View Full Version : cant remove altnet!
Bucepahlus
2008-05-05, 17:06
here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:33, on 05.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\DLink\Bluetooth-programvare\bin\btwdins.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programfiler\Opera75\Opera.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {e03cb169-0328-456c-be43-2888e18da953} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171581406062
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/orbital/install.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{138A474E-ECE7-4B26-86B3-E91ABFF8C499}: NameServer = 62.97.193.3,62.97.193.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{138A474E-ECE7-4B26-86B3-E91ABFF8C499}: NameServer = 62.97.193.3,62.97.193.54
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\DLink\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 8457 bytes
Bucepahlus
2008-05-05, 17:10
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 05, 2008 1:32:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/05/2008
Kaspersky Anti-Virus database records: 740440
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 130158
Number of viruses found: 13
Number of infected objects: 46
Number of suspicious objects: 88
Duration of the scan process: 02:11:13
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\admin\ntuser.dat Object is locked skipped
C:\Documents and Settings\admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator.MUSHROOM\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator.MUSHROOM\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\2008-05-05-BLK.EXT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\2008-05-05-PSC.EXT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\2008-05-05.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\CRC.EXT.LOG Object is locked skipped
C:\Documents and Settings\All Users\ntuser.dat Object is locked skipped
C:\Documents and Settings\All Users\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys\66f4fa63b1c37067cc4069b82053ec8a_fd6000e6-93ba-4821-995e-7f9efe6aeddd Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys\8d65b1f830a114ab330887cff9f40022_fd6000e6-93ba-4821-995e-7f9efe6aeddd Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys\9691c6df0dea40bc9fa93b7952404cff_fd6000e6-93ba-4821-995e-7f9efe6aeddd Object is locked skipped
C:\Documents and Settings\Christer\Lokale innstillinger\Temp\trickler_4010.ex_/ Infected: not-a-virus:AdWare.Win32.Gator.4010 skipped
C:\Documents and Settings\Christer\Lokale innstillinger\Temp\trickler_4010.ex_ MSExpand: infected - 1 skipped
C:\Documents and Settings\Christer\ntuser.dat Object is locked skipped
C:\Documents and Settings\Christer\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Gjest\ntuser.dat Object is locked skipped
C:\Documents and Settings\Gjest\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Øystein\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Apr 2004 22:27 from dcuhtzsh@yahoo.net:Re: Your picture/your_picture.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Apr 2004 20:19 from Microsoft Net Email Storage Service:Failu.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Apr 2004 20:26 from postbot@america.net:mail user unknown.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 May 2004 04:30 from recipient@mailserver.net:Re: Excel file/document_excel.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 May 2004 05:11 from Email Service:Bug Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 May 2004 06:03 from rosineivictor@bol.com.br:Re: Your details/your_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/06 May 2004 16:44 from MS Inet Storage Service:Failure Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/21 Apr 2004 19:52 from MS Network System:undeliverable mail: use.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/29 Apr 2004 23:10 from duct@yahoo.ca:Re: Your archive/your_archive.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 14:15 from inet delivery system:Undelivered Message:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 11:38:Mail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 11:29 from MS Security Center:Current Microsoft Crit.eml/[From "MS Security Center" <xgmtptnhvg@updates.ms.com>][Date Mon, 8 Dec 2003 12:29:50 +0100]/pack39.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 11:29 from MS Security Center:Current Microsoft Crit.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 06:40 from Microsoft Customer Services:Microsoft Sec/Q399383.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 23:17 from Net Email Service:Abort Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 23:08 from Microsoft Corporation Security Department/patch11.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 12:08 from Message System.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 05:17 from microsoft internet message storage system.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 05:17 from MS Corporation Security Assistance:Intern/patch2339.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/06 Dec 2003 16:37 from MS Corporation Customer Support/install.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/06 Dec 2003 01:29 from Microsoft Corporation Security Assistance/q452684.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/06 Dec 2003 01:26 from Internet Email System:undelivered message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 20:50 from Microsoft Net Storage System:Bug Advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 17:29 from MS Inet Message Storage Service:Undeliver.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 17:05 from Microsoft Customer Support:New Security P/PACK446.