virus noe som kan hjelpe

[uiop]

Tror jeg har fått et trojanervirus. Har tatt ut en hijackthis -logg. Håper noen kan se på dette.

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 21:32:52, on 20.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Bluetooth\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Norman\npm\bin\niu.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NetProject\sbmntr.exe

C:\Program Files\NetProject\sbsm.exe

C:\Program Files\NetProject\scit.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\NetProject\scm.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Hotkey Management\FuncKey.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\TomTom HOME\TomTomHOME.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program Files\Bluetooth\Bluetooth-programvare\BTTray.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\Jørn\Desktop\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: e404 helper - {2C566C34-7D72-4DC1-9BBE-1121A76698F8} - C:\Program Files\Helper\1203525143.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe

O4 - HKUS\S-1-5-21-4197560266-47200806-733977668-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Kristin')

O4 - HKUS\S-1-5-21-4197560266-47200806-733977668-1007\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Kristin')

O4 - HKUS\S-1-5-21-4197560266-47200806-733977668-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe (User 'Kristin')

O4 - HKUS\S-1-5-21-4197560266-47200806-733977668-1007\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (User 'Kristin')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie_ctx.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?a909b3e9d16b4752a9947d3c2671a487

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?a909b3e9d16b4752a9947d3c2671a487

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ImageUploader4.cab

O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 12362 bytes

 

[XDeaDeadeye]

Heisann...

 

det er en rekke programmer man kan laste ned for å fjerne slike rakkere...

Ett program som jeg virkelig kan ambefale er spyware doctor fra Pc tools.

 

du kan laste ned programmet HER

 

dette programet koster ca 180 norske kroner, men er virkelig vært det!! kjøpte det som nedlastbar fil for 3 dager siden, og skal love deg det fant mye dritt:|

 

Det er en sikker, og god investering. programmet har dessuten sanntidssøking, så om du skulle komme borti en fil eller annet på nett med feks en trojaner skjult, vil programmet umiddelbart blokkere filen fra å skade pcen.

[r2d290]

sånn ja, her var det litt crap...

 

jeg ville ha startet med å kjøre sas, for å få en sikker fjerning av mest mulig...

Last ned SuperAntispyware (SAS) Installer programmet, oppdater og kjør en full scan (complete, ikke quick scan). Post logg fra SAS (Start programmet. Velg: Preferences->statistics/logs)

 

hva gjør SAS:

 

 

- Det scanner gjennom PC-en, lister opp de infeksjonene det finner og sletter dem. Programmet vil sannsynligvis be om en restart av PC-en. Det lages også en logg som du poster i denne tråden.

 

 

 

Etter dette restart maskinen,

og post ny HijackThis log.

[snippsat]

Ta med denne og

 

Last ned SmitfraudFix legg det på skrivebordet.

Boot trykk f8 sikkerhetmodus

Kjør Smitfraudfix, velg valg 2.

Post loggen C:\rapport.txt

 

Og en ny HijackThis logg.

[uiop]

Har nå kjørt SAS og legger ved loggen fra SAS og Hijack

 

SAS:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 02/21/2008 at 00:35 AM

 

Application Version : 3.9.1008

 

Core Rules Database Version : 3406

Trace Rules Database Version: 1398

 

Scan type : Complete Scan

Total Scan Time : 01:15:18

 

Memory items scanned : 588

Memory threats detected : 7

Registry items scanned : 5748

Registry threats detected : 59

File items scanned : 80350

File threats detected : 417

 

Trojan.Media-Codec/V5

C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE

C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE

C:\PROGRAM FILES\NETPROJECT\SBSM.EXE

C:\PROGRAM FILES\NETPROJECT\SBSM.EXE

C:\PROGRAM FILES\NETPROJECT\SCIT.EXE

C:\PROGRAM FILES\NETPROJECT\SCIT.EXE

C:\PROGRAM FILES\NETPROJECT\SCM.EXE

C:\PROGRAM FILES\NETPROJECT\SCM.EXE

C:\PROGRAM FILES\NETPROJECT\WAMDL.DLL

C:\PROGRAM FILES\NETPROJECT\WAMDL.DLL

C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL

C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL

[start] C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE

[some] C:\PROGRAM FILES\NETPROJECT\SCIT.EXE

HKLM\Software\Classes\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}

HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}

HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}

HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\Implemented Categories

HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\Implemented Categories\{00021493-0000-0000-C000-000000000046}

HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\InprocServer32

HKCR\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Internet Explorer\Toolbar#{81705D67-3F73-4983-859B-97D0922E5ABE}

