Notifikationer

Markér alle som læst Log ud

lonerangr Nybegynder

07. december 2006 - 19:41 Der er 6 kommentarer og
1 løsning

WI virus ?

Min datter har fået virus fra en anden MSN-bruger. Der er dukket et ikon op i nederste venstre hjørne, med navnet WI. Er der nogen der kender den, og ved hvordan den fjernes ?

X-cleaner, AVG, Dr. Web, Superantispyware er afprøvet og kan ikke finde/fjerne noget

Synes godt om

ejvindh Ekspert

08. december 2006 - 09:15 #1

-- Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

-- Download Hijackthis:
http://danborg.org/spy1/HJT/hijackthis.exe

Omdøb Hijackthis, så det får et andet navn (fx HJT.exe). Kør programmet fra en mappe som du opretter til formålet:
Klik på "Do a systemscan and save a logfile". Efter kort tid åbnes et notepad-vindue med en logfil. Kopiér indholdet af denne logfil herind i denne tråd. Jeg vil fraråde at du selv begynder at fixe noget.

Synes godt om

lonerangr Nybegynder

08. december 2006 - 17:32 #2

Hej der...

Tak for det. Her er så diverse logfiler.

ComboFix 06.11.27W - Running from: "C:\Documents and
Settings\Mette.METTES-PC\Skrivebord"

((((((((((((((((((((((((((((((( Files Created from 2006-11-08 to
2006-12-08 ))))))))))))))))))))))))))))))))))

2006-12-07 15:35 77,824 --a------ C:\WINDOWS\system32\est.exe
2006-12-07 15:35 122,880 --a------ C:\WINDOWS\system32\wi.exe
2006-12-04 19:26 <DIR> d-------- C:\Documents and Settings\All
Users.WINDOWS\Application Data\Trymedia
2006-11-27 20:02 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-11-27 19:21 <DIR> d-------- C:\Documents and
Settings\Mette.METTES-PC\Application Data\Ice Age 2
2006-11-27 19:20 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-19 19:43 55,168 --------- C:\WINDOWS\system32\drivers\sdcplh.sys
2006-11-10 17:36 <DIR> d-------- C:\My Music
2006-11-10 17:32 <DIR> d-------- C:\Programmer\Kongsoft
2006-11-10 17:27 <DIR> d-------- C:\Programmer\Audio MP3 Maker

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-07 19:26 -------- d-------- C:\Programmer\EA GAMES
2006-12-07 19:24 -------- d-------- C:\Programmer\Maxis
2006-12-07 19:22 -------- d--h----- C:\Programmer\InstallShield Installation
Information
2006-12-07 18:22 -------- d-------- C:\Programmer\SearchRelevant
2006-12-07 16:50 -------- d-------- C:\Programmer\Google
2006-12-07 16:47 -------- d-a------ C:\Programmer\MyWebSearch
2006-12-07 16:34 -------- d-------- C:\Programmer\Messenger
2006-12-07 15:43 -------- d-------- C:\Programmer\Onlinetjenester
2006-12-07 15:39 -------- d-------- C:\Documents and
Settings\Mette.METTES-PC\Application Data\AVG7
2006-12-05 17:26 -------- d-------- C:\Documents and
Settings\Mette.METTES-PC\Application Data\LimeWire
2006-11-29 17:46 8 --a------ C:\WINDOWS\system32\CtSACKey.sys
2006-11-19 21:04 -------- d-------- C:\Programmer\Internet Explorer
2006-11-17 14:43 -------- d-------- C:\Programmer\Java
2006-11-06 18:30 -------- d-------- C:\Documents and
Settings\Mette.METTES-PC\Application Data\Identities
2006-11-02 13:08 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-29 10:00 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2006-10-27 13:59 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-27 13:59 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-27 13:59 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-27 13:59 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-22 12:09 -------- d-------- C:\Programmer\SUPERAntiSpyware
2006-10-13 13:39 142848 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-08 15:26 -------- d-------- C:\Programmer\Eidos Interactive
2006-09-13 06:06 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"X-Cleaner Freeware"="\"C:\\PROGRA~1\\X-CLEA~1\\XCLEAN~1.EXE\" -turbo
-autostart -NOREBOOT"
"Creative
Detector"="C:\\Programmer\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ArtoNotifier"="C:\\Programmer\\Arto\\Notifier\\ArtoNotifier.exe"
"SUPERAntiSpyware"="C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Smapp"="C:\\Programmer\\Analog Devices\\SoundMAX\\Smtray.exe"
"SunJavaUpdateSched"="\"C:\\Programmer\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"Zone Labs Client"="\"C:\\Programmer\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet
explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuelle startside"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-08 17:20:50.18
C:\ComboFix.txt ... 06-12-08 17:20

