Spywarefri Forum

1 af 2

msn-orn

[ Ignorer ] effu
27.09.2006 22:13:20 Antal indlæg: 7	Efter rensning med ewido og antispyware har jeg stadigvæk problmer med pupups og norman brokker sig over trojanske heste m.v har desværre ikke en ewido log, vedhæfter hijcacklog Logfile of HijackThis v1.99.1 Scan saved at 19:55:49, on 27-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programmer\ewido anti-spyware 4.0\guard.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\System32\svchost.exe C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\nvc\BIN\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programmer\Logitech\Video\LogiTray.exe C:\Programmer\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programmer\Logitech\Video\FxSvr2.exe C:\Norman\bin\niu.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Documents and Settings\Uffe\Skrivebord\Spywarefri.dk\alternativ.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHUPD04] “C:\Programmer\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe” O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] “C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google; Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate; English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\nvc\BIN\NVCSCHED.EXE O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
[ Ignorer ] [ # 1 ] Larry TeamSpywarefri
27.09.2006 23:38:42 Antal indlæg: 2293	Hej effu og velkommen til Spywarefri.dk Der er enkelte elementer tilbage endnu - ———————————————————————————————- Kør dette lille oprydnings program http://www.spywareinfo.dk/download/cleantempxp2k.bat (Sletter diverse TEMP filer) ———————————————————————————————- Download free Trial af SuperAntiSpyware Proff til Skrivebordet, HER Installer den, og lad den opdatere med nyeste opdateringer. Så vil den spørge om din mail adresse, det er op til dig selv om du vil udfylde det. Tryk så på Næste og Næste igen -Udfør. Dansk vejledning HER Du skal ikke lade den scanne endnu. ———————————————————————————————- Klik på Start->Kør skriv Services.msc og klik OK. Find Tjenesten [Windows APCI Verifier] stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret. ———————————————————————————————- Kør en scanning med Hijackthis, Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked. Det er disse, som skal fixes: O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe For at kunne se alle filer og mapper, så følg denne vejledning: Se alle filer og mapper Genstart i fejlsikret tilstand Søg og slet den markerede file hvis den stadig findes. Ellers fortsætter du bare vejledningen. Den kan være røget i fixet. dhcpserv.exe ———————————————————————————————- Stadig i Fejlsikret tilstand Start superantispyware ved at højreklikke på den gule og sorte bille ved uret Tryk på - Scan for, Adware,Malware - linjen Tryk på - Preference - Knappen. Fjern flueben ved -Start SuperAntiSpyware when Windows starts. Tryk på Fanebladet -Scanning control. Ved scanning options, skal der kun være flueben i de to nederste Fanebladet- Real Time Protections. Fjerner du fluben ved - Enable Real Time Protection Tryk så på Close Tryk på - Scan Your computer - Knappen. sæt flueben ved de drev der skal scannes. Det er vigtigt at drev hvor Windows (systemdrevet) ligger, har et flueben. Flyt så prikken ved- Perform quick Scan, ned til - Perform complete Scan. Tryk på Næste, så går den i gang med at scanne. Det kan godt tage lang tid hvis du har meget på computeren Når scanninngen er færdig popper der en boks op, tryk OK. Sæt flueben ved alt den har fundet- næste. Så vil den fixe/slette infektionerne. Lad den genstarte. ———————————————————————————————- Efter genstart - Klik på “Start” - Vælg “Søg”. Klik på linket “Skift indstillinger”. Klik på “Skift søgefunktioner for filer og mapper” Sæt prik i “Avanceret” og klik OK. Klik på “Alle filer og mapper” Klik på “Flere avancerede indstillinger” Sæt flueben i de tre øverste. Find: superantispyware scan log Kopier denne Log samt en frisk HiJackThis Log herind. ———————————————————————————————————— “har desværre ikke en ewido log” - hvad mener du her ?
[ Ignorer ] [ # 2 ] effu
28.09.2006 23:17:38 Antal indlæg: 7	Her er nye log’s Logfile of HijackThis v1.99.1 Scan saved at 20:55:21, on 28-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programmer\ewido anti-spyware 4.0\guard.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\System32\svchost.exe C:\NORMAN\nvc\BIN\nvcoas.exe C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\WINDOWS\Explorer.EXE C:\Norman\bin\NJEEVES.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Norman\Nvc\BIN\NIP.EXE C:\Programmer\Logitech\Video\LogiTray.exe C:\Programmer\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Norman\Nvc\bin\cclaw.exe C:\Programmer\Logitech\Video\FxSvr2.exe C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Norman\bin\niu.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Documents and Settings\Uffe\Skrivebord\Spywarefri.dk\alternativ.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHUPD04] “C:\Programmer\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe” O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] “C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google; Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate; English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\nvc\BIN\NVCSCHED.EXE O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe :) SUPERAntiSpyware Scan Log Generated 09/28/2006 at 07:05 PM Core Rules Database Version : 3094 Trace Rules Database Version: 1122 Memory threats detected : 0 Registry threats detected : 0 File threats detected : 1 Browser Hijacker.Deskbar C:\Documents and Settings\Uffe\Lokale indstillinger\Temporary Internet Files\Content.IE5\IY3F9KFV\deskbar_e[1].exe
[ Ignorer ] [ # 3 ] Andersenph TeamSpywarefri
28.09.2006 23:46:05 Redaktør Supporter Emeritus Antal indlæg: 4797	Hej effu Loggen ser fin ud nu, men den der Deskbar ting bryder jeg mig ikke om at SAS fandt. Vi bliver nødt til at scanne med et program mere: —Hent Combofix, og gem den på dit skrivebord: http://download.bleepingcomputer.com/sUBs/combofix.exe —Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind.
[ Ignorer ] [ # 4 ] effu
02.10.2006 19:13:00 Antal indlæg: 7	Her er logfil: Uffe - 06-10-02 17:00:11,91 Service Pack 2 ComboFix 06.09.28 - Running from: “C:\Documents and Settings\Uffe\Skrivebord” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\Uffe\Lokale indstillinger\Temporary Internet Files\Content.IE5\PUY9UX4N\MTE3NDI6ODoxNg[1].exe C:\Programmer\Deskbar C:\Programmer\F‘lles filer\{74182BA7-0705-1030-0414-03010803002d} ((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) Rootkit driver pe386 is present. A rootkit scan is required 2006-10-02 17:01————d————C:\Programmer\F‘lles filer 2006-09-28 16:24————d————C:\Programmer\SUPERAntiSpyware 2006-09-28 16:21————d————C:\Programmer\F‘lles filer\Wise Installation Wizard 2006-09-27 19:58————d————C:\Programmer\ewido anti-spyware 4.0 2006-09-25 22:02————d————C:\Programmer\MSN Messenger 2006-09-25 22:02————d————C:\Programmer\F‘lles filer\Microsoft Shared 2006-09-23 15:57————d————C:\Documents and Settings\Uffe\Application Data\SUPERAntiSpyware.com 2006-09-17 21:47————d————C:\Documents and Settings\Uffe\Application Data\Help 2006-08-21 14:27 16896—a———C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040—a———C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896————- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-16 18:20————d————C:\Programmer\Internet Explorer 2006-07-27 15:26 679424—a———C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:27 72704—a———C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\\WINDOWS\\system32\\ctfmon.exe” “updateMgr”=”\“C:\\Programmer\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\” AcRdB7_0_7 -reboot 1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Norman ZANDA”=“C:\\Norman\\bin\\ZLH.EXE /LOAD /SPLASH” “HPDJ Taskbar Utility”=“C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe” “HPHUPD04”=”\“C:\\Programmer\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\”“ “Share-to-Web Namespace Daemon”=“C:\\Programmer\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe” “NeroCheck”=“C:\\WINDOWS\\System32\\NeroCheck.exe” “SunJavaUpdateSched”=“C:\\Programmer\\Java\\jre1.5.0_06\\bin\\jusched.exe” “ViewMgr”=“C:\\Programmer\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe” “LVCOMSX”=“C:\\WINDOWS\\system32\\LVCOMSX.EXE” “LogitechVideoRepair”=“C:\\Programmer\\Logitech\\Video\\ISStart.exe” “LogitechVideoTray”=“C:\\Programmer\\Logitech\\Video\\LogiTray.exe” “Picasa Media Detector”=“C:\\Programmer\\Picasa2\\PicasaMediaDetector.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Min aktuelle startside” “Flags”=dword:00000002 “Position”=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 “CurrentState”=hex:04,00,00,40 “OriginalStateInfo”=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 “RestoredStateInfo”=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\\WINDOWS\\System32\\CTFMON.EXE” [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\\WINDOWS\\System32\\CTFMON.EXE” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”=”“ “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“ewido anti-spyware 4.0” “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=”“ [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”=”“ “legalnoticetext”=”“ “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “PostBootReminder”=”{7849596a-48ea-486e-8937-a2a3009f31a9}” “CDBurn”=”{fbeb8a05-beee-4442-804e-409d6c4515e9}” “WebCheck”=”{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” “SysTray”=”{35CEC8A3-2BE6-11D2-8773-92E220524153}” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\HP Usg Daily.job Completion time: 02-10-2006 17:02:01.82 ComboFix.txt
[ Ignorer ] [ # 5 ] Fromsej TeamSpywarefri
02.10.2006 19:51:59 Administrator Team Spywarefri Antal indlæg: 55091	Vi prøver lige lidt “bagvendt”. —Hent Avenger her: http://swandog46.geekstogo.com/avenger.zip —Pak Avenger-programmet ud og dobbeltklik på avenger.exe —Sæt en prik i “Input Script Manually” og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet med fed skrift ind: Files to delete: C:\WINDOWS\System32\lzx32.sys —Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen. —Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar. Vi skal også have en frisk Hijackthislog. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 6 ] effu
08.10.2006 17:24:34 Antal indlæg: 7	hej igen den omtalte sti findes tilsyneladende ikke avenger kan i alle tilfælde ikke finde den. I får lige en ny hi jack log Logfile of HijackThis v1.99.1 Scan saved at 15:12:22, on 08-10-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programmer\ewido anti-spyware 4.0\guard.exe C:\Norman\bin\ZANDA.EXE C:\WINDOWS\System32\svchost.exe C:\NORMAN\nvc\BIN\NVCSCHED.EXE C:\NORMAN\Nvc\BIN\nipsvc.exe C:\NORMAN\nvc\BIN\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\WINDOWS\Explorer.EXE C:\Norman\bin\ZLH.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programmer\Logitech\Video\LogiTray.exe C:\Programmer\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Norman\Nvc\bin\cclaw.exe C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programmer\Logitech\Video\FxSvr2.exe C:\Norman\bin\niu.exe C:\Programmer\ewido anti-spyware 4.0\ewido.exe C:\Documents and Settings\Uffe\Skrivebord\Spywarefri.dk\alternativ.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHUPD04] “C:\Programmer\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe” O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ViewMgr] C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] “C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google; Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate; English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28177.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\nvc\BIN\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\nvc\BIN\NVCSCHED.EXE O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
[ Ignorer ] [ # 7 ] Andersenph TeamSpywarefri
08.10.2006 20:33:30 Redaktør Supporter Emeritus Antal indlæg: 4797	Det er i orden. Så skal du gøre følgende: —Kør Hijackthis, Klik på “Open the Misc tools section”, “Open ADS spy…”, fjern alle flueben, og klik på den øverste “Scan”-knap. Når scanningen er færdig, så klik på “Save log”, gem loggen et sted hvor du kan finde den igen, og læg indholdet herind.
[ Ignorer ] [ # 8 ] effu
08.10.2006 20:56:32 Antal indlæg: 7	Det var en lang en Jeg har i mellemtiden slettet Norman Da den blev ved at finde filer i recycle og logs. C:\Documents and Settings\All Users\Dokumenter\Billeder\Billedeksempler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\All Users\Dokumenter\Musik\Musikeksempler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\100_FUJI\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\20.12.2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\5 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Afhentning 16.10 05 mm\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Afhentning 16.10.2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\afhentning 23.10.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Albertslund cup 5.6.06\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Andreas nonfirmation\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Bedste - maj juni 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Berlin Marathon 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Billeder af vores hus\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Dennis konfirmation\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\fødselsdag\sally\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\fødselsdag\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe - 7 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe - 8 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe 4 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe 6 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe 8 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpetræning 27.11.05\Hvalpetræning 27.11.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpetræning 27.11.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Jeppe og Pusser 24.12.05\Jeppe og Pusser 24.12.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Jeppe og Pusser 24.12.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Kaspers konfirmation\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Logitech-billeder\Billeder og videoklip\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Microsoft Clip Organizer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Mille afslutning 9. kl. juni 2005\Port GrimaudLa Pergola - 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Mille afslutning 9. kl. juni 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Per og Irene Bryllup 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Picasa Exports\5 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Port GrimaudLa Pergola - 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Porto Felice 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Rhodos juli 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\2 dage-5\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\fre\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Freja\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Holly\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Loula\Loula\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Loula\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Milka\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Setup.Exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Setup.Ini : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Setup.msi : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\sni\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Snickers\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Twix\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Yankie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sidste skoledag m.m 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sommeren 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Til bedste 20.12.2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Uffes 50 år -2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Val Gardena feb. 05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Wagrain - feb 2006\Pasfoto - 23 maj 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Wagrain - feb 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Zell am Ziller 2003-2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Hvalpe 6 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Musik\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Setup.Exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Setup.Ini : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Setup.msi : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Lokale indstillinger\Temporary Internet Files\Content.IE5\0ZXNYMNX\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Lokale indstillinger\Temporary Internet Files\Content.IE5\2NM3M167\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Skrivebord\GoogleEarth.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\.limewire\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Albertslund cup 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Andre\Holdfest-hyttetur 001.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Andre\liv 212.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Andre\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fastelavn\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Ferie 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\fest\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 002.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 027.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 029.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 033.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 042.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 048.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 050.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 052.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 058.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 076.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Holdfest - afslutning 2006\hos Simon-holdfest 139.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Holdfest - afslutning 2006\hos Simon-holdfest 141.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Holdfest - afslutning 2006\hos Simon-holdfest 146.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Holdfest - afslutning 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Hotte fyre;P\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Håndbold\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Logitech-billeder\Billeder og videoklip\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Meincke & Mig\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Mig som lille\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Mille og Nanna\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Mille på ski\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 017.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 029.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 040.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 117.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 133.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 134.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 137.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 163.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 164.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\rammebilleder\hos Simon-holdfest 141.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\rammebilleder\Partille cup 017.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\rammebilleder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\sidste skoledag\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Simons 18-års\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\hausaufgaben1[1][1][1].f16.8 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\HPIM0063.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\01 Musiknummer 1.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\BassHunters - Boten Anna.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Bubbi (svensk) techno mix.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Den kroniske uskyld(1).doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Den kroniske uskyld.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Dok1.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Dok2.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Forsøg 1 kerneenergi.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Groove Coverage - Moonlight Shadow.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0062.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0063.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0064.