C:\PROGRAM FILES\NETPROJECT\SBUN.EXE

C:\PROGRAM FILES\NETPROJECT\SCU.EXE

C:\PROGRAM FILES\NETPROJECT\WAUN.EXE

C:\WINDOWS\Prefetch\SBMNTR.EXE-22367E87.pf

C:\WINDOWS\Prefetch\SBSM.EXE-0482749B.pf

C:\WINDOWS\Prefetch\SCIT.EXE-08C95C8D.pf

C:\WINDOWS\Prefetch\SCM.EXE-10EE30C5.pf

 

Adware.E404 Helper/Variant-A

C:\PROGRAM FILES\HELPER\1203525143.DLL

C:\PROGRAM FILES\HELPER\1203525143.DLL

 

Unclassified.Unknown Origin

HKLM\Software\Classes\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}

HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}

HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}

HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\InprocServer32

HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\InprocServer32#ThreadingModel

HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\ProgID

HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\Programmable

HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\TypeLib

HKCR\CLSID\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}\VersionIndependentProgID

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C566C34-7D72-4DC1-9BBE-1121A76698F8}

 

Trojan.Media-Codec/V4

HKLM\Software\Classes\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}

HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}

HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}#xxx

HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32

HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32#ThreadingModel

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\NetProject\scit.exe ]

 

Trojan.Smitfraud Variant/IE Anti-Spyware

HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

 

Adware.Tracking Cookie

C:\Documents and Settings\Jørn\Cookies\jørn@winpcdoctor[1].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt

C:\Documents and Settings\Jørn\Cookies\jørn@advancedcleaner[1].txt

C:\Documents and Settings\Jørn\Cookies\jørn@antispykit[1].txt

C:\Documents and Settings\Jørn\Cookies\jørn@winspycontrol[1].txt

C:\Documents and Settings\Jørn\Cookies\jørn@atdmt[2].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt

C:\Documents and Settings\Jørn\Cookies\jørn@1070847646[1].txt

C:\Documents and Settings\Jørn\Cookies\jørn@cgi-bin[1].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt

C:\Documents and Settings\Jørn\Cookies\jørn@cgi-bin[2].txt

C:\Documents and Settings\Jørn\Cookies\jørn@toplist[1].txt

C:\Documents and Settings\Jørn\Cookies\jørn@mediaplex[1].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt

C:\Documents and Settings\Jørn\Cookies\jørn@puresafetyhere[1].txt

C:\Documents and Settings\Jørn\Cookies\jørn@adultfriendfinder[1].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt

C:\Documents and Settings\Jørn\Cookies\jørn@adtech[1].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt

C:\Documents and Settings\Jørn\Cookies\jørn@winsecureav[2].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][2].txt

C:\Documents and Settings\Jørn\Cookies\jørn@revsci[2].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt

C:\Documents and Settings\Jørn\Cookies\jørn@winanonymous[1].txt

C:\Documents and Settings\Jørn\Cookies\jø[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@2o7[2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@adbrite[2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@adrevolver[2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@adrevolver[3].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@adserver[1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@adtech[1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@advertising[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@atdmt[2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@casalemedia[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@clickaider[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@countercentral[2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@doubleclick[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@fastclick[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@hitbox[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@indexstats[1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@indextools[2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@linksynergy[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@mediaplex[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@mtgnewmedia[1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@partypoker[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@pro-market[2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@questionmarket[1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@realmedia[1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@revenue[1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@revsci[2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@serving-sys[1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@serving-sys[2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@serving-sys[3].txt

C:\Documents and Settings\Andrea\Cookies\andrea@serving-sys[4].txt

C:\Documents and Settings\Andrea\Cookies\andrea@specificclick[2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@statcounter[2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@tacoda[2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@tradedoubler[2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@tribalfusion[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\andrea@windowsmedia[1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][2].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\[email protected][1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@yadro[1].txt