Logfile of HijackThis v1.99.1
Scan saved at 17:25:41, on 08-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Mette.METTES-PC\Skrivebord\wi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe
C:\Programmer\Arto\Notifier\ArtoNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mette.METTES-PC\Skrivebord\hjt.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCLEAN~1.EXE"
-turbo -autostart -NOREBOOT
O4 - HKCU\..\Run: [Creative Detector]
C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ArtoNotifier]
C:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145181467234
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) -
http://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in)
- http://bmm.imgag.com/imgag/cp/install/crusher-dk.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) -
http://activex.matcash.com/speedtest2.dll
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: !SASWinLogon -
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Programmer\F�lles filer\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Synes godt om

ejvindh Ekspert

08. december 2006 - 20:33 #3

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\WINDOWS\system32\est.exe
C:\WINDOWS\system32\wi.exe
C:\Documents and Settings\Mette.METTES-PC\Skrivebord\wi.exe

Folders to Delete:
C:\Programmer\MyWebSearch
-----------------------------

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Lav også en ny log med Hijackthis, som du lægger herind til check.

-- Gå så ned på bunden af denne side, og download Rootkitrevealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html

Pak filen ud til en mappe på skrivebordet. Tag netstikket ud af computeren, og luk alle åbne vinduer. Åbn rootkitrevealer-mappen, og dobbeltklik på rootkitrevealer.exe
Klik på Options, og sørg for, at der er flueben ud for "Hide standard NTFS Metadata files". Klik så på Scan, nederst til højre. Imens programmet scanner må du ikke bruge computeren til andre ting. Når scanningen er færdig, klik på File igen, vælg Save og gem logfilen. Kopier RootkitReveal.txt herind.

-- Til slut vil jeg også gerne se en log fra Gmer:
Download Gmer-rootkit scanner, og pak den ud til skrivebordet:
http://www.gmer.net/gmer.zip
Kør programmet, klik på fanebladet "Rootkit", og klik på "Scan". Når scanningen er færdig, skal du klikke på "Copy". Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.

Synes godt om

lonerangr Nybegynder

10. december 2006 - 18:16 #4

Hej igen

Nu ser det vidst fornuftigt ud.

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\pcgegahr

*******************

Script file located at: \??\C:\Documents and Settings\dmwpcjng.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\est.exe deleted successfully.

File C:\WINDOWS\system32\wi.exe deleted successfully.

File C:\Documents and Settings\Mette.METTES-PC\Skrivebord\wi.exe deleted successfully.

Folder C:\Programmer\MyWebSearch deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1

Scan saved at 18:50:25, on 09-12-2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\Explorer.EXE

C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Programmer\Analog Devices\SoundMAX\Smtray.exe

C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe

C:\Programmer\QuickTime\qttask.exe

C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe

C:\Programmer\Arto\Notifier\ArtoNotifier.exe

C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Mette.METTES-PC\Skrivebord\hjt.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [X-Cleaner Freeware] "C:\PROGRA~1\X-CLEA~1\XCLEAN~1.EXE" -turbo -autostart -NOREBOOT

O4 - HKCU\..\Run: [Creative Detector] C:\Programmer\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [ArtoNotifier] C:\Programmer\Arto\Notifier\ArtoNotifier.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - Startup: PowerReg Scheduler V3.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145181467234

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davincicode/sis/DVC%20Download%20Control.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-dk.cab

O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

HKU\S-1-5-21-1275210071-115176313-1801674531-1004\Software\Microsoft\Keyboard\Native Media Players\QuickTime Player\ExePath 03-05-2006 16:01 43 bytes Data mismatch between Windows API and raw hive data.