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 14:43 from MS Corporation Network Security Departmen/Pack7578.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 14:38 from Administrator:Mail Returned To Mailer.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 09:54 from Microsoft Corporation Program Security De/Patch83.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Dec 2003 16:31 from MS Message Storage Service:Returned Mail .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Dec 2003 16:20:Last Critical Pack/update5527.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Dec 2003 15:23 from Administrator:Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Dec 2003 15:20 from ncwhlci_kcybdd@bulletin.com/Installation.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/09 Dec 2003 11:21 from Storage System:advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/09 Dec 2003 10:43 from postmaster:Abort Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 21:29 from Mail Storage Service:Advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/12 Dec 2003 02:12 from Inet Delivery System:Failure Message.eml/[From "Inet Delivery System" <mailerservice@microsoft.com>][Date Fri, 12 Dec 2003 09:37:09 +0800]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/12 Dec 2003 02:12 from Inet Delivery System:Failure Message.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Dec 2003 10:52 from Postmaster:Undelivered Message: User unkn.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Dec 2003 00:31 from Net Email Storage Service:returned messag.eml/[From "Net Email Storage Service" <smtpengine@aol.com>][Date Wed, 10 Dec 2003 08:19:39 +0800]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Dec 2003 00:31 from Net Email Storage Service:returned messag.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/09 Dec 2003 20:08 from internet mail service:Returned Mail: Retu.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Dec 2003 12:42 from postmaster:abort advice.eml/[From "postmaster" <masterservice@aol.com>][Date 14 Dec 2003 13:42:06 +0100]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Dec 2003 12:42 from postmaster:abort advice.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Dec 2003 09:08 from network email system.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/15 Dec 2003 12:18 from Internet System:returned mail: returned t.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/01 Jan 2004 16:43 from delivery service:error letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/01 Jan 2004 06:07 from Admin:Returned Message: Returned To Maile.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/01 Jan 2004 02:14 from smtpprogram@freemail.com:Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/31 Dec 2003 17:43 from Net Email Storage Service:Failure Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/28 Dec 2003 18:39 from Net System:Bug Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Dec 2003 21:13 from Internet Mail Storage Service.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Dec 2003 07:08 from MS Network Email Delivery Service.eml/[From "MS Network Email Delivery Service" <webform@bigfoot.net>][Date Sat, 27 Dec 2003 16:07:04 +0900]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Dec 2003 07:08 from MS Network Email Delivery Service.eml/[From "MS Network Email Delivery Service" <webform@bigfoot.net>][Date Sat, 27 Dec 2003 16:07:04 +0900]/beul.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Dec 2003 07:08 from MS Network Email Delivery Service.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/26 Dec 2003 16:25 from Network Delivery System:bug notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/26 Dec 2003 13:48 from ms net email delivery system:Undelivered .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Dec 2003 08:47 from ms inet system:Bug Report.eml/[From "ms inet system" <postdaemon@aol.com>][Date Thu, 25 Dec 2003 09:47:04 +0100]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Dec 2003 08:47 from ms inet system:Bug Report.eml/[From "ms inet system" <postdaemon@aol.com>][Date Thu, 25 Dec 2003 09:47:04 +0100]/diqlfskn.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Dec 2003 08:47 from ms inet system:Bug Report.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Dec 2003 05:50 from Network Message Service:Error Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/24 Dec 2003 12:28 from Net Email Service:Error Advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/23 Dec 2003 15:09 from Inet Email System:Failure Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/22 Dec 2003 19:17 from pmailservice@netmail.com:Mail: User unkno.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/22 Dec 2003 18:57 from Message Service:Bug Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/21 Dec 2003 02:45 from Net Email Delivery Service:failure announ.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/20 Dec 2003 07:29 from ms net storage service:Failure Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/19 Dec 2003 10:29 from ms inet email delivery system:bug announc.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/19 Dec 2003 06:45 from Inet Mail Delivery System:notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/19 Dec 2003 00:21 from internet mail delivery service:Error Anno.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Dec 2003 15:03 from internet storage system:mail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Dec 2003 14:35 from Microsoft Inet Message System:Bug Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Dec 2003 18:54 from Internet Email Delivery System:Failure Le.eml/[From "Internet Email Delivery System" <mailengine@aol.com>][Date Wed, 17 Dec 2003 18:50:37 +0000]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Dec 2003 18:54 from Internet Email Delivery System:Failure Le.eml/[From "Internet Email Delivery System" <mailengine@aol.com>][Date Wed, 17 Dec 2003 18:50:37 +0000]/fqbcbd.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Dec 2003 18:54 from Internet Email Delivery System:Failure Le.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Dec 2003 10:52 from MS Net Delivery Service:Bug Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/16 Dec 2003 14:54 from Microsoft Internet Mail Delivery Service:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/16 Dec 2003 08:10:abort announcement.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Jan 2004 06:42 from Network Message System:Undeliverable Mess.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Jan 2004 02:22 from network service:Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/03 Jan 2004 20:30 from Message Storage System.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/03 Jan 2004 18:23 from Microsoft Inet Message Delivery System:An.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/19 Jan 2004 03:34 from Inet Service:Error Announcement.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Jan 2004 04:10 from admin:Returned Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Jan 2004 01:59 from inet system:Undelivered Mail Returned To .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/16 Jan 2004 21:21 from ms network storage service:Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/16 Jan 2004 17:06 from Microsoft Mail Service:mail: user unknown.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Jan 2004 16:06 from Microsoft Internet Email Delivery Service.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Jan 2004 10:21 from network system:Error Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Jan 2004 09:11 from Storage System:Bug Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Jan 2004 03:15 from Internet Email System:message returned to.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/12 Jan 2004 23:15 from Email Storage System:error message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Jan 2004 16:45 from Microsoft Net Email Service:Error Letter.eml/[From "Microsoft Net Email Service" <bmailform@yahoo.net>][Date Sat, 10 Jan 2004 11:41:30 -0500 (EST)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Jan 2004 16:45 from Microsoft Net Email Service:Error Letter.eml/[From "Microsoft Net Email Service" <bmailform@yahoo.net>][Date Sat, 10 Jan 2004 11:41:30 -0500 (EST)]/bzhz.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Jan 2004 16:45 from Microsoft Net Email Service:Error Letter.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Jan 2004 18:35:Returned Mail Returned To Sender.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Jan 2004 09:02 from MS Net Service:Failure Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/31 Jan 2004 22:40 from ms net email service:Error Advice.eml/[From "ms net email service" <webengine@bigfoot.com>][Date Sat, 31 Jan 2004 23:37:32 +0100 (added by postmaster@libertysurf.fr)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/31 Jan 2004 22:40 from ms net email service:Error Advice.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/31 Jan 2004 06:33 from microsoft email storage system:error noti.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Jan 2004 08:38 from Internet Storage System:Returned Mail: Re.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/22 Jan 2004 09:03 from Postmaster.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/20 Jan 2004 14:43 from Internet Message Storage System:Abort Not.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Feb 2004 02:54 from internet delivery system:Undelivered Mess.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/03 Feb 2004 09:22 from inet message delivery system:Abort Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/22 Feb 2004 16:49 from System:returned mail: returned to mailer.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Feb 2004 17:55 from network mail delivery service:Returned Ma.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Mar 2004 18:48 from Internet Storage System:Failure Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Mar 2004 07:51 from Microsoft Internet Service:Message User u.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Mar 2004 20:34 from Network Mail Storage System:Error Message.eml/[From "Network Mail Storage System" <postrobot@puremail.com>][Date Thu, 04 Mar 2004 20:32:25 +0000]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Mar 2004 20:34 from Network Mail Storage System:Error Message.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Mar 2004 21:46 from tech@tin.it:Re: Excel file/document_excel.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Mar 2004 02:37 from Microsoft Network Mail Storage System:Ret.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/30 Mar 2004 20:15 from joest73@notsohotmail.com:Re: Document/your_document.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/12 May 2004 05:41 from stomper.brad@rickysmail.com:Re: My detail/my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Innboks/08 Oct 2003 14:39 from Network Message Delivery Service:Abort An.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst MailMSMaill: infected - 27, suspicious - 88 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temp\mirc63.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temp\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temp\mirc63.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Mine dokumenter\SecretChamberSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\Øystein\ntuser.dat Object is locked skipped
