked_large[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\Anna_Nicole_Smith_Outdoors_Sex_Part_2_large[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\seekmo_logo[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\green_btn[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\ncp[2].css C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\Paris_Hilton_Striptease[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\lc[2].js C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\Britney_Spears_Pink_Bikini[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\yikers_avril_large[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\Britney_Spears_Upskirt_large[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\Jennifer_Love_Hewitt_Getting_It_On[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7228afe9b7[1].js C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\Anna_Nicole_Smith_Outdoors_Sex_Part_1_large[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\CA5061R7.htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\embed_zango[2].css C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\btndisabled[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\contentAccess_eula_top[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\WLY3OL67\btn_down[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\zango_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\btn[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\of_zango_120x600_08_britney[1].swf C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\gec_get_content[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\Anna_Nicole_Smith_Outdoors_Sex_Part_1_medium[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\of_zango_728x90_08_britney[1].swf C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\js_index_gallery[2].js C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\minify2[1].js C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\lc[2].js C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\bg02[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\CAIVSTEN.php C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\box[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\puresafetyhere[2].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\bg04[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\topframe_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\EulaGateway[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\bot01[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\header_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\btn_uci_yes[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\bg0[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\shield1[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\btn_contact[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\ILK7MHQ5\top_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\btn_scan2[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\btn_buy[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\header_download_dark[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\logo[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\header_buy_dark[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\ILK7MHQ5\bot02[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\offer_download[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\btn_home[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\ILK7MHQ5\copyright[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\btn_try[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\btn_uci_no[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\hover_button_home[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\btn_support[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\win[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\zango_banner[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\Britney_Spears_Butt_Crack_large[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\footer_gray_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\btn_down2[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\marker[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\antispyshield[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\O5IFK5I7\btn_help[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\botr[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\WLY3OL67\spacer[2].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\btn_buy[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\O5IFK5I7\bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\main[1].css C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\1013[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\offer_free_scan[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\anim2[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\button_download[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\WLY3OL67\button_support[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\O5IFK5I7\logo[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\btn_home[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\btn_support[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\btn_freescan[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4HODERCL\bg01[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\button_company[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\b_buy[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\bot_r[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\shield2[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\ajax[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\errorhandler[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\threats_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\text[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\offer[1].png C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\bot_l[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\box_bot[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\logo_r[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\opinions_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\AC_RunActiveContent[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\bullet[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\sep2[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\bot_bg[2].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\header_support_dark[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\btn_overview[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4HODERCL\bg06[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\adc_mainstream_001_f[1].swf C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\adc_mainstream_022_a[1].swf C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\btn_buynow[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\managers[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\CASDMNG9.htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4HODERCL\image1[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\main_bottom[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\noflash[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\flash_detect[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\CAOP8TOR.htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\b_download[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\CAQJSDEF.htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\dbver[1].dat C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\new[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\nav_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\image7[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\btn_download[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\index[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\b_bot[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\flash[2].swf C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\WLY3OL67\bg2[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\image2[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\btn_aboutus[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\b_l_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\styles4[1].css C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\borde1[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\flash[1].swf C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\btn_company[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\header_left[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\stats[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\what[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\image5[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\borde2[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\fullresize[1].htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\btn_affiliates[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\spacer[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\box[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\image4[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\CA2B07LI.htm C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\AC_Button[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\1017[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\ADCFreeInstaller_no[1].exe C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\navv_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\popup[1].swf C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\O5IFK5I7\b_features[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\b_v_bg[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\logo_top[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\bul2[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4HODERCL\stats[1].jpg C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\bg1[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\style[2].css C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\spacer[1].gif C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\CAWTIJKH.htm C:\Documents and Settings\Kristin\Local Settings\Temporary Internet Files\Content.IE5\266JU5HE\bg[2].gif C:\Documents and Settings\Kristin\Local Settings\Temporary Internet Files\Content.IE5\OC5E9H3I\puresafetyhere[1].htm Hijack Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 16:51:22, on 21.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Norman\Npm\bin\ELOGSVC.EXE C:\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Bluetooth\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\Explorer.EXE C:\Norman\Npm\bin\NJEEVES.EXE C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Hotkey Management\FuncKey.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Norman\Npm\bin\ZLH.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Norman\Nvc\bin\cclaw.exe C:\Program Files\TomTom HOME\TomTomHOME.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Bluetooth\Bluetooth-programvare\BTTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Norman\npm\bin\niu.exe C:\Documents and Settings\Jørn\Desktop\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.getlive.no/live O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie_ctx.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?a909b3e9d16b4752a9947d3c2671a487 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?a909b3e9d16b4752a9947d3c2671a487 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ImageUploader4.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 11195 bytes Ser dette bra ut??? Lenke til kommentar
snippsat Skrevet 21. februar 2008 Del Skrevet 21. februar 2008 Loggen ser fin ut Grunn til at jeg foreslo SmitfraudFix var C:\PROGRAM FILES\NETPROJECT\ SAS tok med seg det meste,så da er det greit. Du kan fixe denn linjen. Start HijackThis finn denne linjen merk den,så trykk fixed checked. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Lenke til kommentar
uiop Skrevet 21. februar 2008 Forfatter Del Skrevet 21. februar 2008 Takk for hjelpen. Alt ser ut til å virke som det skal nå Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå