Spywarefri Forum | Kan ikke køre exe filer. Regedit har virus ?

3 af 3

Kan ikke køre exe filer. Regedit har virus ?

[ Ignorer ] [ # 31 ] gibson
01.12.2006 23:17:35 Antal indlæg: 27	ad 1)Rootkit Revealer har jeg downloadet, pakket ud og dobbeltklikket på exe. Som ved alle øvrige klik på .exe ender jeg i en krypteret notesblok. ad 2) Kørt som administrator: GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2006-12-01 21:14:05 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.12—— SSDT 82E7EBF0 ZwConnectPort SSDT \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess ——Registry - GMER 1.0.12—— Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... Reg \Registry\USER\S-1-5-21-1214440339-1606980848-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\po\Erprag\uggc—sebagre.pbz-unxn-yvaxf-svyrf.cugzy-444r9q4o22nr5.269952413$-Nexvi-Near_ceprag_2P+Gubznf_ceprag_2P+F_ceprag_S8era+bt+Avxbynw+-+Qnavqn+v+Onatynqrfu+_ceprag_3O-_ceprag_29-Gubznf+-+Trareryg+bz+Onatynqrfu.qbp.yax 0xC9 0x01 0x00 0x00 ... Reg \Registry\USER\S-1-5-21-1214440339-1606980848-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\po\Erprag\uggc—sebagre.pbz-unxn-yvaxf-svyrf.cugzy-444r9q4o22nr5.269952413$-Nexvi-Near_ceprag_2P+Gubznf_ceprag_2P+F_ceprag_S8era+bt+Avxbynw+-+Qnavqn+v+Onatynqrfu+_ceprag_3O-_ceprag_29-Qnavqnf+cebwrxgre+v+Onatynqrfu.qbp.yax 0xC9 0x01 0x00 0x00 ... ——Files - GMER 1.0.12—— ADS C:\Documents and Settings\All Users\Application Data\Microsoft:liFJBOSvkLYONzX5YcfAG0w ADS C:\Documents and Settings\All Users\Application Data\Microsoft:Te2eyrEbR6VyzYPU2 ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\6VZlS8ahwaEuXO4:ansFHF5dL41SJHB7Uj23q6k ADS C:\Documents and Settings\Billeder\Kevin\juni 2006\tv2:SummaryInformation ADS C:\Documents and Settings\Billeder\Kevin\juni 2006\tv2:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ADS C:\Documents and Settings\cb\Lokale indstillinger\Temporary Internet Files\wkrATOhHfmOHx:4aO82t84n47iwmCs9vLLz ADS C:\Documents and Settings\cb\Skrivebord\Spywarefri\avgas-setup-7.5.0.47.exe:SummaryInformation ADS C:\Documents and Settings\cb\Skrivebord\Spywarefri\avgas-setup-7.5.0.47.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ADS C:\Documents and Settings\cb\Skrivebord\Spywarefri\ClnBBear[1]\ClnBBear.com:SummaryInformation ADS C:\Documents and Settings\cb\Skrivebord\Spywarefri\ClnBBear[1]\ClnBBear.com:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ADS C:\Documents and Settings\cb\Skrivebord\Spywarefri\Extensions.inf:SummaryInformation ADS ... ——EOF - GMER 1.0.12——
[ Ignorer ] [ # 32 ] gibson
01.12.2006 23:27:42 Antal indlæg: 27	ad 3) WinPfind2:kørt som administrator. Kan ikke køres som normal bruger. Logfile created on: 1-12-2006 21:25:33 WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\cb\Skrivebord\Spywarefri\WinPFind2\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) < Processes (Non-Microsoft Only) > c:\windows\asuskbservice.exe - (ASUSTeK COMPUTER INC. ) c:\programmer\grisoft\avg anti-spyware 7.5\avgas.exe - (Anti-Malware Development a.s. ) c:\programmer\fælles filer\symantec shared\ccevtmgr.exe - (Symantec Corporation ) c:\windows\system32\ctsvccda.exe - (Creative Technology Ltd ) c:\documents and settings\cb\skrivebord\gmer.exe - ( ) c:\programmer\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. ) c:\programmer\ca\sharedcomponents\ca_lic\logwatnt.exe - (Computer Associates ) c:\programmer\digidesign\drivers\mmerefresh.exe - (Digidesign, A Division of Avid Technology, Inc. ) c:\programmer\norton antivirus\navapsvc.exe - (Symantec Corporation ) c:\programmer\cyberlink\shared files\richvideo.exe - ( ) c:\programmer\fælles filer\symantec shared\security center\symwsc.exe - (Symantec Corporation ) c:\documents and settings\cb\skrivebord\spywarefri\winpfind2\winpfind2.exe - (OldTimer Tools ) c:\programmer\winrar\winrar.exe - ( ) < Registry Entries > [>> Internet Explorer Settings <<] HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid;={SUB_CLSID}&pver;={SUB_PVER}&ar=home HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm HKCU->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKCU->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM->Search\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation ) HKCU->Internet Settings\\ProxyEnable - 0 [>> BHO’s <<] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated ) {53707962-6F74-2D53-2644-206D7942484F} - Reg Data - Value does not exist = C:\Programmer\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited ) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll (Sun Microsystems, Inc. ) {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - ST = C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation ) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSNToolBandBHO = C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll (Microsoft Corporation ) {BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class = C:\Programmer\Norton AntiVirus\NavShExt.dll (Symantec Corporation ) {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\programmer\google\googletoolbar4.dll (Google Inc. ) [>> Internet Explorer Bars, Toolbars and Extensions <<] [HKLM-> Internet Explorer Bars] {4D5C8C25-D075-11d0-B416-00C04FB90376} - Dagens &tip; = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation ) [HKCU-> Internet Explorer Bars] {32683183-48a0-441b-a342-7c2a440a9478} - Reg Data - Key not found = Reg Data - Key not found (File not found) [HKLM-> Internet Explorer ToolBars] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google; = c:\programmer\google\googletoolbar4.dll (Google Inc. ) {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = C:\Programmer\Norton AntiVirus\NavShExt.dll (Symantec Corporation ) {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN = C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll (Microsoft Corporation ) [HKCU-> Internet Explorer ToolBars] ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse; = %SystemRoot%\system32\browseui.dll (Microsoft Corporation ) WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse; = %SystemRoot%\system32\browseui.dll (Microsoft Corporation ) WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Hyperlinks; = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation ) WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google; = c:\programmer\google\googletoolbar4.dll (Google Inc. ) WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = C:\Programmer\Norton AntiVirus\NavShExt.dll (Symantec Corporation ) WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} - Reg Data - Key not found = Reg Data - Key not found (File not found) [HKCU-> Internet Explorer CmdMapping] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8194 - Sun Java Console {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8195 - Reg Data - Value does not exist {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - 8196 - Reg Data - Value does not exist {FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 - Windows Messenger NextId - 8197 [HKLM-> Internet Explorer Extensions] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Programmer\Java\jre1.5.0_09\bin\npjpi150_09.dll (Sun Microsystems, Inc. ) {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\Programmer\AIM\aim.exe (America Online, Inc. ) {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - ButtonText: Ladbrokes Poker = C:\Programmer\ladbrokesMPP\MPPoker.exe (Microgaming ) {FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Programmer\Messenger\msmsgs.exe (Microsoft Corporation ) [>> Approved Shell Extensions (Non-Microsoft only) <<] [HKLM-> Approved Shell Extensions] {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data - Key not found (File not found) {0DF44EAA-FF21-4412-828E-260A8728E7F1} - Proceslinje og menuen Start = Reg Data - Key not found (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation ) {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation ) {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation ) {32683183-48a0-441b-a342-7c2a440a9478} - Media Band = Reg Data - Key not found (File not found) {328D8DA1-64BF-4138-8CD6-1FB6741CA645} - MuVo N200 Media Explorer = C:\Programmer\Creative\MuVo N200 Media Explorer\CTMvns.dll (Creative Technology Ltd ) {42071714-76d4-11d1-8b24-00a0c9068ff3} - Kontrolpanel-udvidelse til skærmpanorering = Reg Data - Key not found (File not found) {764BF0E1-F219-11ce-972D-00AA00A14F56} - Grænsefladeudvidelser til filkomprimering = Reg Data - Key not found (File not found) {7A9D77BD-5403-11d2-8785-2E0420524153} - Brugerkonti = Reg Data - Key not found (File not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Kontekstmenu til kryptering = Reg Data - Key not found (File not found) {88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal-ikon = C:\WINDOWS\system32\hticons.dll (File not found) {A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation ) {B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Programmer\WinRAR\rarext.dll ( ) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Programmer\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc. ) {DCED20BE-3645-11D4-BC95-00C04F0E0588} - InoShell = Reg Data - Key not found (File not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation ) [>> ContextMenuHandlers (Non-Microsoft only) <<] [HKLM-> ContextMenuHandlers] * - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. ) * - Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmer\Norton AntiVirus\NavShExt.dll (Symantec Corporation ) * - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmer\WinRAR\rarext.dll ( ) Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. ) Directory - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmer\WinRAR\rarext.dll ( ) Directory\Background - 00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation ) Directory\Background - NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation ) Folder - Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programmer\Norton AntiVirus\NavShExt.dll (Symantec Corporation ) Folder - WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmer\WinRAR\rarext.dll ( ) [>> ColumnHandlers (Non-Microsoft only) <<] [HKLM-> ColumnHandlers] Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Programmer\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. ) [>> File Associations Keys <<] HKLM->SOFTWARE\Classes\batfile\shell\open\command\\’’ - “%1” %* HKLM->SOFTWARE\Classes\.cmd\\’’ - cmdfile HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\’’ - “%1” %* HKLM->SOFTWARE\Classes\comfile\shell\open\command\\’’ - “%1” %* HKLM->SOFTWARE\Classes\.exe\\’’ - exefile HKLM->SOFTWARE\Classes\exefile\shell\open\command\\’’ - “%1” %* HKLM->SOFTWARE\Classes\.hta\\’’ - htafile HKLM->SOFTWARE\Classes\htafile\shell\open\command\\’’ - C:\WINDOWS\system32\mshta.exe “%1” %* HKLM->SOFTWARE\Classes\.js\\’’ - JSFile HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\’’ - %SystemRoot%\System32\WScript.exe “%1” %* HKLM->SOFTWARE\Classes\.jse\\’’ - JSEFile HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\’’ - %SystemRoot%\System32\WScript.exe “%1” %* HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\’’ - “%1” /s HKLM->SOFTWARE\Classes\.vbe\\’’ - VBEFile HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\’’ - %SystemRoot%\System32\WScript.exe “%1” %* HKLM->SOFTWARE\Classes\.vbs\\’’ - VBSFile HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\’’ - %SystemRoot%\System32\WScript.exe “%1” %* HKLM->SOFTWARE\Classes\.wsf\\’’ - WSFFile HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\’’ - %SystemRoot%\System32\WScript.exe “%1” %* HKLM->SOFTWARE\Classes\.wsh\\’’ - WSHFile HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\’’ - %SystemRoot%\System32\WScript.exe “%1” %* HKLM->SOFTWARE\Classes\.txt\\’’ - txtfile HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\’’ - %SystemRoot%\system32\NOTEPAD.EXE %1 [>> Registry Run Keys <<] HKLM->Run\\!AVG Anti-Spyware - “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized (Anti-Malware Development a.s. ) HKLM->Run\\Cmaudio - RunDll32 cmicnfg.cpl,CMICtrlWnd (File not found) HKLM->Run\\QuickTime Task - “C:\Programmer\QuickTime\qttask.exe” -atboottime (Apple Computer, Inc. ) HKLM->Run\\SunJavaUpdateSched - “C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe” (Sun Microsystems, Inc. ) HKLM->Run\OptionalComponents\IMAIL - Installed = 1 HKLM->Run\OptionalComponents\MAPI - Installed = 1 HKLM->Run\OptionalComponents\MSFS - Installed = 1 HKCU->Run\\CTFMON.EXE - C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation ) HKCU->Run\\NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (File not found) HKCU->Run\\swg - C:\Programmer\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (Google Inc. ) [>> Miscellaneous Startup Keys <<] [AppInit DLLs] AppInit_DLL - (File not found) [Image File Execution Options] Your Image File Name Here without a path - Debugger = ntsd -d [Shell Service Object Delay Load] CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation ) PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation ) SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation ) WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation ) [Shell Execute Hooks] {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. ) {AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation ) [Shared Task Scheduler] {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation ) {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation ) [SafeBoot Option] [HKLM Command Processor AutoRun] HKLM->Command Processor\\AutoRun - [HKCU Command Processor AutoRun] [Security Providers] SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll [BootExecute] Session Manager\\BootExecute - autocheck autochk *; [PendingFileRenameOperations] [FileRenameOperations] [ExcludeFromKnownDlls] Session Manager\\ExcludeFromKnownDlls - [>> Disabled MSConfig Items <<] [>> User Agent Post Platform <<] SV1 - [>> Winlogon <<] HMLM->AltDefaultDomainName - KONTOR HMLM->AltDefaultUserName - Torben HMLM->AutoAdminLogon - 0 HMLM->DefaultDomainName - KONTOR HMLM->DefaultUserName - Torben HKLM->Shell - Explorer.exe (Microsoft Corporation ) HKLM->System - (File not found) HMLM->UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation ) HKLM->VMApplet - rundll32 shell32,Control_RunDLL “sysdm.cpl” Notify\crypt32chain - crypt32.dll (Microsoft Corporation ) Notify\cryptnet - cryptnet.dll (Microsoft Corporation ) Notify\cscdll - cscdll.dll (Microsoft Corporation ) Notify\ScCertProp - wlnotify.dll (Microsoft Corporation ) Notify\Schedule - wlnotify.dll (Microsoft Corporation ) Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation ) Notify\SensLogn - WlNotify.dll (Microsoft Corporation ) Notify\termsrv - wlnotify.dll (Microsoft Corporation ) Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation ) Notify\wlballoon - wlnotify.dll (Microsoft Corporation ) [>> DNS Name Servers <<] {1EE4AFE9-EDD2-4C27-B77C-350E337FF7F9} - 195.184.96.2,195.184.96.3 (Realtek RTL8139 Family PCI Fast Ethernet NIC) {51BA9A19-9587-40D2-86E1-87B8DC05969C} - () {71481B07-AD34-4CBE-8AFD-7608711FA81E} - (1394-netværkskort) {B40D08CA-52FA-4513-98CE-9FF76316A170} - () [>> All Winsock2 Catalogs <<] NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation ) NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation ) NameSpace_Catalog5\Catalog_Entries\000000000003 (NLA-navneområde (Network Location Awareness)) - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation ) [>> Protocol Handlers (Non-Microsoft only) <<] ipp - (File not found) msdaipp - (File not found) [>> Protocol Filters (Non-Microsoft only) <<] < Services (Non-Microsoft Only) > ASUSKeyboardService (ASUSKeyboardService) - C:\WINDOWS\asuskbservice.exe (ASUSTeK COMPUTER INC. ) [Automatic - Running - Win32, running in it’s own process] AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it’s own process] Symantec Event Manager (ccEvtMgr) - “C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe” (Symantec Corporation ) [Automatic - Running - Win32, running in it’s own process] Creative Service for CDROM Access (Creative Service for CDROM Access) - C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Technology Ltd ) [Automatic - Running - Win32, running in it’s own process] Digidesign MME Refresh Service (DigiRefresh) - C:\Programmer\Digidesign\Drivers\MMERefresh.exe -s (Digidesign, A Division of Avid Technology, Inc. ) [Automatic - Running - Win32, running in a shared process] Event Log Watch (LogWatch) - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe (Computer Associates ) [Automatic - Running - Win32, running in it’s own process] Norton AntiVirus Auto Protect (navapsvc) - “C:\Programmer\Norton AntiVirus\navapsvc.exe” (Symantec Corporation ) [Automatic - Running - Win32, running in it’s own process] Cyberlink RichVideo Service(CRVS) (RichVideo) - “C:\Programmer\CyberLink\Shared Files\RichVideo.exe” ( ) [Automatic - Running - Win32, running in it’s own process] SymWMI Service (SymWSC) - “C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe” (Symantec Corporation ) [Automatic - Running - Win32, running in it’s own process] < Files > Auto-Start Folders HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Menuen Start\Programmer\Start C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated [Ver = 7.0.5.2005092300 \| Size = 29696 bytes \| Date = 23-09-2005 22:05:26 \| Attr = ]) C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini - ( [Ver = \| Size = 84 bytes \| Date = 26-11-2006 16:22:04 \| Attr = HS]) C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\InterVideo WinCinema Manager.lnk - C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe ( [Ver = 1.0 \| Size = 110592 bytes \| Date = 20-02-2003 00:44:38 \| Attr = ]) C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation [Ver = 9.0.3720 \| Size = 65588 bytes \| Date = 21-01-2000 08:15:54 \| Attr = ]) HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Menuen Start\Programmer\Start HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\desktop.ini - ( [Ver = \| Size = 84 bytes \| Date = 26-11-2006 16:22:02 \| Attr = HS]) HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Menuen Start\Programmer\Start Miscellaneous Auto-Start Files System.ini->[Boot]\\Shell - Explorer.exe Miscellaneous Folders AllUsers ApplicationData Folder C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = \| Size = 62 bytes \| Date = 26-11-2006 13:31:52 \| Attr = HS]) CurrentUser ApplicationData Folder C:\Documents and Settings\Administrator\Application Data\desktop.ini - ( [Ver = \| Size = 62 bytes \| Date = 26-11-2006 13:31:52 \| Attr = HS]) Program Files Folder C:\Programmer\GoogleEarth.exe - (InstallShield Software Corporation [Ver = 10.01.244 \| Size = 11635064 bytes \| Date = 4-09-2005 16:26:58 \| Attr = ]) Common Files Folder DPF files {01111C00-3E00-11D2-8470-0060089874ED} - Support.com ActionRunner Class - CodeBase = http://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab {01111E00-3E00-11D2-8470-0060089874ED} - Support.com SmartIssue - CodeBase = http://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab {029FDBA6-3547-11D7-AA4C-0050BF051A00} - Rawflow ICD Client - CodeBase = http://downol.dr.dk/download/netradio/Rawflow.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - Musicnotes Viewer - CodeBase = http://www.musicnotes.com/download/mnviewer.cab {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - Util Class - CodeBase = https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab {5ED80217-570B-4DA9-BF44-BE107C0EC166} - Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab {6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164475875932 {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - WScanCtl Class - CodeBase = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab {9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38214.1693402778 {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - Java Plug-in 1.5.0_01 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - Java Plug-in 1.5.0_02 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - Util Class - CodeBase = https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {D8575CE3-3432-4540-88A9-85A1325D3375} - e-Safekey - CodeBase = https://business.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4899/mcfscan.cab {F6A56D95-A3A3-11D2-AC26-400000058481} - Danske e-Sec - CodeBase = https://business.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab Hosts file = 723 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts # Copyright (c) 1993-1999 Microsoft Corp. - # - # Dette er HOSTS-eksempelfilen, der bruges af Microsoft TCP/IP til Windows. - # - # Denne fil indeholder IP-adressetilknytninger til værtsnavne. Du bør ikke - # angive flere end en post pr. linje. IP-adressen skal placeres i den første - # kolonne efterfulgt af det tilsvarende værtsnavn. - # IP-adressen og værtsnavnet kan adskilles af mindst ét mellemrum. - # - # Kommentarer (som disse) kan indsættes på individuelle linjer eller efter- - # følge computernavn. Kommentarer skal anføres med nummertegn ‘#’. - # - # Eksempel: - # - # 102.54.94.97 rhino.acme.com # kildeserver - # 38.25.63.10 x.acme.com # x-klientvært - - 127.0.0.1 localhost - < End of report >
[ Ignorer ] [ # 33 ] gibson
01.12.2006 23:38:56 Antal indlæg: 27	ad 4) jeg kan nu åbne fixet fra Fromsej 29/11/2006: 16:27:33 i notesblok uden at det krypteres, men jeg kan ikke køre fixet. Jeg får en box med :Åbn med (notesblok m.fl, scan med AVG osv.
[ Ignorer ] [ # 34 ] gibson
01.12.2006 23:51:30 Antal indlæg: 27	GODT NYT: Jeg kan faktisk få kontakt med det inaktive wordikon på min proceslinje(navn:Genvej til Microsoft Word.lnk.lnk). Når jeg klikker på det starter word og ender i “Wordicon.exe(skrivebeskyttet)-Microsoft Word” JEG KAN ÅBNE EXEL Jeg har prøvet at gå til >Mappeindstillinger >filtyper > ny> exe >application, men “anvend” bliver stadig ikke aktiv. Jeg holder vejret
[ Ignorer ] [ # 35 ] gibson
01.12.2006 23:56:05 Antal indlæg: 27	WOWWWW. Undskyld beskederne nu falder over hinanden, men jeg kan faktisk åbne flere af mine programmer ved at “vælge på en liste”. Ikonerne på proceslinjen er imidlertid stadig “neutrale” og har endelsen .lnk Bemærk at tråden har skiftet side - Ejvindh
[ Ignorer ] [ # 36 ] Ejvindh
03.12.2006 00:49:18 Redaktør Team Spywarefri Antal indlæg: 6048	Jeg tror efterhånden vi kan konkludere at der blot resterer at få “ryddet op” efter det ravage som infektionen har lavet. Noget af det kan vi muligvis finde, men det kan godt være, at du kommer til at leve med nogle af de forkerte indstillinger. Det må vi lige se undervejs. —Jeg vil dog gerne lige høre om du kan bekræfte at du har noget Pinnacle-software installeret på din computer? —Derudover vil jeg også gerne se en oversigt over hvilke ADS du har installeret på din computer: Kør Hijackthis, Klik på “Open the Misc tools section”, “Open ADS spy…”, fjern alle flueben, og klik på den øverste “Scan”-knap. Når scanningen er færdig, så klik på “Save log”, gem loggen et sted hvor du kan finde den igen, og læg indholdet herind. —Hent så disse 2 filer, og gem dem på skrivebordet: http://www.uploads.ejvindh.net/restoreassoc.zip http://www.uploads.ejvindh.net/Restassoc_dk.exe Start med at pakke restoreassoc.zip ud, og dobbeltklik først på restoreassoc.reg-filen, som ligger i zip-filen. Så skal du efterfølgende helst blive spurgt om du vil tilføje oplysningerne til registreringsdatabasen. Hvis du gør det, skal du bekræfte det. Hvis ikke du bliver spurgt om dette skal du i stedet køre Restassoc_dk.exe-filen. Så vil der kort dukke et sort vindue op. Når den er lukket ned igen, skal du genstarte computeren. Når computeren er genstartet, må du gerne bagefter prøve om du kan køre restoreassoc.reg-filen. Meld gerne tilbage med hvordan dette punkt forløber, og om det løser nogle af de resterende problemer, som du har.
[ Ignorer ] [ # 37 ] gibson
03.12.2006 01:27:54 Antal indlæg: 27	Ja, jeg har et gammelt pinnacle-program liggende som jeg ikke bruger mere. Her er loggen fra Hijackthis: C:\Documents and Settings\Administrator\Skrivebord\registryboosterplib.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Administrator\Skrivebord\setup.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft : liFJBOSvkLYONzX5YcfAG0w (877 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft : Te2eyrEbR6VyzYPU2 (1034 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft : liFJBOSvkLYONzX5YcfAG0w (877 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft : Te2eyrEbR6VyzYPU2 (1034 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\6VZlS8ahwaEuXO4 : ansFHF5dL41SJHB7Uj23q6k (950 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\6VZlS8ahwaEuXO4 : ansFHF5dL41SJHB7Uj23q6k (950 bytes) C:\Documents and Settings\All Users\Dokumenter\Billeder\Billedeksempler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\All Users\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Anne Sofie\Anne Sofie før Indien\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Anne Sofie\AnneSofie.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\AnneSofie2.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\AS fest efter indien\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Anne Sofie\Marstalsgade jan 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60078.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60079.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60082.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60083.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60084.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60085.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60086.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60087.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60088.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60090.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60095.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60096.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60097.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60098.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60099.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60100.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60101.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60102.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60103.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60106.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60110.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60111.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60112.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60113.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\STA60114.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Anne Sofie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Billedeksempler\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Caorle 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Caorle sommer 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Danser.gif : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Ergotræf sept 04\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Familie\Dias gamle\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Familie\Farmor\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Familie\Norsminde\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Familie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Fugleunger 06 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Guitar fotos\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Hakke Bakke Band\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Indretning\Indret sofa\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Indretning\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Johannas konfirmation\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Jul 2001\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Julefrokost 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Julen 2003\02-01-2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Julen 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Julen 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Julen 2005- fødselsdage jan 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Katie jan 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Katie jan 2005\x1p7Ex3PBOjFeCTIPJkaIMgstIdGnhrDEZauNcbuQSrIhIoAL23rA9AlwTE9obKkncPvHl_gZMd4Atg0gXT0KN_BJKLh6koPPiQW5jFg0MZNww8BkCeUc8uhk89RDjPvKYMi0-c8_yB5GFreeyZ07rlog.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Katie jan 2005\x1p7Ex3PBOjFeCTIPJkaIMgstIdGnhrDEZauNcbuQSrIhLNSgEwvFE2jzddR_O9eIYJfLWWmtP_KfM0TCbPKORV58YZV3jb0JP4oEpbI8EA847o5OqzYTnewVQ9LTggBeTFOkynkWHNaweWPKhFzULmzA.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Kevin\03-08-2005 Kevin\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\04-09-2005 Kevin\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\13-08-2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\18-08-2005, Kevin\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\28-08-2005, Kevin\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\29-08-2005 Kevin\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Afrejse Kevin\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\April 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\April 2006 Vestkyst\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Bager\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\December\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\December Haderslev\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Exteriør Interiør\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Haderslev by night\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Haderslev City\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\HaKa luftfoto\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Januar 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Julefrokost AFS\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\juni 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\juni 2006\tv2 : SummaryInformation (88 bytes) C:\Documents and Settings\Billeder\Kevin\juni 2006\tv2 : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\Billeder\Kevin\København okt 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Køkken\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Lysfest 4.5.2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Maj 2006\Motionsbilleder5814.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Kevin\Maj 2006\Motionsbilleder5815.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Kevin\Maj 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Marts 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Recording studie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Sort Sol\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Tinglev\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kevin\Tørning\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kina 2006\Kina 2006 148.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Kina 2006\Kopi (2) af Kina 2006 148.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Kina 2006\Kopi (3) af Kina 2006 148.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Kina 2006\Kopi (4) af Kina 2006 148.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Kina 2006\Kopi af Kina 2006 148.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Kina 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Klinik\Dental\Dental Jannie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Klinik\Dental\Dental JPJepsen\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Klinik\Dental\Gadeskilt Stg30\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Klinik\Dental\Klinik marts 2004\09-03-2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Klinik\Dental\Klinik marts 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Klinik\Dental\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Klinik\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kristin 18 & Marstalsgade\2004_01_25\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kristin 18 & Marstalsgade\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Kristin 18 år\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\KTH julerevy 79\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\London okt 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Lone 50\21-08-2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Lone 50\Lone 50 Thorstens foto\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Lone 50\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Lone Ergo 25 år\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Madklub 19.11.03\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Maling stue\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Marathon\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Marstalsgade 4-1-2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60078.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60079.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60082.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60083.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60084.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60085.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60086.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60087.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60088.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60090.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60095.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60096.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60097.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60098.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60099.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60100.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60101.