HKLM\SECURITY\Policy\Secrets\SAC* 15-04-2006 17:03 0 bytes Key name contains embedded nulls (*)

HKLM\SECURITY\Policy\Secrets\SAI* 15-04-2006 17:03 0 bytes Key name contains embedded nulls (*)

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\01\10-{2AB2886A-E603-2C64-BC2D-ED1C748C 26-10-2006 13:32 8 bytes Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\13\35-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 41.23 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\13\35-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 4.57 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\14\14-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 30.60 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\14\14-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 2.24 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\14\14-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 3.36 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\15\29-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 51.67 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\15\29-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 5.76 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\16\16-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:32 8 bytes Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\17\30-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 57.51 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\17\30-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 6.46 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\18\31-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 60.92 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\18\31-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 6.80 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\19\32-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 65.38 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\19\32-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 7.27 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\20\33-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 24.09 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\20\33-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 2.78 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\21\34-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 40.69 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\21\34-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 4.67 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\23\23-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:37 33.76 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\23\23-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:37 2.46 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\23\23-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:37 3.70 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\24\24-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:42 44.48 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\24\24-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:42 2.98 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\24\24-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:42 4.98 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\25\25-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 14:08 38.03 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\25\25-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 14:08 2.74 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\25\25-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 14:08 4.88 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\26\26-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:32 38.09 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\26\26-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:32 4.30 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\27\27-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 63.19 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\27\27-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 6.98 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\28\28-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 31.90 KB Hidden from Windows API.

C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\28\28-{023F4A97-A302-4ED5-B8C0-2E3276A2 26-10-2006 13:33 3.57 KB Hidden from Windows API.

GMER 1.0.12.12011 - http://www.gmer.net

Rootkit scan 2006-12-09 20:20:51

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey

SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection

SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort

SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile

SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey

SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey

SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject

SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey

SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile

SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess

SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread

SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey

SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort

SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey

SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort

SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile

SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey

SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 6C, 47, F3, E0, CE, 47, ... ]

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 6C, 47, F3, E0, CE, 47, ... ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5985A] avgtdi.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5985A] avgtdi.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F34882A0] vsdatant.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL [F871CA08] sdcplh.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F871C684] sdcplh.sys

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL [F871CA08] sdcplh.sys

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F871C684] sdcplh.sys

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL [F871CA08] sdcplh.sys

Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F871C684] sdcplh.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_DEVICE_CONTROL [F871CA08] sdcplh.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F871C684] sdcplh.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5985A] avgtdi.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5985A] avgtdi.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F34882A0] vsdatant.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8A5985A] avgtdi.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F34882A0] vsdatant.sys

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\01\10-{2AB2886A-E603-2C64-BC2D-ED1C748C1694}-v1-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\13\35-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v13-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\13\35-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v13-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\14\14-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v14-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\14\14-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v14-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\14\14-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v14-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\15\29-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v15-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\15\29-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v15-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\16\16-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v16-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\17\30-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v17-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\17\30-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v17-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\18\31-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v18-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\18\31-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v18-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\19\32-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v19-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\19\32-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v19-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\20\33-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v20-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\20\33-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v20-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\21\34-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v21-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\21\34-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v21-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\23\23-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v23-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\23\23-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v23-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\23\23-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v23-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\24\24-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v24-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\24\24-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v24-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\24\24-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v24-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v24-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\25\25-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v25-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\25\25-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v25-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\25\25-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v25-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v25-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\26\26-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v26-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\26\26-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v26-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v26-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\27\27-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v27-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\27\27-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v27-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v27-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\28\28-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v28-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1

ADS C:\Documents and Settings\Mette.METTES-PC\Lokale indstillinger\Application Data\Microsoft\Messenger\mimse_mus_2@hotmail.com\SharingMetadata\puzzer_52@hotmail.com\DFSR\Staging\CS{2AB2886A-E603-2C64-BC2D-ED1C748C1694}\28\28-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v28-{023F4A97-A302-4ED5-B8C0-2E3276A21A17}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.12 ----

Synes godt om

ejvindh Ekspert

10. december 2006 - 20:13 #5

Loggen er ren. For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

Synes godt om

lonerangr Nybegynder

11. december 2006 - 06:31 #6

Hej Ejvind

Tak for hjælpen.

Synes godt om

ejvindh Ekspert

11. december 2006 - 11:25 #7

Du er velkommen :-)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS