Spywarefri Forum | Infektion på pc.

Infektion på pc.

[ Ignorer ] glennieboy
08.05.2007 21:59:17 Antal indlæg: 52	Hej. Da jeg startede min bærbar idag skrev den i værktøjlinien, at min computer var blevet inficeret og at jeg skulle downloade et spywareprogram. Jeg har tidligere fået hjælp af jer med noget andet, og havde derfor superantispyware, som jeg brugte. Nu gør min pc imidlertid flere mærkelige ting: Når jeg logger på med min bruger, kan man ikke længere lukke computeren i startmenuen. Man kan kun sige log af. Så er man nødsaget til at lukke computeren, ved først at sige log af. Så må man gøre det dér, hvor man skal skrive sin kode for at logge på. Yderligere kommer den en gang imellem og siger, at forskellige funktioner er blevet deaktiveret af administrator. Fx hvis jeg trykker ctrl+alt+delete eller alt+f4. Den siger også at administrator har deaktiveret registreringsdatabasen. Hvis jeg endvidere er i et program eller på nettet, er det som om siden hele tiden bliver deaktiveret, sådan at jeg ikke kan skrive noget, medmindre jeg først trykker med musen på billedet. Altså kan jeg fx nå at skrive 5 tegn, før at jeg bliver nødt til at trykke på skærmen med musen, for at kunne skrive igen. (Lige nu skriver jeg fra fejlsikret tilstand). Den har også lukket internettet ned en del gange pga. fejl. MVH Glenn Vil i kigge på mine logs: ————————————————————————————- AVG Anti-Spyware - Scan Report ————————————————————————————- + Created at: 19:12:28 08-05-2007 + Scan result: C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP165\A0022453.dll -> Adware.SaveNow : Ignored. C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP165\A0022489.exe -> Adware.SaveNow : Ignored. C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP232\A0034898.exe -> Dropper.Small.avb : Cleaned with backup (quarantined). C:\Programmer\WinRar\WinRAR.exe -> Heuristic.Win32.AVKiller : Ignored. C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP232\A0034901.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined). C:\cwhdtm.exe -> Hijacker.Agent.is : Cleaned with backup (quarantined). C:\WINDOWS\system32\rem.dll -> Logger.Banker.cnq : Cleaned with backup (quarantined). C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP232\A0034902.dll -> Proxy.Dlena.cq : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined). C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined). ::Report end Logfile of HijackThis v1.99.1 Scan saved at 19:23:35, on 08-05-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Windows\System32\Ati2evxx.exe C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\guard.exe C:\Windows\System32\svchost.exe C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Programmer\Trådløst netværk\utility.exe C:\Programmer\TEXTware\HotKey\TWALINK.EXE C:\Programmer\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Programmer\Hijack this\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ku.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/2Q00CPT/0406/bF7.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Helper Class - {5142FE17-20E6-4121-A925-A4C6385CDDAA} - C:\Windows\system32\rem.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programmer\Dealio\kb103\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programmer\Dealio\kb103\Dealio.dll O4 - HKLM\..\Run: [ATIModeChange] -Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] -atiptaxx.exe O4 - HKLM\..\Run: [eabconfg.cpl] -C:\Programmer\Compaq\EAB\EabServr.exe /Start O4 - HKLM\..\Run: [hkss] -C:\Programmer\Compaq\Hotkey Software\hkss.exe O4 - HKLM\..\Run: [Cpqset] -c:\compaq\cpqsetup\cpqset.exe O4 - HKLM\..\Run: [LTWinModem1] -ltmsg.exe 9 O4 - HKLM\..\Run: [SunJavaUpdateSched] -“C:\Programmer\Java\jre1.5.0_08\bin\jusched.exe” O4 - HKLM\..\Run: [Realtime Monitor] -C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [PCSuiteTrayApplication] -C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] -C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [QuickTime Task] -“C:\Programmer\QuickTime\qttask.exe” -atboottime O4 - HKLM\..\Run: [iTunesHelper] -“C:\Programmer\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [WinampAgent] -C:\Programmer\Winamp\winampa.exe O4 - HKLM\..\Run: [au] C:\Programmer\Dealio\DealioAU.exe O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] -“C:\Programmer\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] -“C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU\..\Run: [CTSyncU.exe] -“C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe” O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ? O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\TWALINK.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Compare Prices with &Dealio; - C:\Programmer\Dealio\kb103\res\DealioSearch.html O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programmer\Dealio\kb103\Dealio.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158578860187 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\perfc000.dat O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\Windows\System32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - -C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe (file missing) O23 - Service: CA License Server (CA_LIC_SRVR) - Unknown owner - -C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Unknown owner - -“C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Unknown owner - -“C:\Programmer\CA\eTrust Antivirus\InoRpc.exe (file missing) O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Unknown owner - -“C:\Programmer\CA\eTrust Antivirus\InoRT.exe (file missing) O23 - Service: eTrust Antivirus Job Server (InoTask) - Unknown owner - -“C:\Programmer\CA\eTrust Antivirus\InoTask.exe (file missing) O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - -C:\Programmer\iPod\bin\iPodService.exe (file missing) O23 - Service: Event Log Watch (LogWatch) - Unknown owner - -C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing) O23 - Service: Office Source Engine (ose) - Unknown owner - -“C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: Læsetjeneste til USN-poster for delemapper i Messenger (usnjsvc) - Unknown owner - -“C:\Programmer\MSN Messenger\usnsvc.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -“C:\Programmer\Windows Media Player\WMPNetwk.exe (file missing) ******************************* ROOTCHK-(02-05-07)-LOG, by ejvindh 08-05-2007 19:43:12,09 Driver Ntio256 (visible) is present. A rootkit scan is recommended. Driver Ntio256 (visible) is present. A rootkit scan is recommended. Driver irmon (visible) is present. A rootkit scan is recommended. ******************************* ROOTCHK-LOG-end catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-08 19:43:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry SharingMetadata-entry scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 33