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60102.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60103.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60106.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60110.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60111.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60112.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60113.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\STA60114.JPG : Zone.Identifier (26 bytes) C:\Documents and Settings\Billeder\Marstalsgade-gulv, juli 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Mette 50\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Morten 24 år\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Nepal og Indien\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\New York Scan foto\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Nikolaj\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Nikolaj 3 x 18\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Nikolaj 18\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Nikolaj og Anne Sofie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Paris 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Pat Metheny\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Reol\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Rosenbakken ude, Farmor\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Silkeborg klinik 1 okt\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Skarrev maj 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Skiferier\Avoriaz 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Skiferier\St. Anton 2005_1\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Skiferier\St. Anton 2006_1\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Snevejr_1\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\sofa\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Sommer 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Sommerferie 2006\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Sommerhus Djurs\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Temadag 6.12.03\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Torben 50\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Torben 50 fest\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Vinter 12.01.2002\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Billeder\Århus 5.12.03 + AS NIK\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\cb\Application Data\Viewpoint\ViewBar\Thumbnails\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\cb\Lokale indstillinger\Temporary Internet Files\Content.IE5\IL8T25SH\gmer[1].zip : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Lokale indstillinger\Temporary Internet Files\wkrATOhHfmOHx : 4aO82t84n47iwmCs9vLLz (977 bytes) C:\Documents and Settings\cb\Lokale indstillinger\Temporary Internet Files\wkrATOhHfmOHx : 4aO82t84n47iwmCs9vLLz (977 bytes) C:\Documents and Settings\cb\Skrivebord\danser.GIF : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Diverse\BSINSTALL.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Diverse\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\cb\Skrivebord\Nikolaj\musik niko\sikkerjobstart.mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Ommer.reg : SummaryInformation (88 bytes) C:\Documents and Settings\cb\Skrivebord\Ommer.reg : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\cb\Skrivebord\Pro Tools LE & Digidesign\chordfinder_pc.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Pro Tools LE & Digidesign\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\cb\Skrivebord\Spil\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\alternativ.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\avgas-setup-7.5.0.47.exe : SummaryInformation (88 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\avgas-setup-7.5.0.47.exe : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\ClnBBear[1]\ClnBBear.com : SummaryInformation (88 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\ClnBBear[1]\ClnBBear.com : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\combofix.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\defs.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\exefix.reg : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\exefix_xp.com : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\Extensions.inf : SummaryInformation (88 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\Extensions.inf : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\fixreg.com : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\gmer.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\gmer[1].zip : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\hijackthis.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\RCSammsoftTrial.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\regclean.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\regfix.vbs : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\RootkitRevealer\Eula.txt : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\RootkitRevealer\RootkitReveal.txt : SummaryInformation (88 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\RootkitRevealer\RootkitReveal.txt : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\RootkitRevealer\RootkitRevealer.chm : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\RootkitRevealer\RootkitRevealer.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\RootkitRevealer.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\setup.exe : SummaryInformation (88 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\setup.exe : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\spybotsd14.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\cb\Skrivebord\Spywarefri\winpfind2.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\danser.gif : Zone.Identifier (26 bytes) C:\Documents and Settings\Default User\Skrivebord\registryboosterplib.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Default User\Skrivebord\setup.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Dokumenter\Billeder\04-09-2005, Kevin\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_06_18\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_07_06\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_07_09\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_07_12\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_07_13\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_07_15\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_08_06\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_08_25\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_10_21\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_10_22\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_11_04\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_11_10\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_11_26\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2005_12_22\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_01_21\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_02_11\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_02_13\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_02_17\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_02_18\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_02_25\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_02_27\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_03_04\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_03_25\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_03_31\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_04_01\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_04_14\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_05_03\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\2006_05_10\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\danser.gif : Zone.Identifier (26 bytes) C:\Documents and Settings\Dokumenter\Kopi af danser.gif : Zone.Identifier (26 bytes) C:\Documents and Settings\Dokumenter\Musik\John Mayer Heavier Things\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Dokumenter\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\E-mails\Control_Alcoholemia.wmv : Zone.Identifier (26 bytes) C:\Documents and Settings\Familie\s+l kobber 0106l.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Anne Sofie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Avoriaz 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Caorle 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Dental\Dental Jannie\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Dental\Dental JPJepsen\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Dental\Gadeskilt Stg30\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Dental\Julefrokost 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Dental\Klinik marts 2004\09-03-2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Dental\Klinik marts 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Dental\Silkeborg klinik 1 okt\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Dental\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Ergotræf sept 04\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Guitar fotos\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Hakke Bakke jun 04\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Indretning\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Jul 2001\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Julen 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Julen 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Katie jan 2005\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Kristin 18 & Marstalsgade\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\London okt 2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Lone 50\21-08-2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Lone 50\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Madklub 19.11.03\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Maling stue\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Marstalsgade 