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0065.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0066.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0067.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0069.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0070.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0071.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0298.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0299.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0302.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0304.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0321.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0326.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\indbydelse.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Naturgeografi-rapport..doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\pigerne.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Thor og Luna.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\til mille.xls : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Akon\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Ashlee Simpson\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Avril Lavigne\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Black Eyed Peas\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Blink 182\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Bowling For Soup\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Disney\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Eminem\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Fall Out Boy\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Gavin Degraw\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Kelly Clarkson\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Michael Jackson\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\03 Lillian Lies.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Coldplay\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Death Cab For Cutie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Figurines - All night.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Figurines - Fiery Affair.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Figurines - I Remember.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Figurines - Race you.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\WMA 64K\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Guns N’ Roses\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Mew\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Oasis\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Rufus Wainwright\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\The Killers\The Killers - Mr Brightside.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\The Killers\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Von Bondies - C’Mon C’Mon.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\WMA 64K\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Pink\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Rihanna\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Savage Garden\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\The All American Rejects\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Usher\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\WMA 64K\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Tysk\maennersindschweine.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Årsprøvespørgsmål til 1f Ke 2006.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\Sharing Folders\mia_meincke@hotmail.com\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Skrivebord\TmNations.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Logitech-billeder\Billeder og videoklip\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Logitech-billeder\FriendS\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Logitech-billeder\MiT ALbuM ;0p\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Manga Tegning\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Picasa\Screensaver\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\10 De lyserøde elefanter.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\Bethany Joy Lenz - Don’t Walk Away.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\Digital Kamera billeder 007.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\DSCN1456.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\funny looking fella’.gif : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\Kat.2.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\movie001.avi : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\movie015.avi : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\bigfish[2].JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\Cad_and_human.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\demon!.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\Goat_smiley.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\hm.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\luly.png : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\OH_MG!.png : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\pink_panter.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\shit.png : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\snoopy.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\winnie_the_pooh[1].JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\My Music\From Internet\1514784 - Mar 15, 2005 19.19.37.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\My Music\From Internet\pv1 - Mar 08, 2005 18.46.01.wav : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Lokale indstillinger\Temporary Internet Files\Content.IE5\KHY34DU3\Install_Messenger[1].exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Skrivebord\driver web\dsbc310_winxp2k98se_driver_110.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Skrivebord\eye-toyguide.mht : Zone.Identifier (26 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Billeder\Cayas nye familie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Billeder\møbler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Cayas nye familie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Hvalpe 4 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\hvalpe 4 uger 1\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\møbler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Skrivebord\NGenFix.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Uffe\Skrivebord\renseprogrammer\alternativ.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Uffe\Skrivebord\renseprogrammer\combofix.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Uffe\Skrivebord\Spywarefri.dk\cleantempxp2k.bat : Zone.Identifier (26 bytes) C:\Documents and Settings\Uffe\Skrivebord\SUPERAntiSpyware.exe : Zone.Identifier (26 bytes) C:\drweb\drweb-cureit.exe : Zone.Identifier (26 bytes) C:\Programmer\LimeWire\.NetworkShare\LimeWireWin4.8.1.exe : Zone.Identifier (26 bytes) C:\RECYCLER\S-1-5-21-1004336348-573735546-839522115-1004\Dc12.exe : Zone.Identifier (26 bytes)
[ Ignorer ] [ # 9 ] Andersenph TeamSpywarefri
08.10.2006 22:07:18 Redaktør Supporter Emeritus Antal indlæg: 4797	Hmm Jeg skulle gerne finde noget din system32 mappe i den sidste scanning, men det er ikke tilfældet. Vi prøver lige at scanne lidt mere. Følg herefter denne instruksion, så jeg kan checke om der skulle være flere rootkits på computeren: (1) Gå ned på bunden af denne side, og download Rootkitrevealer http://www.sysinternals.com/Utilities/RootkitRevealer.html Pak filen ud til en mappe på skrivebordet. Tag netstikket ud af computeren, og luk alle åbne vinduer. Åbn rootkitrevealer-mappen, og dobbeltklik på rootkitrevealer.exe Klik på Options, og sørg for, at der er flueben ud for “Hide standard NTFS Metadata files”. Klik så på Scan, nederst til højre. Imens programmet scanner må du ikke bruge computeren til andre ting. Når scanningen er færdig, klik på File igen, vælg Save og gem logfilen. Kopier RootkitReveal.txt herind. (2) Hent Blacklight her https://europe.f-secure.com/blacklight/try.shtml Scroll ned på siden, og klik “iaccept”. På næste side kan du downloade Blacklight til skrivebordet. Dobbeltklik filen, og klik scan. Når den er færdig laver den en log på skrivebordet. Kopier loggen her ind. Du skal ikke lade Blacklight fjerne noget endnu. (3)Download Gmer-rootkit scanner, og pak den ud til skrivebordet: http://www.gmer.net/gmer.zip Kør programmet, klik på fanebladet “Rootkit”, og klik på “Scan”. Når scanningen er færdig, skal du klikke på “Copy”. Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.
[ Ignorer ] [ # 10 ] effu
09.10.2006 20:26:25 Antal indlæg: 7	så lykkedes det, jeg sender fra en anden computer da jeg ikke vil have den på nettet før vi er helt færdige:) Blacklight fandt ingenting HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 08-10-2006 20:39 4 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 08-10-2006 20:39 4 bytes Data mismatch between Windows API and raw hive data. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\iben-p@hotmail.com\DFSR\Staging\CS{087D020C-006A-6848-0094-5298B56CED55}\01\29-{087D020C-006A-6848-0094-5298B56CED55}- 19-08-2006 14:36 8 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\01\10-{9538425B-9382-215A-66EA-7FACEB6E6 10-08-2006 21:16 8 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\15\15-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:16 2.40 KB Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\15\15-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:16 288 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\16\16-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:17 732 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\16\16-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:17 88 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\17\17-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:21 732 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\17\17-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:21 80 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\18\18-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:28 4.67 KB Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\18\18-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:28 576 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\18\18-{C4D3395F-6CBC-4DA9-BD7F-F3821D2C0 10-08-2006 21:34 696 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\19\19-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:29 10.12 KB Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\19\19-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:29 1.19 KB Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\20\20-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:29 10.33 KB Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\20\20-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:29 1.18 KB Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\21\21-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:29 5.76 KB Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\21\21-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:29 688 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\21\21-{C4D3395F-6CBC-4DA9-BD7F-F3821D2C0 10-08-2006 21:38 808 bytes Hidden from Windows API. Rootkid log C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\22\22-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:30 6.50 KB Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\22\22-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:30 760 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\22\22-{C4D3395F-6CBC-4DA9-BD7F-F3821D2C0 10-08-2006 21:40 1016 bytes Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\23\23-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:30 6.64 KB Hidden from Windows API. C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\23\23-{0615B217-3348-4E40-B485-722A17672 10-08-2006 21:30 800 bytes Hidden from Windows API. Blacklight fandt ingenting Gmer log GMER 1.0.11.11390 - http://www.gmer.net Rootkit 2006-10-09 18:16:44 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.11—— SSDT \??\C:\Programmer\ewido anti-spyware 4.0\guard.sys ZwOpenProcess SSDT \??\C:\Programmer\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess ——Files - GMER 1.0.11—— ADS ... ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\iben-p@hotmail.com\DFSR\Staging\CS{087D020C-006A-6848-0094-5298B56CED55}\01\29-{087D020C-006A-6848-0094-5298B56CED55}-v1-{0615B217-3348-4E40-B485-722A17672D2E}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\01\10-{9538425B-9382-215A-66EA-7FACEB6E63F0}-v1-{0615B217-3348-4E40-B485-722A17672D2E}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\15\15-{0615B217-3348-4E40-B485-722A17672D2E}-v15-{0615B217-3348-4E40-B485-722A17672D2E}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\15\15-{0615B217-3348-4E40-B485-722A17672D2E}-v15-{0615B217-3348-4E40-B485-722A17672D2E}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\16\16-{0615B217-3348-4E40-B485-722A17672D2E}-v16-{0615B217-3348-4E40-B485-722A17672D2E}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\16\16-{0615B217-3348-4E40-B485-722A17672D2E}-v16-{0615B217-3348-4E40-B485-722A17672D2E}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\17\17-{0615B217-3348-4E40-B485-722A17672D2E}-v17-{0615B217-3348-4E40-B485-722A17672D2E}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\17\17-{0615B217-3348-4E40-B485-722A17672D2E}-v17-{0615B217-3348-4E40-B485-722A17672D2E}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\18\18-{0615B217-3348-4E40-B485-722A17672D2E}-v18-{0615B217-3348-4E40-B485-722A17672D2E}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\18\18-{0615B217-3348-4E40-B485-722A17672D2E}-v18-{0615B217-3348-4E40-B485-722A17672D2E}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\18\18-{C4D3395F-6CBC-4DA9-BD7F-F3821D2C0C94}-v18-{C4D3395F-6CBC-4DA9-BD7F-F3821D2C0C94}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\19\19-{0615B217-3348-4E40-B485-722A17672D2E}-v19-{0615B217-3348-4E40-B485-722A17672D2E}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\19\19-{0615B217-3348-4E40-B485-722A17672D2E}-v19-{0615B217-3348-4E40-B485-722A17672D2E}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\20\20-{0615B217-3348-4E40-B485-722A17672D2E}-v20-{0615B217-3348-4E40-B485-722A17672D2E}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\20\20-{0615B217-3348-4E40-B485-722A17672D2E}-v20-{0615B217-3348-4E40-B485-722A17672D2E}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\21\21-{0615B217-3348-4E40-B485-722A17672D2E}-v21-{0615B217-3348-4E40-B485-722A17672D2E}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\21\21-{0615B217-3348-4E40-B485-722A17672D2E}-v21-{0615B217-3348-4E40-B485-722A17672D2E}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\21\21-{C4D3395F-6CBC-4DA9-BD7F-F3821D2C0C94}-v21-{C4D3395F-6CBC-4DA9-BD7F-F3821D2C0C94}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\22\22-{0615B217-3348-4E40-B485-722A17672D2E}-v22-{0615B217-3348-4E40-B485-722A17672D2E}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\22\22-{0615B217-3348-4E40-B485-722A17672D2E}-v22-{0615B217-3348-4E40-B485-722A17672D2E}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\22\22-{C4D3395F-6CBC-4DA9-BD7F-F3821D2C0C94}-v22-{C4D3395F-6CBC-4DA9-BD7F-F3821D2C0C94}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\23\23-{0615B217-3348-4E40-B485-722A17672D2E}-v23-{0615B217-3348-4E40-B485-722A17672D2E}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\SharingMetadata\mia_meincke@hotmail.com\DFSR\Staging\CS{9538425B-9382-215A-66EA-7FACEB6E63F0}\23\23-{0615B217-3348-4E40-B485-722A17672D2E}-v23-{0615B217-3348-4E40-B485-722A17672D2E}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ——EOF - GMER 1.0.11—— håber det lykkedes
[ Ignorer ] [ # 11 ] effu
09.10.2006 20:47:18 Antal indlæg: 7	Hej igen jeg glemte lige at nævne at windows firewall er gået ned. besked Windows kan ikke vise indstillinger for windows forwall af ukendte årsager. er det noget vi kan fixe mens vi er igang??? effu
[ Ignorer ] [ # 12 ] Ejvindh
09.10.2006 22:03:04 Redaktør Team Spywarefri Antal indlæg: 6048	Problemerne med firewallen kan meget vel skyldes den infektion, som du har liggende på computeren. Du kan lige minde os om det, når loggene er ved at være rene. Jeg vil sige at det rootkit som Combofix fandt på din computer skjuler sig godt. Derfor kan vi ikke uden videre bruge vores standard-værktøjer, og jeg flytter dig derfor over i Rootkit-afdelingen. Der gælder nogle særlige forhold for supporten i denne kategori, som du kan læse om her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29320 Først skal jeg vide om du har haft Messenger kørende imens du kørte Rootkitrevealer? Dernæst skal jeg bede dig om at gøre følgende: —Kør Avenger igen. Sæt en prik i “Input Script Manually” og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind: ——————————————- drivers to unload: pe386 ——————————————- —Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen. —Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar. —Kør så Hijackthis igen, hvor du klikker på “Open the Misc tools section”, “Open ADS spy…”, fjern alle flueben, og klik på den øverste “Scan”-knap. Når scanningen er færdig, så klik på “Save log”, gem loggen et sted hvor du kan finde den igen, og læg indholdet herind. —Hent så Rootkit Unhooker herfra, og pak det ud til en selvstændig mappe på skrivebordet: http://rku.xell.ru/dl.php?fl=RkU3.0.80.290.exe Installér programmet. Kør så RKU. Klik på Setup-Run in Safe mode. Genstart herefter computeren til fejlsikret tilstand. Hvis du ikke ved, hvordan man genstarter til fejlsikret tilstand, så se på dette link: ]http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1] Kør RkUnhooker, klik på fanebladet “Report”, klik på knappen “Scan”. Lad programmet skanne færdig, klik på “File-Save Report”, og gem rapporten et sted, hvor du kan finde den igen. Læg indholdet af denne rapport herind.