C:\Documents and Settings\Øystein\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer_128.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer_32768.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer_64.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer_8192.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\mailbase.dat Object is locked skipped
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A446BCA6-9313-44AD-88E4-715EDFCBB468}\RP1332\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7AB41ABF-3C31-4601-B66B-8AA6AE592D90}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Altnet\adm4.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\WINDOWS\Temp\Altnet\admprog.dll Infected: not-a-virus:AdWare.Win32.Altnet.i skipped
C:\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\WINDOWS\Temp\Altnet\dmfiles.cab CAB: infected - 1 skipped
C:\WINDOWS\Temp\Altnet\mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\WINDOWS\Temp\Altnet\mysearch.cab CAB: infected - 1 skipped
C:\WINDOWS\Temp\Altnet\pmexe.cab/Points Manager.exe Infected: not-a-virus:AdWare.Win32.Altnet.h skipped
C:\WINDOWS\Temp\Altnet\pmexe.cab CAB: infected - 1 skipped
C:\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\WINDOWS\Temp\Altnet\pmfiles.cab CAB: infected - 1 skipped
C:\WINDOWS\Temp\Perflib_Perfdata_ea4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hi Bucepahlus
Delete these mails via Outlook:
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Apr 2004 22:27 from :Re: Your picture/your_picture.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Apr 2004 20:19 from Microsoft Net Email Storage Service:Failu.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Apr 2004 20:26 from :mail user unknown.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 May 2004 04:30 from :Re: Excel file/document_excel.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 May 2004 05:11 from Email Service:Bug Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 May 2004 06:03 from :Re: Your details/your_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/06 May 2004 16:44 from MS Inet Storage Service:Failure Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/21 Apr 2004 19:52 from MS Network System:undeliverable mail: use.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/29 Apr 2004 23:10 from :Re: Your archive/your_archive.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 14:15 from inet delivery system:Undelivered Message:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 11:38:Mail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 11:29 from MS Security Center:Current Microsoft Crit.eml/[From "MS Security Center" <xgmtptnhvg@updates.ms.com>][Date Mon, 8 Dec 2003 12:29:50 +0100]/pack39.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 11:29 from MS Security Center:Current Microsoft Crit.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 06:40 from Microsoft Customer Services:Microsoft Sec/Q399383.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 23:17 from Net Email Service:Abort Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 23:08 from Microsoft Corporation Security Department/patch11.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 12:08 from Message System.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 05:17 from microsoft internet message storage system.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Dec 2003 05:17 from MS Corporation Security Assistance:Intern/patch2339.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/06 Dec 2003 16:37 from MS Corporation Customer Support/install.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/06 Dec 2003 01:29 from Microsoft Corporation Security Assistance/q452684.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/06 Dec 2003 01:26 from Internet Email System:undelivered message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 20:50 from Microsoft Net Storage System:Bug Advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 17:29 from MS Inet Message Storage Service:Undeliver.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 17:05 from Microsoft Customer Support:New Security P/PACK446.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 14:43 from MS Corporation Network Security Departmen/Pack7578.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 14:38 from Administrator:Mail Returned To Mailer.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Dec 2003 09:54 from Microsoft Corporation Program Security De/Patch83.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Dec 2003 16:31 from MS Message Storage Service:Returned Mail .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Dec 2003 16:20:Last Critical Pack/update5527.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Dec 2003 15:23 from Administrator:Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Dec 2003 15:20 from Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/09 Dec 2003 11:21 from Storage System:advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/09 Dec 2003 10:43 from postmaster:Abort Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Dec 2003 21:29 from Mail Storage Service:Advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/12 Dec 2003 02:12 from Inet Delivery System:Failure Message.eml/[From "Inet Delivery System" <mailerservice@microsoft.com>][Date Fri, 12 Dec 2003 09:37:09 +0800]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/12 Dec 2003 02:12 from Inet Delivery System:Failure Message.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Dec 2003 10:52 from Postmaster:Undelivered Message: User unkn.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Dec 2003 00:31 from Net Email Storage Service:returned messag.eml/[From "Net Email Storage Service" <smtpengine@aol.com>][Date Wed, 10 Dec 2003 08:19:39 +0800]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Dec 2003 00:31 from Net Email Storage Service:returned messag.