4-1-2004\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\New York Scan foto\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Nikolaj\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Nikolaj 3 x 18\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Nikolaj 18\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Rosenbakken ude, Farmor\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Skarrev maj 2003\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Sommerhus Djurs\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Temadag 6.12.03\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Torben 50\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Torben 50 fest\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Vinter 12.01.2002\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Billeder\Århus 5.12.03 + AS NIK\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Modtagne filer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Nikolaj\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Torben\Klinik\Dental\jpg\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Torben\Klinik\Hjemmeside\grafik færdig\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Gl. Computer\Torben\Klinik\Hjemmeside\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Lone\ATT00029.txt : Zone.Identifier (26 bytes) C:\Documents and Settings\Lone\Ergoadresser.DOC : Zone.Identifier (26 bytes) C:\Documents and Settings\regclean.exe : Zone.Identifier (26 bytes) C:\Documents and Settings\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Torben\din Tandlæge\050906 Bilagsmappe årsmøde 2006.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\050906 Bryd rutinen - Geert Mørk.DOC : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\050906 Endeligt program - Temadag og Årsmøde 2006.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\050906 Fuldmagt.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\080906 Følgebrev bilagsmappe.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\080906 Praktisk oplysninger - Årsmøde 2006.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\0d Fordele dinTANDLÆGE.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\130706 Markedsføringsplan - Budget.xls : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\130706 Markedsføringsplan - Tidsplan.xls : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\1b Teambuilding introduktion sept 2005.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\300506 Oversigtsdiagram - Målgrupper.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\dintandlaege_logo.ps : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\DTFnet_rabatten_polen-filer\dtf_menu2_adg-filer\dtf_menu2_adg-filer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Torben\din Tandlæge\Gert Lerche brev Efter årsmødet.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\Nyhedsbrev juni 2006.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\din Tandlæge\Resume aftale Fiskers og Co.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Hej Torben.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\CBS Ledelsesakademi\1 hjemmeopgave, TLA 05.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\CBS Ledelsesakademi\H___TKU__Medion Blackboard__TLA Ledelse__Batch-file TLA Deltagere.xls : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\CBS Ledelsesakademi\H___TKU__Medion Blackboard__TLA Ledelse__Blackboard Brugervejledning TLA.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\Dental foto\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Torben\Klinik\dinTandlæge\dintandlaege_logo.ps : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\dinTandlæge\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Torben\Klinik\Hjemmeside og tryksager\mødekort.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\Hjemmeside og tryksager\supertand.dk.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\Hjemmeside og tryksager\supertand.ifirma.dk.zip : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\Hjemmeside og tryksager\tandklinikken_250.gif : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\logo.ai : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\logo.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\M65 kuvert.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\SFU\august 2005.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\SFU\juni.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\SFU\maj.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\SFU\november 2005.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\SFU\oktober.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\SFU\september 2005.pdf : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\SH_Logo.ai : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Klinik\word skabelon.jpg : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\Afregning fælles m.m. .eml : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\Faktura’er til Elkøb 2004.eml : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\Hej Torben.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\Lejereg. Tæppeland.eml : SummaryInformation (88 bytes) C:\Documents and Settings\Torben\KS Svendborg\Lejereg. Tæppeland.eml : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes) C:\Documents and Settings\Torben\KS Svendborg\Rykker, Elkøb.eml : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\sv2fak05 33 34 35 36 tæppeland.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\sv2fak05.doc : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\Svendborg huslejer.eml : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\Årsafregn. varme m.m., opkræv. af skatteforhøj..eml : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\Årsafregning Tæppeland.eml : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\KS Svendborg\Årsopkræv. SV2.eml : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Lyd\Digi 002-filer\menu-filer\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Torben\Lyd\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Torben\Musik\Anne Sofies musik\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Torben\Musik\bbc[1].mp3 : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Musik\Beatles, the\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\Torben\Musik\Folk og røvere\Barbervise.mid : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Musik\Folk og røvere\Fru Bastians sang.mid : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Musik\Folk og røvere\Hurrasang.mid : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Musik\Folk og røvere\Pa roverfangst.mid : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Musik\Folk og røvere\Sporvognen.mid : Zone.Identifier (26 bytes) C:\Documents and Settings\Torben\Musik\Thumbs.db : encryptable (0 bytes) C:\Documents and Settings\WinXP_EXE_Fix.reg : Zone.Identifier (26 bytes) C:\MyWorks\Thumbs.db : encryptable (0 bytes) C:\Polob32\Xord11\Thumbs.db : encryptable (0 bytes) C:\Programmer\AIM\Thumbs.db : encryptable (0 bytes) C:\Programmer\ArcSoft\PhotoStudio 2000\brush\Thumbs.db : encryptable (0 bytes) C:\Programmer\ArcSoft\PhotoStudio 2000\Samples\Thumbs.db : encryptable (0 bytes) C:\Programmer\ArcSoft\PhotoStudio 2000\Shapes\Thumbs.db : encryptable (0 bytes) C:\Programmer\ArcSoft\PhotoStudio 2000\stamps\Thumbs.db : encryptable (0 bytes) C:\Programmer\ArcSoft\PhotoStudio 2000\Texture\Thumbs.db : encryptable (0 bytes) C:\Programmer\ArcSoft\PhotoStudio 2000\Web\Thumbs.db : encryptable (0 bytes) C:\Programmer\CyberLink\PowerProducer Express\Template\Cyberlink\Background\Thumbs.db : encryptable (0 bytes) C:\Programmer\Fælles filer\System\IlhxoVov1mV : WW9TFwoMcpypplOGtXI (901 bytes) C:\Programmer\Fælles filer\System\IlhxoVov1mV : WW9TFwoMcpypplOGtXI (901 bytes) C:\Programmer\GoogleEarth.exe : Zone.Identifier (26 bytes) C:\Programmer\InstallShield Installation Information\{8854A2DB-FE59-4352-85A2-2B0411B2CF6C}\Thumbs.db : encryptable (0 bytes) C:\Programmer\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\Thumbs.db : encryptable (0 bytes) C:\Programmer\InstallShield Installation Information\{DBCD674C-1751-4548-9005-980F03083187}\Thumbs.db : encryptable (0 bytes) C:\Programmer\iTunes\03 heard somebody say.mp3 : Zone.Identifier (26 bytes) C:\Programmer\iTunes\04 long haired child.mp3 : Zone.Identifier (26 bytes) C:\Programmer\iTunes\06 quedate luna.mp3 : Zone.Identifier (26 bytes) C:\Programmer\iTunes\08 swimmers.mp3 : Zone.Identifier (26 bytes) C:\Programmer\iTunes\09 Blue Turning Gray.mp3 : Zone.Identifier (26 bytes) C:\Programmer\iTunes\10 In This Home on Ice.mp3 : Zone.Identifier (26 bytes) C:\Programmer\ladbrokesMPP\Thumbs.db : encryptable (0 bytes) C:\Programmer\LimeWire\Thumbs.db : encryptable (0 bytes) C:\Programmer\Messenger\Thumbs.db : encryptable (0 bytes) C:\Programmer\Movie Maker\Thumbs.db : encryptable (0 bytes) C:\Programmer\PacificPoker\Thumbs.db : encryptable (0 bytes) C:\Programmer\RescuePRO™\Thumbs.db : encryptable (0 bytes) C:\Programmer\Windows Media Player\Thumbs.db : encryptable (0 bytes) C:\Programmer\WindowsUpdate : 4kZie81DPXXLWb8SHcm (856 bytes) C:\Programmer\WindowsUpdate : 4kZie81DPXXLWb8SHcm (856 bytes) C:\RECYCLER\S-1-5-21-1214440339-1606980848-1801674531-1003\Dc1.zip : Zone.Identifier (26 bytes) C:\snap\Thumbs.db : encryptable (0 bytes)
[ Ignorer ] [ # 38 ] gibson
03.12.2006 02:10:15 Antal indlæg: 27	Ved dobbeltklik på restoreassoc.zip åbnes notesblok. Jeg bliver ikke spurgt om at tilføje oplysn. til reg.databasen. Jeg kan køre restassoc_dk.exe-filen efter genstart, men kun som administrator, ikke som normal bruger. Ved genstart kommer der 4 notesblokvinduer frem som først skal lukkes, derudover starter Word med et krypteret dokument som også tager en del klik at lukke ned. Bl.a nævnes at normal.dot er beskadiget. Jeg har fået sat et flueben i “brug altid dette program (Word)til at åbne” således at .lnk-ikonerne (de oprindelige genveje og programikoner) nu har et “W” ikon indeni istedet for som tidligere tre prikker (rød grøn,blå. Forstyrrer det oprydningen ?