[ Ignorer ] [ # 13 ] e-zone
10.10.2006 04:51:28 Antal indlæg: 41	effu syntes det blev lidt for spændende og har smidt comperen over til mig. messenger er afinstall og har været det fra start. Der ligger et icon på skrivebordet CA2RGZRO er det noget I kender ?? avenger kunne tilsyneladende ikke gøre noget ved sagen og rkunhoker kunne ikke finde noget. her er div. logs Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\tkwoulfq ***************** Script file located at: \??\C:\Documents and Settings\bjaabpfc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Registry key \Registry\Machine\System\CurrentControlSet\Services\pe386 not found! Unload of driver pe386 failed! Could not process line: pe386 Status: 0xc0000034 Completed script processing. ***************** Finished! Terminate. C:\Documents and Settings\All Users\Dokumenter\Billeder\Billedeksempler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\All Users\Dokumenter\Musik\Musikeksempler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\100_FUJI\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\20.12.2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\5 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Afhentning 16.10 05 mm\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Afhentning 16.10.2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\afhentning 23.10.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Albertslund cup 5.6.06\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Andreas nonfirmation\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Bedste - maj juni 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Berlin Marathon 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Billeder af vores hus\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Dennis konfirmation\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\fødselsdag\sally\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\fødselsdag\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe - 7 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe - 8 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe 4 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe 6 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpe 8 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpetræning 27.11.05\Hvalpetræning 27.11.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Hvalpetræning 27.11.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Jeppe og Pusser 24.12.05\Jeppe og Pusser 24.12.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Jeppe og Pusser 24.12.05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Kaspers konfirmation\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Logitech-billeder\Billeder og videoklip\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Microsoft Clip Organizer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Mille afslutning 9. kl. juni 2005\Port GrimaudLa Pergola - 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Mille afslutning 9. kl. juni 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Per og Irene Bryllup 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Picasa Exports\5 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Port GrimaudLa Pergola - 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Porto Felice 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Rhodos juli 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\2 dage-5\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\fre\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Freja\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Holly\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Loula\Loula\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Loula\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Milka\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Setup.Exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Setup.Ini : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Setup.msi : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\sni\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Snickers\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Twix\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sallys hvalpe\Yankie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sidste skoledag m.m 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Sommeren 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Til bedste 20.12.2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Uffes 50 år -2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Val Gardena feb. 05\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Wagrain - feb 2006\Pasfoto - 23 maj 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Wagrain - feb 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Billeder\Zell am Ziller 2003-2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Hvalpe 6 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Musik\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Setup.Exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Setup.Ini : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Dokumenter\Setup.msi : Zone.Identifier (26 bytes) C:\Documents and Settings\Mette.JENSEN\Lokale indstillinger\Temporary Internet Files\Content.IE5\0ZXNYMNX\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Lokale indstillinger\Temporary Internet Files\Content.IE5\2NM3M167\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mette.JENSEN\Skrivebord\GoogleEarth.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\.limewire\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Albertslund cup 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Andre\Holdfest-hyttetur 001.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Andre\liv 212.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Andre\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fastelavn\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Ferie 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\fest\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 002.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 027.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 029.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 033.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 042.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 048.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 050.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 052.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 058.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\hos Simon-holdfest 076.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Fest hos Simon\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Holdfest - afslutning 2006\hos Simon-holdfest 139.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Holdfest - afslutning 2006\hos Simon-holdfest 141.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Holdfest - afslutning 2006\hos Simon-holdfest 146.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Holdfest - afslutning 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Hotte fyre;P\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Håndbold\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Logitech-billeder\Billeder og videoklip\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Meincke & Mig\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Mig som lille\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Mille og Nanna\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Mille på ski\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 017.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 029.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 040.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 117.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 133.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 134.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 137.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 163.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Partille cup 164.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Partille 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\rammebilleder\hos Simon-holdfest 141.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\rammebilleder\Partille cup 017.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\rammebilleder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\sidste skoledag\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Simons 18-års\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\hausaufgaben1[1][1][1].f16.8 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\HPIM0063.