[ Ignorer ] [ # 1 ] Ejvindh
08.05.2007 23:50:49 Redaktør Team Spywarefri Antal indlæg: 6048	Det er nogle slemme ting, du har på den computer. Bl.a. er der spor efter rootkits (som muligvis dog er fjernet). For en sikkerhedsskyld vil jeg dog flytte dig over i rootkit-kategorien, for at give den et ekstra eftersyn. Der gælder nogle særlige forhold for supporten i denne kategori, som du kan læse om her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=29320 Hvis du alligevel vælger at fortsætte, så prøv følgende: —Download Gmer-rootkit scanner, og pak den ud til skrivebordet: http://www.young-andersen.dk/gamer/gamer.zip Start med at omdøbe programmet gmer.exe (fx til abc.exe). Kør programmet, klik på fanebladet “Rootkit”, og klik på “Scan”. Imens der scannes, bør du afbryde netforbindelsen, lukke alle åbne programmer, og undlade at bruge computeren til andre ting. Du bør heller ikke klikke på andre ting i Gmer-scanneren. Når scanningen er færdig, skal du klikke på “Copy”. Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v. I nogle tilfælde er logfilen så lang, at den ikke kan være i en enkelt post. Så må du lægge den af flere omgange.
[ Ignorer ] [ # 2 ] glennieboy
09.05.2007 00:58:21 Antal indlæg: 52	Hej igen… Jeg vil selvfølgelig gøre hvad der er nødvendigt for at jeg kan få afhjulpet problemet på min pc. Jeg kan imidlertid ikke længere køre computeren i normal tilstand i mere end 5 minutter før den fryser… Er det ok at jeg kører den scanner du snakker om fra fejlsikret tilstand? Eller hvad skal jeg gøre? MVH Glenn
[ Ignorer ] [ # 3 ] glennieboy
09.05.2007 01:25:01 Antal indlæg: 52	Nu har jeg lavet en scanning som jeg blev bedt om. Denne er dog lavet i fejlsikret tilstand. Endvidere fik jeg at vide, at jeg skulle vælge fanen Rootkit, hvorefter jeg skulle trykke på scan. Der var imidlertid ikke en sådan funktion under rootkit. Valgte jeg en fane, der hed autostart, var både scan- og copy- funktionen der dog, hvilket jeg gjorde. Håber det er ok… MVH Glenn GMER 1.0.12.12086 - http://www.gmer.net Autostart scan 2007-05-08 23:22:17 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\Windows\system32\perfc000.dat HKLM\SYSTEM\CurrentControlSet\Services\ >>> Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe AVG Anti-Spyware Guard /AVG Anti-Spyware Guard/@ = C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\guard.exe InoRPC /eTrust Antivirus RPC Server/@ = -“C:\Programmer\CA\eTrust Antivirus\InoRpc.exe” /file not found/ InoRT /eTrust Antivirus Realtime Server/@ = -“C:\Programmer\CA\eTrust Antivirus\InoRT.exe” /file not found/ InoTask /eTrust Antivirus Job Server/@ = -“C:\Programmer\CA\eTrust Antivirus\InoTask.exe” /file not found/ LogWatch /Event Log Watch/@ = -C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe /file not found/ ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys Spooler /Print Spooler/@ = %SystemRoot%\system32\spoolsv.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @ATIModeChange-Ati2mdxx.exe /file not found/ = -Ati2mdxx.exe /file not found/ @AtiPTA-atiptaxx.exe /file not found/ = -atiptaxx.exe /file not found/ @eabconfg.cpl-C:\Programmer\Compaq\EAB\EabServr.exe /Start /file not found/ = -C:\Programmer\Compaq\EAB\EabServr.exe /Start /file not found/ @hkss-C:\Programmer\Compaq\Hotkey Software\hkss.exe /file not found/ = -C:\Programmer\Compaq\Hotkey Software\hkss.exe /file not found/ @Cpqset-c:\compaq\cpqsetup\cpqset.exe /file not found/ = -c:\compaq\cpqsetup\cpqset.exe /file not found/ @LTWinModem1-ltmsg.exe 9 /file not found/ = -ltmsg.exe 9 /file not found/ @SunJavaUpdateSched-“C:\Programmer\Java\jre1.5.0_08\bin\jusched.exe” /file not found/ = -“C:\Programmer\Java\jre1.5.0_08\bin\jusched.exe” /file not found/ @Realtime Monitor-C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s /file not found/ = -C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s /file not found/ @PCSuiteTrayApplication-C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /file not found/ = -C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray /file not found/ @DataLayer-C:\Programmer\F?lles filer\PCSuite\DataLayer\DataLayer.exe /file not found/ = -C:\Programmer\F?lles filer\PCSuite\DataLayer\DataLayer.exe /file not found/ @QuickTime Task-“C:\Programmer\QuickTime\qttask.exe” -atboottime /file not found/ = -“C:\Programmer\QuickTime\qttask.exe” -atboottime /file not found/ @iTunesHelper-“C:\Programmer\iTunes\iTunesHelper.exe” /file not found/ = -“C:\Programmer\iTunes\iTunesHelper.exe” /file not found/ @WinampAgent-C:\Programmer\Winamp\winampa.exe /file not found/ = -C:\Programmer\Winamp\winampa.exe /file not found/ @auC:\Programmer\Dealio\DealioAU.exe = C:\Programmer\Dealio\DealioAU.exe @tcpipmontcpipmon.exe /file not found/ = tcpipmon.exe /file not found/ HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @CTFMON.EXEC:\Windows\system32\ctfmon.exe = C:\Windows\system32\ctfmon.exe @Skype-“C:\Programmer\Skype\Phone\Skype.exe” /nosplash /minimized /file not found/ = -“C:\Programmer\Skype\Phone\Skype.exe” /nosplash /minimized /file not found/ @swgC:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe @MsnMsgr-“C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background /file not found/ = -“C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background /file not found/ @CTSyncU.exe-“C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe” /file not found/ = -“C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe” /file not found/ HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\Windows\system32\WPDShServiceObj.