CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

waskus Nybegynder

08. maj 2010 - 15:16 Der er 27 kommentarer

Mere virus

Lang historie kort, en af ungerne fik en masse virus jeg ville så lige gemme hendes billeder på en usb stick da den blev sat i konens computer fik konen så en masse lort. Jeg har kæmpet med at komme af med det uden held. jeg har prøvet med adware, ccleaner og malwarebytes anti-malware. Den bliver simplethen ved med at finde ting. Jeg har ogås prøvet at kører dem fra fejlsikret tilsand. Her følger Search and destroy log og Malwarebytes log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:08:28, on 08-05-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\System Volume Information\Whistler\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\System Volume Information\Whistler\smss.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Jane\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Acer Drivers\Anti virus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Jane\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B283F823-BBFC-45CE-AF3F-C0A7CF50B58B}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Jane\Local Settings\Temp\{EFB88719-FE88-4781-B3FD-34C64544E26E}\NMSAccessU.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8271 bytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4074

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08-05-2010 15:08:12
mbam-log-2010-05-08 (15-08-12).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 240672
Time elapsed: 54 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\BNA.tmp (Trojan.Sasfis) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.

Håber I kan hjælpe mig til at få fjernet de resterende ting.

Mvh Nikolaj

Synes godt om

johnstigers Seniormester

08. maj 2010 - 15:20 #1

Kan se du glemte at opdatere Malwarebytes før scanning.
Opdater denne, ny scanning og log herind.

Synes godt om

johnstigers Seniormester

08. maj 2010 - 15:22 #2

Kan se i bruger Vuze fildelingsprogram...
Husker i at scanne ALT der hentes ned via dette?

Synes godt om

johnstigers Seniormester

08. maj 2010 - 15:25 #3

Desuden kan jeg ikke se der er et antivirus program installeret?

Synes godt om

f-arn Guru

08. maj 2010 - 16:47 #4

@john_stigers

Desuden kan jeg ikke se der er et antivirus program installeret?

Nej, det brokker sig jo bare hele tiden. Det er nemmere at bruge dig ;-)

Synes godt om

johnstigers Seniormester

08. maj 2010 - 17:07 #5

hæhæ ;)

Synes godt om

johnstigers Seniormester

08. maj 2010 - 17:15 #6

P.s. godt du er her, for der skal nok ekspert hjælp til...

Synes godt om

waskus Nybegynder

08. maj 2010 - 18:51 #7

Har opdateret malware og her er loggen

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4078

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08-05-2010 18:18:06
mbam-log-2010-05-08 (18-18-06).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 243617
Time elapsed: 56 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{097ee63e-8a3b-4994-845a-ba6852fb7d6b} (Trojan.GootKit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot

Har desuden installeret avast på computerne, den gratise udgave.

Synes godt om

johnstigers Seniormester

08. maj 2010 - 19:06 #8

f-arn..
Har du et bud på hvad der ellers skal prøves?
Måske combofix?

Synes godt om

f-arn Guru

08. maj 2010 - 19:17 #9

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

--------------

Killall::
Snapshot::

-------------

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

waskus Nybegynder

08. maj 2010 - 20:05 #10

Ok det vil jeg prøve tusind tak for rådende indtil vidre. Må godtnok indrømme at det er første gang "vi" er så¨hårdt ramt af det lort.

Synes godt om

waskus Nybegynder

09. maj 2010 - 11:53 #11

Her er combo fix loggen, men computeren er stadig inficeret, jeg kan bla. ikke gå ind på microsofts hjemme side´!

ComboFix 10-05-08.02 - Jane 09-05-2010 11:44:19.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1702 [GMT 2:00]
Running from: c:\documents and settings\Jane\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jane\Desktop\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msxsltsso.dll