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/09 Dec 2003 20:08 from internet mail service:Returned Mail: Retu.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Dec 2003 12:42 from postmaster:abort advice.eml/[From "postmaster" <masterservice@aol.com>][Date 14 Dec 2003 13:42:06 +0100]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Dec 2003 12:42 from postmaster:abort advice.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/14 Dec 2003 09:08 from network email system.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/15 Dec 2003 12:18 from Internet System:returned mail: returned t.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/01 Jan 2004 16:43 from delivery service:error letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/01 Jan 2004 06:07 from Admin:Returned Message: Returned To Maile.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/01 Jan 2004 02:14 from Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/31 Dec 2003 17:43 from Net Email Storage Service:Failure Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/28 Dec 2003 18:39 from Net System:Bug Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Dec 2003 21:13 from Internet Mail Storage Service.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Dec 2003 07:08 from MS Network Email Delivery Service.eml/[From "MS Network Email Delivery Service" <webform@bigfoot.net>][Date Sat, 27 Dec 2003 16:07:04 +0900]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Dec 2003 07:08 from MS Network Email Delivery Service.eml/[From "MS Network Email Delivery Service" <webform@bigfoot.net>][Date Sat, 27 Dec 2003 16:07:04 +0900]/beul.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Dec 2003 07:08 from MS Network Email Delivery Service.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/26 Dec 2003 16:25 from Network Delivery System:bug notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/26 Dec 2003 13:48 from ms net email delivery system:Undelivered .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Dec 2003 08:47 from ms inet system:Bug Report.eml/[From "ms inet system" <postdaemon@aol.com>][Date Thu, 25 Dec 2003 09:47:04 +0100]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Dec 2003 08:47 from ms inet system:Bug Report.eml/[From "ms inet system" <postdaemon@aol.com>][Date Thu, 25 Dec 2003 09:47:04 +0100]/diqlfskn.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Dec 2003 08:47 from ms inet system:Bug Report.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Dec 2003 05:50 from Network Message Service:Error Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/24 Dec 2003 12:28 from Net Email Service:Error Advice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/23 Dec 2003 15:09 from Inet Email System:Failure Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/22 Dec 2003 19:17 from :Mail: User unkno.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/22 Dec 2003 18:57 from Message Service:Bug Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/21 Dec 2003 02:45 from Net Email Delivery Service:failure announ.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/20 Dec 2003 07:29 from ms net storage service:Failure Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/19 Dec 2003 10:29 from ms inet email delivery system:bug announc.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/19 Dec 2003 06:45 from Inet Mail Delivery System:notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/19 Dec 2003 00:21 from internet mail delivery service:Error Anno.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Dec 2003 15:03 from internet storage system:mail.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Dec 2003 14:35 from Microsoft Inet Message System:Bug Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Dec 2003 18:54 from Internet Email Delivery System:Failure Le.eml/[From "Internet Email Delivery System" <mailengine@aol.com>][Date Wed, 17 Dec 2003 18:50:37 +0000]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Dec 2003 18:54 from Internet Email Delivery System:Failure Le.eml/[From "Internet Email Delivery System" <mailengine@aol.com>][Date Wed, 17 Dec 2003 18:50:37 +0000]/fqbcbd.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Dec 2003 18:54 from Internet Email Delivery System:Failure Le.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Dec 2003 10:52 from MS Net Delivery Service:Bug Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/16 Dec 2003 14:54 from Microsoft Internet Mail Delivery Service:.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/16 Dec 2003 08:10:abort announcement.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Jan 2004 06:42 from Network Message System:Undeliverable Mess.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/05 Jan 2004 02:22 from network service:Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/03 Jan 2004 20:30 from Message Storage System.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/03 Jan 2004 18:23 from Microsoft Inet Message Delivery System:An.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/19 Jan 2004 03:34 from Inet Service:Error Announcement.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Jan 2004 04:10 from admin:Returned Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Jan 2004 01:59 from inet system:Undelivered Mail Returned To .rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/16 Jan 2004 21:21 from ms network storage service:Message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/16 Jan 2004 17:06 from Microsoft Mail Service:mail: user unknown.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Jan 2004 16:06 from Microsoft Internet Email Delivery Service.