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>> @{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\Super anti spyware\SASSEH.DLL /file not found/ = C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\Super anti spyware\SASSEH.DLL /file not found/ @{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\shellexecutehook.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /Kontrolpanel-udvidelse til skærmpanorering/deskpan.dll /file not found/ = deskpan.dll /file not found/ @{30D02401-6A81-11d0-8274-00C04FD5AE38} /IE Search Band/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{32683183-48a0-441b-a342-7c2a440a9478} /Media Band/(null) = @{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /Shell DocObject Viewer/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{FBF23B40-E3F0-101B-8488-00AA003E56F8} /InternetShortcut/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /Microsoft Url History Service/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{FF393560-C2A7-11CF-BFF4-444553540000} /History/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /Temporary Internet Files/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /Temporary Internet Files/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /Microsoft Url Search Hook/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /The Internet/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{871C5380-42A0-1069-A2EA-08002B30309D} /Internet Name Space/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{596AB062-B4D2-4215-9F74-E9109B0A8153} /Previous Versions Property Page/C:\Windows\System32\twext.dll = C:\Windows\System32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /Previous Versions/C:\Windows\System32\twext.dll = C:\Windows\System32\twext.dll @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /Extensions Manager Folder/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll @{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /Messenger Sharing Folders/C:\Programmer\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Programmer\MSN Messenger\fsshext.8.1.0178.00.dll @{DCED20BE-3645-11D4-BC95-00C04F0E0588} /InoShell/C:\Programmer\CA\eTrust Antivirus\InoShell.dll = C:\Programmer\CA\eTrust Antivirus\InoShell.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /Webmapper/C:\PROGRA~1\F?LLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\F?LLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{40950107-FEA6-4d53-A65F-B2DCBA57DD58} /Nokia Phone Browser/C:\Programmer\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmer\Nokia\Nokia PC Suite 6\PhoneBrowser.dll @{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /Contact View/C:\Programmer\Nokia\Nokia PC Suite 6\ContactView.dll = C:\Programmer\Nokia\Nokia PC Suite 6\ContactView.dll @{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /Message View/C:\Programmer\Nokia\Nokia PC Suite 6\MessageView.dll = C:\Programmer\Nokia\Nokia PC Suite 6\MessageView.dll @{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /Shell Extensions for RealOne Player/C:\Programmer\Real player\rpshell.dll = C:\Programmer\Real player\rpshell.dll @{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /IE Microsoft BrowserBand/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /IE Fade Task/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{205D7A97-F16D-4691-86EF-F3075DCCA57D} /IE Menu Desk Bar/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{3028902F-6374-48b2-8DC6-9725E775B926} /IE AutoComplete/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{43886CD5-6529-41c4-A707-7B3C92C05E68} /IE Navigation Bar/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{44C76ECD-F7FA-411c-9929-1B77BA77F524} /IE Menu Site/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{4B78D326-D922-44f9-AF2A-07805C2A3560} /IE Menu Band/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /IE Microsoft History AutoComplete List/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /IE Tracking Shell Menu/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{6CF48EF8-44CD-45d2-8832-A16EA016311B} /IE IShellFolderBand/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{73CFD649-CD48-4fd8-A272-2070EA56526B} /IE BandProxy/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /IE MRU AutoComplete List/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /IE RSS Feeder Folder/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /IE Microsoft Shell Folder AutoComplete List/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{B31C5FAE-961F-415b-BAF0-E697A5178B94} /IE Microsoft Multiple AutoComplete List Container/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /Microsoft Browser Architecture/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /IE Shell Rebar BandSite/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{E6EE9AAC-F76B-4947-8260-A9F136138E11} /IE Shell Band Site Menu/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{F2CF5485-4E02-4f68-819C-B92DE9277049} /&Links;/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /IE Registry Tree Options Utility/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /IE User Assist/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /IE Custom MRU AutoCompleted List/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll @{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /PowerISO/(null) = @{35786D3C-B075-49b9-88DD-029876E11C01} /Portable Devices/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll @{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /Portable Devices Menu/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll @{24849E2D-0A86-40CD-A62A-B12F161882DB} /ZEN V Media Explorer/C:\Programmer\Creative\Creative ZEN V Series\ZEN V Media Explorer\SHCTMTP.dll = C:\Programmer\Creative\Creative ZEN V Series\ZEN V Media Explorer\SHCTMTP.dll @{00020D75-0000-0000-C000-000000000046} /Microsoft Office Outlook Desktop Icon Handler/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL @{0006F045-0000-0000-C000-000000000046} /Microsoft Office Outlook Custom Icon Handler/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL @{42042206-2D85-11D3-8CFF-005004838597} /Microsoft Office HTML Icon Handler/C:\Programmer\Microsoft Office\OFFICE11\msohev.dll = C:\Programmer\Microsoft Office\OFFICE11\msohev.dll @{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /iTunes/C:\Programmer\iTunes\iTunesMiniPlayer.dll = C:\Programmer\iTunes\iTunesMiniPlayer.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /WinRAR shell extension/C:\Programmer\WinRAR\rarext.dll = C:\Programmer\WinRAR\rarext.dll HKLM\Software\Classes\\shellex\ContextMenuHandlers\ >>> AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\context.dll CTMTPMediaExplorer@{7895F317-A125-42CC-BD3E-5830765CE577} = C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmer\CA\eTrust Antivirus\InoShell.dll TurboZIP@{F3802420-0C3F-11d2-961D-00600895E4DF} = C:\Documents and Settings\Glenn\Skrivebord\zip\tzipext.dll /file not found/ WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmer\WinRAR\rarext.dll HKLM\Software\Classes\\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Programmer\Super anti spyware\SASCTXMN.DLL HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\context.dll InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmer\CA\eTrust Antivirus\InoShell.dll PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmer\WinRAR\rarext.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Programmer\Super anti spyware\SASCTXMN.DLL HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> CTMTPMediaExplorer@{7895F317-A125-42CC-BD3E-5830765CE577} = C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmer\WinRAR\rarext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll @{5142FE17-20E6-4121-A925-A4C6385CDDAA}C:\Windows\system32\rem1.dll = C:\Windows\system32\rem1.dll @{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll @{6A87B991-A31F-4130-AE72-6D0C294BF082}C:\Programmer\Dealio\kb103\Dealio.dll = C:\Programmer\Dealio\kb103\Dealio.dll @{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Programmer\Java\jre1.5.0_08\bin\ssv.dll = C:\Programmer\Java\jre1.5.0_08\bin\ssv.dll @{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Programmer\F?lles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Programmer\F?lles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll @{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmer\google\googletoolbar1.dll = c:\programmer\google\googletoolbar1.dll HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\Windows\System32\scrnsave.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157 @Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157 @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.ku.dk/ = http://www.ku.dk/ @Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmer\F?lles filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\Windows\system32\msvidctl.dll its@CLSID = C:\WINDOWS\System32\itss.dll lid@CLSID = C:\WINDOWS\System32\msvidctl.dll livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\System32\itss.dll msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL mso-offdap@CLSID = C:\PROGRA~1\F?LLES~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\F?LLES~1\MICROS~1\WEBCOM~1\11\OWC11.DLL tv@CLSID = C:\Windows\system32\msvidctl.dll HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll C:\Documents and Settings\All Users\Menuen Start\Programmer\Start >>> Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk Belkin 802.11g Wireless Card Utility.lnk = Belkin 802.11g Wireless Card Utility.lnk HotKey.lnk = HotKey.lnk ——EOF - GMER 1.0.12——
[ Ignorer ] [ # 4 ] Ejvindh
09.05.2007 22:26:26 Redaktør Team Spywarefri Antal indlæg: 6048	Det var desværre ikke den rigtige log, du fik lagt der. Det er nok fordi du kører Gmer fra fejlsikret tilstand, at du ikke kan få lov til at scanne. Vi må derfor prøve om vi kan rense lidt op i computeren, inden vi laver rootkit-undersøgelsen. Prøv derfor følgende (du skal hente 2 programmer, og det kan godt være problematisk fra fejlsikret tilstand, men så må du hente dem ind på en anden computer, og så overføre dem vha. en cdrom eller en usb-stick): —Hent “SuperAntiSpyware free” herfra: http://www.spywarefri.dk/downloads1.htm Installer, og opdater scannereren. —Hent Dr. Web, og gem det på skrivebordet: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe —Genstart i fejlsikret, hvis du ikke ved hvordan så kig her: http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1 —Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til. Lad den slette hvad den finder (say Yes to all). Undervejs i scanningen vil der dukke en grøn popup som tilbyder dig at købe Dr.Web, hvor du får mulighederne “Buy” eller “50% discount”. Her skal du bare lukke popuppen, ved at klikke på krydset øverst til højre. Når den skriver “Select object for Scanning” nederst til venstre, skal du klikke på Options->Change settings. Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis. Skift til fanebladet - File Types, prik i - All Files Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Move. Fjern flueben ved “Prompt on action” Ved “Move path”, skriver du i tekstboksen “c:\” Så der kommer til at stå “c:\infected”. Skift til fanbladet Log File. Der fjerner du flueben ved: “Scanned objects” og “Archivers name”. Tryk på Anvend Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt. Tryk så på den grønne pil nederst til højre, så scanner den. Lad den slette/move hvad den finder (Say yes to all) Når scanningen er færdig, gå op i file – Tryk på- Save Report list. Så ligger der en en fil der her hedder “drweb.csv” på skrivebordet. Luk Programmet —Start herefter SuperAntispyware, klik “Scan your computer”, sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i “Perform Complete Scan”. Klik “næste”, nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det. —Genstart til normal tilstand (scannereren tilbyder måske at gøre det). Åbn scannereren igen, og klik “preferences”-> “stastics/logs”. Marker loggen, og klik “View log”. Kopier loggen her ind i tråden, sammen med indholdet af drweb.csv. Når du har gjort dette, så prøv om du kan komme til at køre Gmer fra normal tilstand. Og hvis ja, så læg resultatet herind.