[ Ignorer ] [ # 39 ] Ejvindh
03.12.2006 02:38:29 Redaktør Team Spywarefri Antal indlæg: 6048	—Der var nogle ADS, som jeg ikke kender. Jeg har lidt en mistanke til, at det kan have forbindelse med at du har krypteret nogle mapper. Hvis du har dét, skal du ikke udføre dette punkt, men springe videre til næste. Kør Hijackthis, Klik på “Open the Misc tools section”, “Open ADS spy…”, fjern alle flueben, og klik på den øverste “Scan”-knap. Så dukker en liste med filer op, som har vedhæftede ADS. Marker følgende filer, og klik på “Remove selected” C:\Documents and Settings\All Users\Application Data\Microsoft : liFJBOSvkLYONzX5YcfAG0w (877 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft : Te2eyrEbR6VyzYPU2 (1034 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft : liFJBOSvkLYONzX5YcfAG0w (877 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft : Te2eyrEbR6VyzYPU2 (1034 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\6VZlS8ahwaEuXO4 : ansFHF5dL41SJHB7Uj23q6k (950 bytes) C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\6VZlS8ahwaEuXO4 : ansFHF5dL41SJHB7Uj23q6k (950 bytes) C:\Documents and Settings\cb\Lokale indstillinger\Temporary Internet Files\wkrATOhHfmOHx : 4aO82t84n47iwmCs9vLLz (977 bytes) C:\Documents and Settings\cb\Lokale indstillinger\Temporary Internet Files\wkrATOhHfmOHx : 4aO82t84n47iwmCs9vLLz (977 bytes) C:\Programmer\Fælles filer\System\IlhxoVov1mV : WW9TFwoMcpypplOGtXI (901 bytes) C:\Programmer\Fælles filer\System\IlhxoVov1mV : WW9TFwoMcpypplOGtXI (901 bytes) C:\Programmer\WindowsUpdate : 4kZie81DPXXLWb8SHcm (856 bytes) C:\Programmer\WindowsUpdate : 4kZie81DPXXLWb8SHcm (856 bytes) —Angående filassociationerne, må jeg indrømme, at det efterhånden begynder at se noget broget ud. Der er tilsyneladende rigtig mange af associationerne, der er dårlige. Men prøv evt. om dette trick kan hjælpe os videre: Højreklik på dette link: http://www.dougknox.com/xp/tips/xp_fileassoc.txt Vælg så “Gem som”/“Gem link til disk” , for at gemme tekstfilen et sted, hvor du kan finde det igen. Når du gemmer, skal du sørge for, at filen gemmes med navnet xp_fileassoci.bat. Og under “Filtype” skal der stå “Alle filer”. Dobbeltklik så på den nye fil. Så vil et sort vindue dukke op i et stykke tid, hvor noget tekst scroller henover skærmen. Når vinduet lukker, genstarter du computeren, og ser om det har hjulpet noget.
[ Ignorer ] [ # 40 ] gibson
03.12.2006 03:12:03 Antal indlæg: 27	Det sidste trick med xp_fileassoci.ba virkede umiddelbart efter det sorte vindue lukkede. Skrivebordet ser nu fuldstændig normalt ud!!!!!! Jeg genstarter nu og holder vejret imens.
[ Ignorer ] [ # 41 ] gibson
03.12.2006 03:26:12 Antal indlæg: 27	Jeg har genstartet computeren og den ser fin ud. De programmer som ikke umiddelbart kan starte, kan bringes til at køre ved at vælge “kør som” og så fjerne fluebenet i “beskyt mod uautoriseret programaktivitet.
[ Ignorer ] [ # 42 ] Ejvindh
03.12.2006 03:31:41 Redaktør Team Spywarefri Antal indlæg: 6048	Dejligt at høre [^]. Du vil også kunne gendanne den automatiske kørsel af programmerne, ved at sætte flueben ved “Brug altid dette program….”. Så tror jeg, at jeg vil høvle afskeds-replikken af, og tørne ind : For at gøre arbejdet helt færdig: Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse. Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper. Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil http://www.spywareinfo.dk/download/cleantempxp2k.bat —————————————- For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her: http://www.spywarefri.dk/manualer/sikkerhedspakke.htm Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414 http://www.ejvindh.net/viewtopic.php?t=37
[ Ignorer ] [ # 43 ] gibson
03.12.2006 04:10:47 Antal indlæg: 27	Tillad mig at udtrykke min taknemmelighed for det store arbejde i har udført. Godt kæmpet. Jeg er meget imponeret. Rigtig mange tak. [:X]
[ Ignorer ] [ # 44 ] Ejvindh
03.12.2006 14:47:16 Redaktør Team Spywarefri Antal indlæg: 6048	Du er velkommen. Og dejligt at vi fik det til at lykkes. Jeg må indrømme, at jeg var ikke så optimistisk en overgang Da problemet ser ud til at være løst, lukker jeg tråden her igen. Du opretter bare en ny tråd, hvis du får brug for mere hjælp.

3 af 3

Forrige