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Jan 2004 10:21 from network system:Error Report.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Jan 2004 09:11 from Storage System:Bug Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/13 Jan 2004 03:15 from Internet Email System:message returned to.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/12 Jan 2004 23:15 from Email Storage System:error message.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Jan 2004 16:45 from Microsoft Net Email Service:Error Letter.eml/[From "Microsoft Net Email Service" <bmailform@yahoo.net>][Date Sat, 10 Jan 2004 11:41:30 -0500 (EST)]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Jan 2004 16:45 from Microsoft Net Email Service:Error Letter.eml/[From "Microsoft Net Email Service" <bmailform@yahoo.net>][Date Sat, 10 Jan 2004 11:41:30 -0500 (EST)]/bzhz.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/10 Jan 2004 16:45 from Microsoft Net Email Service:Error Letter.eml Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Jan 2004 18:35:Returned Mail Returned To Sender.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/08 Jan 2004 09:02 from MS Net Service:Failure Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/31 Jan 2004 22:40 from ms net email service:Error Advice.eml/[From "ms net email service" <webengine@bigfoot.com>][Date Sat, 31 Jan 2004 23:37:32 +0100 (added by )]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/31 Jan 2004 22:40 from ms net email service:Error Advice.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/31 Jan 2004 06:33 from microsoft email storage system:error noti.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/27 Jan 2004 08:38 from Internet Storage System:Returned Mail: Re.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/22 Jan 2004 09:03 from Postmaster.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/20 Jan 2004 14:43 from Internet Message Storage System:Abort Not.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/07 Feb 2004 02:54 from internet delivery system:Undelivered Mess.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/03 Feb 2004 09:22 from inet message delivery system:Abort Notice.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/22 Feb 2004 16:49 from System:returned mail: returned to mailer.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/17 Feb 2004 17:55 from network mail delivery service:Returned Ma.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Mar 2004 18:48 from Internet Storage System:Failure Letter.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Mar 2004 07:51 from Microsoft Internet Service:Message User u.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Mar 2004 20:34 from Network Mail Storage System:Error Message.eml/[From "Network Mail Storage System" <postrobot@puremail.com>][Date Thu, 04 Mar 2004 20:32:25 +0000]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/04 Mar 2004 20:34 from Network Mail Storage System:Error Message.eml Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/18 Mar 2004 21:46 from :Re: Excel file/document_excel.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/25 Mar 2004 02:37 from Microsoft Network Mail Storage System:Ret.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/30 Mar 2004 20:15 from :Re: Document/your_document.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Slettede elementer/12 May 2004 05:41 from :Re: My detail/my_details.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst/Personlige mapper/Innboks/08 Oct 2003 14:39 from Network Message Delivery Service:Abort An.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Outlook\Outlook.pst MailMSMaill: infected - 27, suspicious - 88 skipped
Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\Documents and Settings\Christer\Lokale innstillinger\Temp\trickler_4010.ex_
C:\WINDOWS\Temp\Altnet
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post back:
- a fresh HijackThis log
- otmoveit2 report
Bucepahlus
2008-05-07, 00:48
thanks for all help!!...
------------------
here is movit result:
C:\Documents and Settings\Christer\Lokale innstillinger\Temp\trickler_4010.ex_ moved successfully.
C:\WINDOWS\Temp\Altnet moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05062008_233627
---------------
and here is HJT report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39:24, on 06.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\DLink\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Programfiler\Opera75\Opera.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
C:\Programfiler\Windows Live\Messenger\usnsvc.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Programfiler\Opera75\Opera.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {e03cb169-0328-456c-be43-2888e18da953} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-21-117609710-2139871995-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Christer')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171581406062
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/orbital/install.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{138A474E-ECE7-4B26-86B3-E91ABFF8C499}: NameServer = 62.97.193.3,62.97.193.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{138A474E-ECE7-4B26-86B3-E91ABFF8C499}: NameServer = 62.97.193.3,62.97.193.54
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\DLink\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 8961 bytes
Hi
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {e03cb169-0328-456c-be43-2888e18da953} - (no file)
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/p...al/install.cab
Close all windows including browser and press fix checked.
Reboot.
Re-scan with kaspersky.
Post:
- a fresh HijackThis log
- kaspersky report
Bucepahlus
2008-05-07, 23:09
hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:02, on 07.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\DLink\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programfiler\Opera75\Opera.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171581406062
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{138A474E-ECE7-4B26-86B3-E91ABFF8C499}: NameServer = 62.97.193.3,62.97.193.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{138A474E-ECE7-4B26-86B3-E91ABFF8C499}: NameServer = 62.97.193.3,62.97.193.54
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\DLink\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 8031 bytes
Bucepahlus
2008-05-07, 23:10
kapersky log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 07, 2008 10:05:33 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/05/2008
Kaspersky Anti-Virus database records: 744627
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 130851
Number of viruses found: 10
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 02:09:14
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\2008-05-07-BLK.EXT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\2008-05-07-PSC.EXT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\2008-05-07.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\CRC.EXT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys\66f4fa63b1c37067cc4069b82053ec8a_fd6000e6-93ba-4821-995e-7f9efe6aeddd Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys\8d65b1f830a114ab330887cff9f40022_fd6000e6-93ba-4821-995e-7f9efe6aeddd Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys\9691c6df0dea40bc9fa93b7952404cff_fd6000e6-93ba-4821-995e-7f9efe6aeddd Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Øystein\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Logg\History.IE5\MSHist012008050720080508\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temp\mirc63.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temp\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temp\mirc63.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Mine dokumenter\SecretChamberSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\Øystein\ntuser.dat Object is locked skipped
C:\Documents and Settings\Øystein\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer_128.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer_32768.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer_64.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\indexer\indexer_8192.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Opera\Opera75\Mail\mailbase.dat Object is locked skipped
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A446BCA6-9313-44AD-88E4-715EDFCBB468}\RP1334\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{50FF680E-135F-4E1C-AE46-E9C3D571794D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\Documents and Settings\Christer\Lokale innstillinger\Temp\trickler_4010.ex_/ Infected: not-a-virus:AdWare.Win32.Gator.4010 skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\Documents and Settings\Christer\Lokale innstillinger\Temp\trickler_4010.ex_ MSExpand: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\adm4.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\admprog.dll Infected: not-a-virus:AdWare.Win32.Altnet.i skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\dmfiles.cab/AltnetUninstall.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\dmfiles.cab CAB: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\mysearch.cab CAB: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\pmexe.cab/Points Manager.exe Infected: not-a-virus:AdWare.Win32.Altnet.h skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\pmexe.cab CAB: infected - 1 skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\_OTMoveIt\MovedFiles\05062008_233627\WINDOWS\Temp\Altnet\pmfiles.cab CAB: infected - 1 skipped
Scan process completed.
Hi
Empty this folder:
C:\_OTMoveIt\MovedFiles
Empty Recycle Bin.
Still problems?
Bucepahlus
2008-05-09, 21:41
Thank you very much for trying to solve the problems of malware in my computer....
I dont know if this is related to any problems with virus or malware, but the icons of jpeg images on the desktop is swapping around...
and still got altnet in the registry:
kapersky:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 09, 2008 8:30:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/05/2008
Kaspersky Anti-Virus database records: 749055
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 122889
Number of viruses found: 5
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 02:57:48
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\2008-05-09-BLK.EXT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\2008-05-09-PSC.EXT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\2008-05-09.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\NPF\LOGS\CRC.EXT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys\66f4fa63b1c37067cc4069b82053ec8a_fd6000e6-93ba-4821-995e-7f9efe6aeddd Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys\8d65b1f830a114ab330887cff9f40022_fd6000e6-93ba-4821-995e-7f9efe6aeddd Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Crypto\RSA\MachineKeys\9691c6df0dea40bc9fa93b7952404cff_fd6000e6-93ba-4821-995e-7f9efe6aeddd Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Øystein\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Logg\History.IE5\MSHist012008050920080510\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temp\mirc63.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temp\mirc63.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temp\mirc63.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Øystein\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Øystein\Mine dokumenter\SecretChamberSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\Øystein\ntuser.dat Object is locked skipped
C:\Documents and Settings\Øystein\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\cert8.db Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\history.dat Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\key3.db Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\parent.lock Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Øystein\Programdata\Mozilla\Firefox\Profiles\tc58fqn1.default\urlclassifier2.sqlite Object is locked skipped
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A446BCA6-9313-44AD-88E4-715EDFCBB468}\RP1334\A0284411.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{A446BCA6-9313-44AD-88E4-715EDFCBB468}\RP1334\A0284412.dll Infected: not-a-virus:AdWare.Win32.Altnet.i skipped
C:\System Volume Information\_restore{A446BCA6-9313-44AD-88E4-715EDFCBB468}\RP1337\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E739BBB6-3FFD-4518-A3F7-04D8D95B6A12}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
---------------------------------------------------------------------
---------------------------------------------------------------------
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:42, on 09.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programfiler\DLink\Bluetooth-programvare\bin\btwdins.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programfiler\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\DLink\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171581406062
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{138A474E-ECE7-4B26-86B3-E91ABFF8C499}: NameServer = 62.97.193.3,62.97.193.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{138A474E-ECE7-4B26-86B3-E91ABFF8C499}: NameServer = 62.97.193.3,62.97.193.54
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programfiler\DLink\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 7986 bytes
Hi
Which program finds altnet in registry?
Please post its report next :)
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.