[ Ignorer ] [ # 5 ] glennieboy
10.05.2007 03:53:06 Antal indlæg: 52	Hej. Når jeg kører dr. web siger den “no viruses found” og den kom derfor aldrig og sagde “Select object for Scanning”. Jeg gik derfor selv op i proceslinien under options. Under “move path” stod der “%USERPROFILE%\DoctorWeb\Quarantine\”. Det slettede jeg så og skrev “c:\infected”. Under log file var hverken “Scanned objects” eller “Archivers name” markeret med flueben. Men efter at have kørt de 2 programmer kunne jeg i hvert fald køre Gmer uden at computeren frøs. Her er de 3 logs (håber de er rigtige denne gang): Log fra drweb.csv: pv.exe C:\Programmer\Poker\PacificPoker Program.PrcView.3725 Moved. A0022453.dll C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP165 Adware.SaveNow Moved. A0022485.dll C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP165 Adware.Whenu Moved. A0022486.exe C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP165 Adware.SaveNow Moved. A0034900.dll C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP232 Trojan.AutoAff Deleted. A0035113.exe C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP232 Trojan.Fakealert.257 Deleted. A0035114.sys C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP232 Trojan.Sklog Deleted. A0035115.exe C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP232 Trojan.Sklog Deleted. A0049204.exe C:\System Volume Information\_restore{2F42BEEF-2008-4C8A-A49C-6028DC2E9E4F}\RP232 Program.PrcView.3725 Moved. SUPERAntiSpyware Scan Log Generated 05/10/2007 at 00:59 AM Application Version : 3.6.1000 Core Rules Database Version : 3234 Trace Rules Database Version: 1245 Scan type : Complete Scan Total Scan Time : 00:34:04 Memory items scanned : 260 Memory threats detected : 0 Registry items scanned : 5033 Registry threats detected : 0 File items scanned : 31392 File threats detected : 4 Adware.Tracking Cookie C:\Documents and Settings\Glenn\Cookies\glenn@tracking.notabenestats[1].txt Adware.WhenU C:\INFECTED\A0022453.DLL C:\INFECTED\A0022485.DLL C:\INFECTED\A0022486.EXE GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-05-10 01:48:01 Windows 5.1.2600 Service Pack 2 ——System - GMER 1.0.12—— SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT \??\C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey SSDT \??\C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess ——Kernel code sections - GMER 1.0.12—— ? C:\Windows\system32\drivers\sptd.sys Processen kan ikke få adgang til filen, da den bruges af en anden proces. .text USBPORT.SYS!DllUnload F955162C 5 Bytes JMP 818B6750 ——User code sections - GMER 1.0.12—— .text C:\WINDOWS\explorer.exe[244] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003E0429 .text C:\WINDOWS\explorer.exe[244] ws2_32.dll!connect 71A8406A 5 Bytes JMP 003E0526 .text C:\WINDOWS\explorer.exe[244] ws2_32.dll!send 71A8428A 5 Bytes JMP 003E05D0 .text C:\WINDOWS\explorer.exe[244] ws2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003E0543 .text C:\WINDOWS\system32\ctfmon.exe[332] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003E0429 .text C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[352] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D0429 .text C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[352] ws2_32.dll!connect 71A8406A 5 Bytes JMP 003D0526 .text C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[352] ws2_32.dll!send 71A8428A 5 Bytes JMP 003D05D0 .text C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[352] ws2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003D0543 .text C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe[364] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B0429 .text C:\Programmer\Trådløst netværk\utility.exe[376] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\Programmer\Trådløst netværk\utility.exe[376] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003C0526 .text C:\Programmer\Trådløst netværk\utility.exe[376] WS2_32.dll!send 71A8428A 5 Bytes JMP 003C05D0 .text C:\Programmer\Trådløst netværk\utility.exe[376] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003C0543 .text C:\Programmer\TEXTware\HotKey\TWALINK.EXE[384] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B0429 .text C:\WINDOWS\system32\ati2evxx.exe[552] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B0429 .text C:\Documents and Settings\Glenn\Skrivebord\Spywarefri\AVG Antispyware\AVG Anti-Spyware 7.5\guard.exe[588] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D0429 .text C:\WINDOWS\system32\svchost.exe[716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004E0429 .text C:\WINDOWS\system32\winlogon.exe[896] WS2_32.dll!connect 71A8406A 5 Bytes JMP 004E0526 .text C:\WINDOWS\system32\winlogon.exe[896] WS2_32.dll!send 71A8428A 5 Bytes JMP 004E05D0 .text C:\WINDOWS\system32\winlogon.exe[896] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 004E0543 .text C:\WINDOWS\system32\services.exe[944] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D0429 .text C:\WINDOWS\system32\services.exe[944] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003D0526 .text C:\WINDOWS\system32\services.exe[944] WS2_32.dll!send 71A8428A 5 Bytes JMP 003D05D0 .text C:\WINDOWS\system32\services.exe[944] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003D0543 .text C:\WINDOWS\system32\lsass.exe[956] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\WINDOWS\system32\lsass.exe[956] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003C0526 .text C:\WINDOWS\system32\lsass.exe[956] WS2_32.dll!send 71A8428A 5 Bytes JMP 003C05D0 .text C:\WINDOWS\system32\lsass.exe[956] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003C0543 .text C:\WINDOWS\system32\svchost.exe[1128] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\WINDOWS\system32\svchost.exe[1128] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003C0526 .text C:\WINDOWS\system32\svchost.exe[1128] WS2_32.dll!send 71A8428A 5 Bytes JMP 003C05D0 .text C:\WINDOWS\system32\svchost.exe[1128] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003C0543 .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003C0526 .text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!send 71A8428A 5 Bytes JMP 003C05D0 .text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003C0543 .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003C0526 .text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!send 71A8428A 5 Bytes JMP 003C05D0 .text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003C0543 .text C:\WINDOWS\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\WINDOWS\system32\svchost.exe[1540] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\WINDOWS\system32\svchost.exe[1540] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003C0526 .text C:\WINDOWS\system32\svchost.exe[1540] WS2_32.dll!send 71A8428A 5 Bytes JMP 003C05D0 .text C:\WINDOWS\system32\svchost.exe[1540] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003C0543 .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003C0526 .text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!send 71A8428A 5 Bytes JMP 003C05D0 .text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003C0543 .text C:\WINDOWS\system32\spoolsv.exe[1756] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429 .text C:\WINDOWS\system32\spoolsv.exe[1756] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003C0526 .text C:\WINDOWS\system32\spoolsv.exe[1756] WS2_32.dll!send 71A8428A 5 Bytes JMP 003C05D0 .text C:\WINDOWS\system32\spoolsv.exe[1756] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003C0543 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1884] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D0429 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1884] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003D0526 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1884] WS2_32.dll!send 71A8428A 5 Bytes JMP 003D05D0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1884] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003D0543 .text C:\Documents and Settings\Glenn\Skrivebord\gamer\abc.exe.exe[1964] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B0429 .text C:\WINDOWS\system32\alg.exe[2272] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D0429 .text C:\WINDOWS\system32\alg.exe[2272] WS2_32.dll!connect 71A8406A 5 Bytes JMP 003D0526 .text C:\WINDOWS\system32\alg.exe[2272] WS2_32.dll!send 71A8428A 5 Bytes JMP 003D05D0 .text C:\WINDOWS\system32\alg.exe[2272] WS2_32.dll!WSAConnect 71A90C69 5 Bytes JMP 003D0543 ——Devices - GMER 1.0.12—— Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 81B6C1D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 81B6C1D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{731F6D80-03FF-48A6-8D94-DC0DD98B6D6A} IRP_MJ_CREATE 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{731F6D80-03FF-48A6-8D94-DC0DD98B6D6A} IRP_MJ_CLOSE 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{731F6D80-03FF-48A6-8D94-DC0DD98B6D6A} IRP_MJ_DEVICE_CONTROL 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{731F6D80-03FF-48A6-8D94-DC0DD98B6D6A} IRP_MJ_INTERNAL_DEVICE_CONTROL 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{731F6D80-03FF-48A6-8D94-DC0DD98B6D6A} IRP_MJ_CLEANUP 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{731F6D80-03FF-48A6-8D94-DC0DD98B6D6A} IRP_MJ_PNP 815E01D8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 818B51D8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 818B51D8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 818B51D8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 818B51D8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 818B51D8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 818B51D8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 818B51D8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 818B51D8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 8189E1D8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 8189E1D8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 8189E1D8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8189E1D8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 8189E1D8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 8189E1D8 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 8189E1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 81BDD1D8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 81BDD1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8188D1D8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8188D1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 81B6D1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 81B6D1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 81B6D1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B6D1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 81B6D1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 81B6D1D8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 81B6D1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 81B6D1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 81B6D1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 81B6D1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 81B6D1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER
[ Ignorer ] [ # 6 ] glennieboy
10.05.2007 04:04:37 Antal indlæg: 52	81B6D1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 81B6D1D8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 81B6D1D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 815E01D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 815E01D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 815E01D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 815E01D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 815E01D8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 815E01D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 815E01D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 815E01D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 815E01D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 815E01D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 815E01D8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3F085DC7-0892-4CB0-BDF9-F216ADF32281} IRP_MJ_CREATE 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3F085DC7-0892-4CB0-BDF9-F216ADF32281} IRP_MJ_CLOSE 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3F085DC7-0892-4CB0-BDF9-F216ADF32281} IRP_MJ_DEVICE_CONTROL 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3F085DC7-0892-4CB0-BDF9-F216ADF32281} IRP_MJ_INTERNAL_DEVICE_CONTROL 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3F085DC7-0892-4CB0-BDF9-F216ADF32281} IRP_MJ_CLEANUP 815E01D8 Device \Driver\NetBT \Device\NetBT_Tcpip_{3F085DC7-0892-4CB0-BDF9-F216ADF32281} IRP_MJ_PNP 815E01D8 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 818B51D8 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 818B51D8 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 818B51D8 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 818B51D8 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 818B51D8 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 818B51D8 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 818B51D8 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 818B51D8 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 818B51D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 815C4980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 815C4980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 