C:\Documents and Settings\Andrea\Cookies\andrea@zedo[2].txt

C:\Documents and Settings\Kari\Cookies\[email protected][1].txt

C:\Documents and Settings\Kari\Cookies\kari@advertising[2].txt

C:\Documents and Settings\Kari\Cookies\kari@atdmt[1].txt

C:\Documents and Settings\Kari\Cookies\[email protected][2].txt

C:\Documents and Settings\Kari\Cookies\kari@doubleclick[1].txt

C:\Documents and Settings\Kari\Cookies\[email protected][2].txt

C:\Documents and Settings\Kari\Cookies\[email protected][2].txt

C:\Documents and Settings\Kari\Cookies\kari@serving-sys[1].txt

C:\Documents and Settings\Kari\Cookies\[email protected][1].txt

C:\Documents and Settings\Kari\Cookies\kari@tradedoubler[2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@247realmedia[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@2o7[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@adbrite[2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@adfair[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@adrevolver[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@adrevolver[2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@adtech[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@adverticum[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@advertising[2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@apmebf[2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@atdmt[2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@atwola[2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@azjmp[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@casalemedia[2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@doubleclick[2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@fastclick[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@hotlog[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@indexstats[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@indextools[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@kanoodle[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@mediaplex[2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@overture[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@partypoker[2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@pro-market[2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@questionmarket[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@realmedia[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@revenue[2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@revsci[2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@serving-sys[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@specificclick[2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@statcounter[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@tacoda[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@tracker[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@tradedoubler[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@tribalfusion[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][2].txt

C:\Documents and Settings\Kristin\Cookies\kristin@weborama[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@windowsmedia[1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\[email protected][1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@xiti[1].txt

C:\Documents and Settings\Kristin\Cookies\kristin@zedo[2].txt

 

Trojan.Security Toolbar

C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url

C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

 

Trojan.DNSChanger-Codec

HKCR\CLSID\E404.e404mgr

HKCR\CLSID\E404.e404mgr#UserId

 

Adware.E404 Helper/Hij

HKCR\E404.e404mgr

HKCR\E404.e404mgr\CLSID

HKCR\E404.e404mgr\CurVer

HKCR\E404.e404mgr.1

HKCR\E404.e404mgr.1\CLSID

HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}

HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0

HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0

HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\win32

HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS

HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR

HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}

HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid

HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32

HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib

HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

 

Adware.E404 Helper

C:\Program Files\SOTFONE\1203525146.dll

C:\Program Files\SOTFONE

 

Rogue.VirusHeat

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\gzdzXk

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocHandler32

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InprocHandler32#ThreadingModel

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\LocalServer32

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\LocalServer32#LocalServer32

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\mIOmgvjjdsP

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\ProgID

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\qfZOmzdrpnJkW

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Typelib

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\Utty

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\vBkgsva

HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\xdXtechsVle

C:\DOCUMENTS AND SETTINGS\JøRN\LOCAL SETTINGS\TEMP\BR103.EXE

C:\PROGRAM FILES\VIRUSHEAT 4.3\VIRUSHEAT 4.3.EXE

 

Browser Hijacker.Favorites

C:\RECYCLER\S-1-5-21-4197560266-47200806-733977668-1005\DC2.URL

C:\RECYCLER\S-1-5-21-4197560266-47200806-733977668-1005\DC3.URL

C:\RECYCLER\S-1-5-21-4197560266-47200806-733977668-1005\DC4.URL

C:\RECYCLER\S-1-5-21-4197560266-47200806-733977668-1005\DC5.URL

 

Trace.Known Threat Sources

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\js_pog_old[2].js

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\zango_logo[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\Britney_Spears_Green_Bikini_Top[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\topframe_close_btn[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\Keira_Knightley_Getting_It_On_large[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\Britney_Spears_See_Through[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\Jennifer_Aniston_Naked_large[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\Anna_Nicole_Smith_Outdoors_Sex_Part_2_large[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\seekmo_logo[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\green_btn[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\ncp[2].css

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\Paris_Hilton_Striptease[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\lc[2].js

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\Britney_Spears_Pink_Bikini[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\yikers_avril_large[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\Britney_Spears_Upskirt_large[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\Jennifer_Love_Hewitt_Getting_It_On[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7228afe9b7[1].js

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\Anna_Nicole_Smith_Outdoors_Sex_Part_1_large[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\CA5061R7.htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\embed_zango[2].css

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\btndisabled[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\contentAccess_eula_top[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\WLY3OL67\btn_down[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\zango_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\btn[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\of_zango_120x600_08_britney[1].swf

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\gec_get_content[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\Anna_Nicole_Smith_Outdoors_Sex_Part_1_medium[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\of_zango_728x90_08_britney[1].swf

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\js_index_gallery[2].js

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\minify2[1].js

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\lc[2].js

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\bg02[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\CAIVSTEN.php

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\box[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\puresafetyhere[2].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\bg04[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\topframe_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\EulaGateway[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\bot01[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\header_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\btn_uci_yes[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\bg0[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\shield1[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\btn_contact[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\ILK7MHQ5\top_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\btn_scan2[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\btn_buy[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\header_download_dark[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\logo[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\header_buy_dark[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\ILK7MHQ5\bot02[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\offer_download[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\btn_home[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\ILK7MHQ5\copyright[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\btn_try[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\btn_uci_no[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\hover_button_home[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\btn_support[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\win[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\zango_banner[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\Britney_Spears_Butt_Crack_large[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\footer_gray_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\btn_down2[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\marker[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\antispyshield[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\O5IFK5I7\btn_help[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\botr[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\WLY3OL67\spacer[2].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\btn_buy[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\O5IFK5I7\bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\main[1].css

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\1013[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\offer_free_scan[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\anim2[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\button_download[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\WLY3OL67\button_support[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\O5IFK5I7\logo[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\btn_home[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\btn_support[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\btn_freescan[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4HODERCL\bg01[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\button_company[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\b_buy[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\bot_r[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\shield2[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\ajax[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\errorhandler[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\threats_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\text[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\offer[1].png

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\bot_l[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\box_bot[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\logo_r[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\opinions_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\AC_RunActiveContent[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\bullet[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\sep2[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\bot_bg[2].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\header_support_dark[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\btn_overview[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4HODERCL\bg06[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\adc_mainstream_001_f[1].swf

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\adc_mainstream_022_a[1].swf

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\btn_buynow[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\managers[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\CASDMNG9.htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4HODERCL\image1[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\main_bottom[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\noflash[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\flash_detect[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\CAOP8TOR.htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\b_download[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\CAQJSDEF.htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\dbver[1].dat

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\new[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\nav_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\image7[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\btn_download[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\index[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\b_bot[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\flash[2].swf

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\WLY3OL67\bg2[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\QZOJ9IVM\image2[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\btn_aboutus[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\b_l_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\styles4[1].css

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\borde1[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\flash[1].swf

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\btn_company[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\YH9I3IDC\header_left[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4DM305E3\stats[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\what[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\image5[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\borde2[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\fullresize[1].htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5HMJ0TQF\btn_affiliates[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\272RY9E3\spacer[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\box[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\image4[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\CA2B07LI.htm

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\AC_Button[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GTEJKTAR\1017[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\GHAV4PYN\ADCFreeInstaller_no[1].exe

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SZ33QGT9\navv_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\AL4J6DU1\popup[1].swf

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\O5IFK5I7\b_features[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\PGTHRHHV\b_v_bg[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\C9EJSDQ7\logo_top[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\BA87ZX8P\bul2[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\4HODERCL\stats[1].jpg

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\SHA7G1E7\bg1[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\8XUNGLEN\style[2].css

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\G9YR8527\spacer[1].gif

C:\Documents and Settings\Jørn\Local Settings\Temporary Internet Files\Content.IE5\KPENOXIN\CAWTIJKH.htm

C:\Documents and Settings\Kristin\Local Settings\Temporary Internet Files\Content.IE5\266JU5HE\bg[2].gif

C:\Documents and Settings\Kristin\Local Settings\Temporary Internet Files\Content.IE5\OC5E9H3I\puresafetyhere[1].htm

 

 

Hijack

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 16:51:22, on 21.02.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Norman\Npm\bin\ELOGSVC.EXE

C:\Norman\Npm\Bin\Zanda.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Bluetooth\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Norman\Npm\bin\NJEEVES.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Power Manager\PM.exe

C:\Program Files\Hotkey Management\FuncKey.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Norman\Npm\bin\ZLH.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Program Files\TomTom HOME\TomTomHOME.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Bluetooth\Bluetooth-programvare\BTTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Norman\npm\bin\niu.exe

C:\Documents and Settings\Jørn\Desktop\HiJackThis_v2.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.getlive.no/live

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie_ctx.htm

O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?a909b3e9d16b4752a9947d3c2671a487

O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Program Files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?a909b3e9d16b4752a9947d3c2671a487

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth-programvare\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.eurofoto.no/uploader/ImageUploader4.cab

O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.eurofoto.no/activex/ImageUploader3.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - (no file)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Bluetooth\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 11195 bytes

 

 

 

Ser dette bra ut???

[snippsat]

Loggen ser fin ut

 

Grunn til at jeg foreslo SmitfraudFix var C:\PROGRAM FILES\NETPROJECT\

SAS tok med seg det meste,så da er det greit.

 

Du kan fixe denn linjen.

 

Start HijackThis finn denne linjen merk den,så trykk fixed checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

[uiop]

Takk for hjelpen. Alt ser ut til å virke som det skal nå