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\01 Musiknummer 1.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\BassHunters - Boten Anna.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Bubbi (svensk) techno mix.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Den kroniske uskyld(1).doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Den kroniske uskyld.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Dok1.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Dok2.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Forsøg 1 kerneenergi.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Groove Coverage - Moonlight Shadow.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0062.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0063.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0064.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0065.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0066.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0067.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0069.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0070.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0071.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0298.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0299.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0302.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0304.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0321.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\HPIM0326.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\indbydelse.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Naturgeografi-rapport..doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\pigerne.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Thor og Luna.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Modtagne filer\til mille.xls : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Akon\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Ashlee Simpson\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Avril Lavigne\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Black Eyed Peas\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Blink 182\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Bowling For Soup\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Disney\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Eminem\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Fall Out Boy\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Gavin Degraw\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Kelly Clarkson\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Michael Jackson\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\03 Lillian Lies.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Coldplay\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Death Cab For Cutie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Figurines - All night.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Figurines - Fiery Affair.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Figurines - I Remember.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Figurines - Race you.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Figurines\WMA 64K\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Guns N’ Roses\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Mew\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Oasis\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Rufus Wainwright\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\The Killers\The Killers - Mr Brightside.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\The Killers\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\Von Bondies - C’Mon C’Mon.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Milles\WMA 64K\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Pink\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Rihanna\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Savage Garden\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\The All American Rejects\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\Usher\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Musik\WMA 64K\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Dokumenter\Tysk\maennersindschweine.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Dokumenter\Årsprøvespørgsmål til 1f Ke 2006.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Mille\Lokale indstillinger\Application Data\Microsoft\Messenger\princess_consuela3@hotmail.com\Sharing Folders\mia_meincke@hotmail.com\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Mille\Skrivebord\TmNations.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Logitech-billeder\Billeder og videoklip\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Logitech-billeder\FriendS\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Logitech-billeder\MiT ALbuM ;0p\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Manga Tegning\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Picasa\Screensaver\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\10 De lyserøde elefanter.wma : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\Bethany Joy Lenz - Don’t Walk Away.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\Digital Kamera billeder 007.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\DSCN1456.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\funny looking fella’.gif : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\Kat.2.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\movie001.avi : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\movie015.avi : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Modtagne filer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\bigfish[2].JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\Cad_and_human.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\demon!.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\Goat_smiley.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\hm.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\luly.png : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\OH_MG!.png : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\pink_panter.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\shit.png : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\snoopy.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Nanna\Dokumenter\Musik\Nann@`s Mappe\winnie_the_pooh[1].JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\My Music\From Internet\1514784 - Mar 15, 2005 19.19.37.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Dokumenter\My Music\From Internet\pv1 - Mar 08, 2005 18.46.01.wav : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Lokale indstillinger\Temporary Internet Files\Content.IE5\KHY34DU3\Install_Messenger[1].exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Skrivebord\driver web\dsbc310_winxp2k98se_driver_110.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\Nanna\Skrivebord\eye-toyguide.mht : Zone.Identifier (26 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Billeder\Cayas nye familie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Billeder\møbler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Cayas nye familie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Hvalpe 4 uger\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\hvalpe 4 uger 1\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\møbler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Uffe\Skrivebord\renseprogrammer\alternativ.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Uffe\Skrivebord\renseprogrammer\combofix.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Uffe\Skrivebord\renseprogrammer\SUPERAntiSpyware.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Uffe\Skrivebord\Spywarefri.dk\cleantempxp2k.bat : Zone.Identifier (26 bytes) C:\drweb\drweb-cureit.exe : Zone.Identifier (26 bytes) C:\Programmer\LimeWire\.NetworkShare\LimeWireWin4.8.1.exe : Zone.Identifier (26 bytes) C:\RECYCLER\S-1-5-21-1004336348-573735546-839522115-1004\Dc12.exe : Zone.Identifier (26 bytes) C:\RECYCLER\S-1-5-21-1004336348-573735546-839522115-1004\Dc13.exe : Zone.Identifier (26 bytes) RkUnhooker report generator v0.33 ============================================== Rootkit Unhooker kernel version: 3.00.80.290 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >SSDT State ============================================== >Processes ============================================== >Drivers ============================================== >Files ============================================== >Hooks [:X] keep it up e-zone
[ Ignorer ] [ # 14 ] Ejvindh
10.10.2006 22:31:21 Redaktør Team Spywarefri Antal indlæg: 6048	Hmmm. Imens jeg spekulerer videre, kunne jeg godt tænke mig at se en ny log fra Combofix.
[ Ignorer ] [ # 15 ] e-zone
11.10.2006 00:37:58 Antal indlæg: 41	hej igen Det ser ikke ud til combofix har fundet noget denne:) er der håb forude ??? jeg syntes lige jeg vil indskyde at efter hver scan med avenger og den skulle boote op lukkede den ned igen, derefter skulle der slukkes helt da harddisken frøs fast, dette skete kun efter avenger scan. her er loggen Uffe - 06-10-10 22:25:55,67 Service Pack 2 ComboFix 06.09.28 - Running from: “C:\Documents and Settings\Uffe\Skrivebord\renseprogrammer” ((((((((((((((((((((((((((((((( Files Created from 2006-09-10 to 2006-10-10 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-10 01:44————d————C:\Programmer\RkUnhooker 2006-10-08 18:15————d————C:\Programmer\MP3 Audio Converter 2006-10-02 17:01————d————C:\Programmer\F‘lles filer 2006-09-28 16:24————d————C:\Programmer\SUPERAntiSpyware 2006-09-28 16:21————d————C:\Programmer\F‘lles filer\Wise Installation Wizard 2006-09-27 19:58————d————C:\Programmer\ewido anti-spyware 4.0 2006-09-25 22:02————d————C:\Programmer\MSN Messenger 2006-09-25 22:02————d————C:\Programmer\F‘lles filer\Microsoft Shared 2006-09-23 15:57————d————C:\Documents and Settings\Uffe\Application Data\SUPERAntiSpyware.com 2006-09-17 21:47————d————C:\Documents and Settings\Uffe\Application Data\Help 2006-08-21 14:27 16896—a———C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040—a———C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896————- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-16 18:20————d————C:\Programmer\Internet Explorer 2006-07-27 15:26 679424—a———C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:27 72704—a———C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\\WINDOWS\\system32\\ctfmon.exe” “updateMgr”=”\“C:\\Programmer\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\” AcRdB7_0_7 -reboot 1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HPDJ Taskbar Utility”=“C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe” “HPHUPD04”=”\“C:\\Programmer\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\”“ “Share-to-Web Namespace Daemon”=“C:\\Programmer\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe” “NeroCheck”=“C:\\WINDOWS\\System32\\NeroCheck.exe” “SunJavaUpdateSched”=“C:\\Programmer\\Java\\jre1.5.0_06\\bin\\jusched.exe” “ViewMgr”=“C:\\Programmer\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe” “LVCOMSX”=“C:\\WINDOWS\\system32\\LVCOMSX.EXE” “LogitechVideoRepair”=“C:\\Programmer\\Logitech\\Video\\ISStart.exe” “LogitechVideoTray”=“C:\\Programmer\\Logitech\\Video\\LogiTray.exe” “Picasa Media Detector”=“C:\\Programmer\\Picasa2\\PicasaMediaDetector.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Min aktuelle startside” “Flags”=dword:00000002 “Position”=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 “CurrentState”=hex:04,00,00,40 “OriginalStateInfo”=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 “RestoredStateInfo”=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\\WINDOWS\\System32\\CTFMON.EXE” [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\\WINDOWS\\System32\\CTFMON.EXE” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”=”“ “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“ewido anti-spyware 4.0” “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=”“ [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”=”“ “legalnoticetext”=”“ “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “PostBootReminder”=”{7849596a-48ea-486e-8937-a2a3009f31a9}” “CDBurn”=”{fbeb8a05-beee-4442-804e-409d6c4515e9}” “WebCheck”=”{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” “SysTray”=”{35CEC8A3-2BE6-11D2-8773-92E220524153}” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\HP Usg Daily.job Completion time: 10-10-2006 22:27:31.76 ComboFix.txt ComboFix2.txt

1 af 2

Næste