8189E1D8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 8189E1D8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 8189E1D8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8189E1D8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 8189E1D8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 8189E1D8 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 8189E1D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 815C4980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 815C4980 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 81BDD1D8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 81BDD1D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81A311D8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81A311D8 ——Files - GMER 1.0.12—— ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\01\10-{084137BA-BB38-6424-A7EC-C0E5584211D7}-v1-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\13\13-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v13-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\14\14-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v14-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\16\16-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v16-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\17\21-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v17-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\24\25-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v24-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\25\25-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v25-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\25\25-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v25-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\25\25-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v25-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\26\26-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v26-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\28\28-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v28-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\28\28-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v28-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\29\29-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v29-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\29\29-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v29-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\30\30-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v30-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\30\30-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v30-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\31\31-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v31-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\31\31-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v31-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\91\165-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v91-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v165-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\karinaenselmann@hotmail.com\DFSR\Staging\CS{084137BA-BB38-6424-A7EC-C0E5584211D7}\91\165-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v91-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v165-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\louwhoise@hotmail.com\DFSR\Staging\CS{EF87DF61-44EA-650A-331A-6CCCEE1616C7}\01\118-{EF87DF61-44EA-650A-331A-6CCCEE1616C7}-v1-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\louwhoise@hotmail.com\DFSR\Staging\CS{EF87DF61-44EA-650A-331A-6CCCEE1616C7}\11\11-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v11-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\louwhoise@hotmail.com\DFSR\Staging\CS{EF87DF61-44EA-650A-331A-6CCCEE1616C7}\11\11-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v11-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\louwhoise@hotmail.com\DFSR\Staging\CS{EF87DF61-44EA-650A-331A-6CCCEE1616C7}\12\12-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v12-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\louwhoise@hotmail.com\DFSR\Staging\CS{EF87DF61-44EA-650A-331A-6CCCEE1616C7}\12\12-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v12-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\louwhoise@hotmail.com\DFSR\Staging\CS{EF87DF61-44EA-650A-331A-6CCCEE1616C7}\14\14-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v14-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\louwhoise@hotmail.com\DFSR\Staging\CS{EF87DF61-44EA-650A-331A-6CCCEE1616C7}\14\14-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v14-{8B7CBECB-6012-4DA0-8030-CFCA98980268}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\martinakrogstad@hotmail.com\DFSR\Staging\CS{4ACB616D-8DAD-B87B-CF8E-2092439D6FBB}\01\104-{4ACB616D-8DAD-B87B-CF8E-2092439D6FBB}-v1-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v104-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\martinakrogstad@hotmail.com\DFSR\Staging\CS{4ACB616D-8DAD-B87B-CF8E-2092439D6FBB}\57\11-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v157-{9BD66D30-F3E3-498D-A5FF-4EAC449FE862}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\glenn_alias_ace@hotmail.com\SharingMetadata\martinakrogstad@hotmail.com\DFSR\Staging\CS{4ACB616D-8DAD-B87B-CF8E-2092439D6FBB}\57\11-{EC90B010-5A58-406E-9657-4DAEFB7CF659}-v157-{9BD66D30-F3E3-498D-A5FF-4EAC449FE862}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\karinaenselmann@hotmail.com\SharingMetadata\camillawikke@hotmail.com\DFSR\Staging\CS{7B1D5B10-6C95-54F0-6D24-E019AD394F05}\01\10-{7B1D5B10-6C95-54F0-6D24-E019AD394F05}-v1-{F26A2CFB-84C7-40F8-B628-0C7553D7B638}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\karinaenselmann@hotmail.com\SharingMetadata\camillawikke@hotmail.com\DFSR\Staging\CS{7B1D5B10-6C95-54F0-6D24-E019AD394F05}\14\14-{A6D98766-BFEB-44E5-8892-8D49DBA44F26}-v14-{A6D98766-BFEB-44E5-8892-8D49DBA44F26}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ADS C:\Documents and Settings\Glenn\Lokale indstillinger\Application Data\Microsoft\Messenger\karinaenselmann@hotmail.com\SharingMetadata\camillawikke@hotmail.com\DFSR\Staging\CS{7B1D5B10-6C95-54F0-6D24-E019AD394F05}\32\32-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v32-{C8CC0FD6-AF02-43DF-BFEF-014FB98767F9}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ——EOF - GMER 1.0.12——
[ Ignorer ] [ # 7 ] glennieboy
10.05.2007 16:06:26 Antal indlæg: 52	Af hensyn til følgende vedledning skal jeg lige bemærke, at min pc stadig ikke kan kører stabilt i normal tilstand. Den har det stadig med at gå kold, lige så snart jeg begynder at bruge programmer mv. Men det lykkedes som sagt at få kørt Gmer uden at den nåede at fryse.
[ Ignorer ] [ # 8 ] glennieboy
10.05.2007 18:43:41 Antal indlæg: 52	Forresten så er jeg i den uheldige situation, at jeg skal bruge min pc til eksamen på tirsdag. Og da det fremgår af dette forums betingelser, at afhjælpningen tager lidt længere tid end ved de andre fora, har jeg svært ved at se, at i skulle kunne nå at “helbrede” min pc inden tirsdag. Yderligere fremgår det, at en reboot er den eneste 100% sikre metode for at få fjernet rootkits. Hvis i ud fra mine logs vurderer, at det bedre kan betale sig for mig at formatere computeren, så har jeg taget backup af alle de vigtige ting på min pc. I så fald vil jeg bare høre, om jeg på nogen måde kan få jer til at se, om indholdet på min eksterne harddisc “bærer” noget af den spyware der ligger på min interne harddisc, sådan at jeg ikke får problemer efter formateringen, når jeg ligger indholdet af min eksterne tilbage på den interne. Hvis jeg skal nå at formatere pc’en inden tirsdag skal jeg aflevere den til een senest i morgen tidlig. Hvis jeg således ikke hører fra jer i aften, bliver jeg nødt til at sige undskyld for ulejligheden, men ellers mange tak for hjælpen. MVH Glenn.
[ Ignorer ] [ # 9 ] Ejvindh
10.05.2007 22:19:22 Redaktør Team Spywarefri Antal indlæg: 6048	Ok, hvis dét er din tidshorisont, så synes jeg du skal formatere. Ganske vist viser Gmer-scanningen ved et hurtigt gennemsyn ikke tegn på yderligere rootkit-infektion, men jeg har på fornemmelsen af, at computerens ustabilitet skyldes at AVG antispyware var lidt for hurtig til at fjerne et rootkit. Jeg tror godt vi ved lidt nørklen frem og tilbage kan få fixet problemet, men om det når at blive stabilt til på tirsdag kan jeg ikke garantere. Og man ønsker nok ikke at have en kun halv-stabil computer med sig, når man går til eksamen. Det kan i forvejen være rigeligt spændende Angående den eksterne harddisk, så vil mit gæt være, at den er fri for infektion. Hvis du vil være lidt mere sikker, så skal du prøve at scanne den inficerede disk med Dr.Web fra en anden computer. Hvis dette ikke giver noget udslag, vil jeg gerne give dig 99% garanti på, at den ikke er inficeret.
[ Ignorer ] [ # 10 ] glennieboy
10.05.2007 23:15:04 Antal indlæg: 52	Jeg ville jo helst, hvis jeg kunne undgå at skulle til at installere alle mine programmer m.v. igen. Og jeg kan nok låne en pc til på tirsdag, selvom man jo helst vil have sin egen. Men lad os se om det kan fikses uden en formatering. Hvad skal jeg gøre?
[ Ignorer ] [ # 11 ] glennieboy
10.05.2007 23:38:44 Antal indlæg: 52	Nej… Undskyld min ubeslutsomhed… Jeg føler mig sku lidt for presset med at læse til eksamen til at jeg kan overskue at bruge tid med at bakse med min pc. Jeg formater bare skidtet. Mrn når den så er formateret, kan jeg så køre dr. web fra min egen pc og checke min eksterne harddisc? Og i så fald.. Skal gøre det samme i dr. web som du skrev til mig tidligere i tråden? MVH Glenn
[ Ignorer ] [ # 12 ] Ejvindh
11.05.2007 00:26:52 Redaktør Team Spywarefri Antal indlæg: 6048	Jeg synes det er en god beslutning, du har taget nu. Det er bedre at du koncentrerer dig om de relevante ting, inden eksamen, i stedet for at skulle ud i nogle muligvis ret avancerede indgreb. Du kan godt scanne fra din egen computer, når den er nyformateret. Når du skal scanne den eksterne disk, så følger du bare anvisningen til Dr.Web, som blev angivet ovenfor, hvor du dog til at starte med vælger den eksterne disk som den, der skal scannes.
[ Ignorer ] [ # 13 ] glennieboy
11.05.2007 00:47:37 Antal indlæg: 52	Super. Det gør jeg så. Til slut skal jeg lige høre, om du kan anbefale mig at anvende nogle særlige programmer for at undgå spyware i fremtiden. Jeg plejer at køre superantispyware og spybot ofte. Men er der nogle programmer der i bedre omfang forhindrer spywaren i overhovedet at komme ind på min pc.
[ Ignorer ] [ # 14 ] Resist TeamSpywarefri
11.05.2007 00:52:39 Redaktør Team Spywarefri Antal indlæg: 11785	Velbekomme på Ejvinds vegne Jeg kan anbefale dig at kigge nærmere på ”Pakken”: http://www.spywarefri.dk/manualer/sikkerhedspakke.htm Jeg lukker tråden. Du skal være velkomme en anden gang Signatur Med venlig hilsen Resist TeamSpywarefri Member of: Alliance of Security Analysis Professionals