c:\windows\system32\drivers\ndis.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-08 20:56 . 2010-05-08 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-08 16:22 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-08 16:22 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-08 16:22 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-08 16:22 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-08 16:22 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-08 16:22 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-08 16:22 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-08 16:21 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-08 16:21 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-08 16:21 . 2010-05-08 16:21 -------- d-----w- c:\program files\Alwil Software
2010-05-08 16:21 . 2010-05-08 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-08 11:55 . 2010-05-08 11:55 -------- d-----w- c:\program files\CCleaner
2010-05-08 09:53 . 2010-05-08 09:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-07 19:16 . 2010-05-08 13:10 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-05-07 16:31 . 2010-05-07 16:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-07 13:55 . 2010-05-07 13:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-07 13:55 . 2010-05-07 13:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-07 13:44 . 2010-05-07 13:44 -------- d-----w- c:\documents and settings\Jane\Application Data\Malwarebytes
2010-05-07 13:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 13:43 . 2010-05-07 13:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 13:43 . 2010-05-07 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 13:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 13:41 . 2010-05-07 13:41 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-05-07 13:41 . 2010-05-07 13:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote
2010-05-07 13:41 . 2010-05-07 13:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-05-06 11:59 . 2010-05-06 11:59 89831 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\Uninstall.exe
2010-05-06 11:59 . 2010-05-09 09:29 -------- d-----w- c:\documents and settings\Jane\Application Data\Dropbox
2010-05-06 11:58 . 2010-05-06 11:59 -------- d-----w- c:\program files\Dropbox
2010-04-30 00:01 . 2010-04-30 00:01 -------- d-----w- c:\documents and settings\Jane\Application Data\AVS4YOU
2010-04-30 00:01 . 2010-04-30 00:01 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-30 00:01 . 2010-04-30 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-04-30 00:01 . 2010-04-30 00:01 -------- d-----w- c:\program files\AVS4YOU
2010-04-30 00:01 . 2008-08-13 08:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-04-30 00:01 . 2008-08-13 08:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-04-30 00:01 . 2008-08-13 08:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-04-30 00:01 . 2008-08-13 08:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-29 21:41 . 2010-04-29 21:41 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-04-26 15:58 . 2010-04-26 15:58 -------- d-----w- C:\Perfect World Entertainment
2010-04-26 15:16 . 2010-04-29 23:26 -------- d-----w- C:\Ether saga
2010-04-26 15:16 . 2010-04-26 15:45 -------- d-----w- c:\documents and settings\Jane\Application Data\GetRightToGo
2010-04-24 20:06 . 2010-04-24 20:06 -------- d-----w- c:\documents and settings\Jane\Application Data\StreamTorrent
2010-04-23 19:16 . 2010-04-23 19:16 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\PunkBuster
2010-04-23 19:14 . 2010-04-23 19:14 -------- d-----w- c:\windows\system32\LogFiles
2010-04-21 16:09 . 2010-04-21 16:09 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 16:09 . 2010-04-21 16:09 -------- d-----w- c:\program files\Java
2010-04-20 20:46 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-19 19:29 . 2010-04-19 19:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-19 19:29 . 2010-04-19 19:29 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-19 19:29 . 2010-04-29 21:42 566432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-19 19:29 . 2010-04-19 19:29 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-19 19:28 . 2010-04-29 21:42 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-04-19 19:28 . 2010-04-19 19:28 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-04-19 19:28 . 2010-04-19 19:28 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-04-19 19:28 . 2010-04-19 19:28 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-04-19 19:28 . 2010-04-29 21:41 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-04-19 19:27 . 2010-04-19 19:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-19 19:27 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-19 19:27 . 2010-04-19 19:27 -------- d-----w- c:\program files\Lavasoft
2010-04-11 15:24 . 2010-04-11 17:48 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-10 17:47 . 2010-04-11 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-10 17:47 . 2010-04-10 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-10 17:47 . 2010-04-10 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-10 16:53 . 2010-04-10 16:58 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote
2010-04-10 16:53 . 2010-04-10 16:53 -------- d-----w- c:\program files\Vuze_Remote

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 21:27 . 2010-01-06 13:19 5632 --sha-w- c:\program files\Thumbs.db
2010-05-08 12:01 . 2009-11-08 14:17 -------- d-----w- c:\documents and settings\Jane\Application Data\Azureus
2010-05-07 13:39 . 2008-04-14 07:50 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-07 12:23 . 2010-03-01 11:05 -------- d-----w- c:\documents and settings\Jane\Application Data\XnView
2010-05-03 19:52 . 2009-11-10 13:32 -------- d-----w- c:\documents and settings\Jane\Application Data\vlc
2010-05-03 14:24 . 2010-01-17 17:14 16 ----a-w- c:\windows\popcinfo.dat
2010-04-29 21:42 . 2010-01-11 22:41 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-29 21:42 . 2010-01-27 10:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-29 21:42 . 2010-01-11 23:27 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-29 21:42 . 2010-01-11 22:41 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-29 21:42 . 2010-01-11 22:41 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-04-29 21:42 . 2010-01-11 22:41 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-04-29 21:42 . 2010-01-11 22:41 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-04-29 21:42 . 2010-01-27 10:49 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-04-29 21:42 . 2010-01-11 22:41 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-04-29 21:41 . 2010-01-27 10:47 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-04-29 21:41 . 2010-01-27 10:47 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-29 21:41 . 2010-01-11 22:41 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-29 21:41 . 2010-01-11 22:41 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-29 21:41 . 2010-01-11 22:41 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-29 21:41 . 2010-01-11 22:40 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-29 21:41 . 2010-04-29 21:41 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-04-29 21:41 . 2010-01-11 22:40 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-29 21:41 . 2010-01-11 22:40 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-26 15:00 . 2009-11-07 22:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 19:21 . 2009-11-08 14:43 -------- d-----w- c:\program files\Google
2010-04-10 17:47 . 2009-11-29 00:19 -------- d-----w- c:\program files\Vuze
2010-03-27 16:56 . 2010-03-27 16:55 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-27 16:56 . 2010-03-27 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-03-27 16:47 . 2009-12-20 13:34 -------- d-----w- c:\program files\ATI Technologies
2010-03-26 12:07 . 2010-02-09 19:19 50354 ----a-w- c:\documents and settings\Jane\Application Data\Facebook\uninstall.exe
2010-03-26 12:07 . 2010-03-26 12:07 2114184 ----a-w- c:\documents and settings\Jane\Application Data\Facebook\Install_Facebook_Plug-In_1.0.3.exe
2010-03-26 12:07 . 2010-02-09 19:19 -------- d-----w- c:\documents and settings\Jane\Application Data\Facebook
2010-03-16 06:51 . 2010-03-27 16:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-16 06:51 . 2010-03-27 16:55 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51 . 2010-03-27 16:55 10232352 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-16 06:51 . 2010-03-27 16:55 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51 . 2010-03-27 16:55 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-16 06:51 . 2010-03-27 16:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-16 06:51 . 2010-03-27 16:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-16 06:51 . 2010-03-27 16:55 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51 . 2010-03-27 16:55 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51 . 2010-03-27 16:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-16 06:51 . 2010-03-27 16:55 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-16 06:51 . 2010-03-27 16:55 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-03-16 02:37 . 2010-03-16 02:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 02:37 . 2010-03-16 02:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 02:37 . 2010-03-16 02:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 02:37 . 2010-03-16 02:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 02:37 . 2010-03-16 02:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 02:37 . 2010-03-16 02:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-10 06:15 . 2008-04-14 12:42 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 10:41 . 2010-01-20 16:41 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-28 11:51 . 2010-02-28 11:51 503808 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68bf92d6-n\msvcp71.dll
2010-02-28 11:51 . 2010-02-28 11:51 499712 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68bf92d6-n\jmc.dll
2010-02-28 11:51 . 2010-02-28 11:51 348160 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68bf92d6-n\msvcr71.dll
2010-02-28 11:51 . 2010-02-28 11:51 61440 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-33515095-n\decora-sse.dll
2010-02-28 11:51 . 2010-02-28 11:51 12800 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-33515095-n\decora-d3d.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Jane\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 06:24 . 2009-01-12 02:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 07:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 12:18 . 2010-02-19 12:18 1955472 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-16 14:08 . 2008-04-14 07:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:41 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 07:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-03-21 14:06 . 2008-04-14 12:41 224214 --sha-r- c:\windows\system32\vvstsrtv.dll
.

------- Sigcheck -------

2010-05-07 13:39 . 09925C49086F2785C061418F7FCA406F . 210816 . . [------] . . c:\windows\system32\dllcache\ndis.sys

2010-05-07 13:39 . 09925C49086F2785C061418F7FCA406F . 210816 . . [------] . . c:\windows\system32\drivers\ndis.sys

2009-01-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((((((( SnapShot@2010-05-08_18.43.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 09:43 . 2010-05-09 09:43 16384 c:\windows\Temp\Perflib_Perfdata_1440.dat
+ 2001-08-23 11:00 . 2010-05-09 09:47 67312 c:\windows\system32\perfc009.dat
- 2001-08-23 11:00 . 2010-05-08 18:37 67312 c:\windows\system32\perfc009.dat
+ 2009-11-07 22:25 . 2010-05-09 09:45 81920 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-08 19:09 . 2010-05-08 20:10 12288 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{36DF22F6-5AD5-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 20:48 . 2010-05-08 22:23 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{15FA06B0-5AE3-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:02 . 2010-05-08 21:06 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FD292B44-5AE4-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 20:05 . 2010-05-08 20:09 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FAF2824B-5ADC-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 22:13 . 2010-05-08 22:17 20992 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F3E7829B-5AEE-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:23 . 2010-05-08 21:26 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EC114D0A-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 18:59 . 2010-05-08 19:03 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DD9A377D-5AD3-11DF-99BB-001D92B0CA87}.dat
+ 2010-05-08 18:44 . 2010-05-08 18:48 16896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CBF32FC7-5AD1-11DF-99BA-001D92B0CA87}.dat
+ 2010-05-08 19:13 . 2010-05-08 19:17 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CB85203D-5AD5-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 21:15 . 2010-05-08 21:18 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C9FD10EC-5AE6-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 19:42 . 2010-05-08 19:46 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C57966B9-5AD9-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 19:27 . 2010-05-08 19:31 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BA9C714D-5AD7-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 21:50 . 2010-05-08 21:54 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BA63AA74-5AEB-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:36 . 2010-05-08 21:40 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B9BBC659-5AE9-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 19:55 . 2010-05-08 20:00 17408 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B1CA3B05-5ADB-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 20:52 . 2010-05-08 20:57 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A9B65D84-5AE3-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 22:04 . 2010-05-08 22:08 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A978992B-5AED-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:06 . 2010-05-08 21:10 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9A9C36C6-5AE5-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 22:18 . 2010-05-08 22:22 12800 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99346C7E-5AEF-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-09 09:30 . 2010-05-09 09:32 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{93390045-5B4D-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-08 19:18 . 2010-05-08 19:22 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{707770C3-5AD6-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 21:41 . 2010-05-08 21:45 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{70600AD7-5AEA-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:27 . 2010-05-08 21:31 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6FA9D89F-5AE8-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 19:46 . 2010-05-08 19:50 16896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{699785F5-5ADA-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 18:49 . 2010-05-08 18:53 15872 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{619848AB-5AD2-11DF-99BA-001D92B0CA87}.dat
+ 2010-05-08 21:55 . 2010-05-08 21:59 18432 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5F3E2377-5AEC-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 19:32 . 2010-05-08 19:37 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5EB3697B-5AD8-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 20:57 . 2010-05-08 21:01 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{590FD0BB-5AE4-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 20:00 . 2010-05-08 20:04 17920 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5661F22F-5ADC-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 22:09 . 2010-05-08 22:13 27648 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4E9A98B9-5AEE-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:18 . 2010-05-08 21:22 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4D0B541F-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 19:09 . 2010-05-08 19:13 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{36DF22F7-5AD5-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 19:37 . 2010-05-08 19:41 13312 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{210EFC3D-5AD9-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 21:10 . 2010-05-08 21:14 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1E2FFDA7-5AE6-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-09 09:34 . 2010-05-09 09:38 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{173810F3-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-08 20:48 . 2010-05-08 20:52 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{15FA06B1-5AE3-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:45 . 2010-05-08 21:50 14848 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{15630BD3-5AEB-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 19:22 . 2010-05-08 19:27 19968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1526FF71-5AD7-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 21:31 . 2010-05-08 21:35 15360 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{14BD8A11-5AE9-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 18:54 . 2010-05-08 18:56 12288 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E6E00F7-5AD3-11DF-99BA-001D92B0CA87}.dat
+ 2010-05-08 19:51 . 2010-05-08 19:55 16896 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0DB0E07D-5ADB-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 21:59 . 2010-05-08 22:04 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{04484B81-5AED-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-07 16:31 . 2010-05-09 09:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2010-05-07 16:31 . 2010-05-08 18:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2010-05-07 13:55 . 2010-05-09 09:39 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-05-07 13:55 . 2010-05-08 18:44 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-07 22:25 . 2010-05-09 09:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-11-07 22:25 . 2010-05-08 18:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-08 11:47 . 2010-05-09 09:31 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8882F6D7-5A97-11DF-99B1-001D92B0CA87}.dat
- 2010-05-08 11:47 . 2010-05-08 16:23 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8882F6D7-5A97-11DF-99B1-001D92B0CA87}.dat
+ 2010-05-09 09:31 . 2010-05-09 09:31 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{A817F61C-5B4D-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:40 . 2010-05-09 09:42 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F08B0AAC-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:33 . 2010-05-09 09:39 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E55B22B2-5B4D-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-08 18:59 . 2010-05-08 19:03 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DD9A377C-5AD3-11DF-99BB-001D92B0CA87}.dat
+ 2010-05-08 18:44 . 2010-05-08 18:54 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{CBF32FC6-5AD1-11DF-99BA-001D92B0CA87}.dat
+ 2010-05-09 09:39 . 2010-05-09 09:39 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BE8F1DD6-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:30 . 2010-05-09 09:31 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{93390044-5B4D-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:41 . 2010-05-09 09:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FE835209-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:41 . 2010-05-09 09:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FE835207-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-08 21:02 . 2010-05-08 21:02 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FD292B43-5AE4-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-09 09:40 . 2010-05-09 09:41 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F74B938A-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:40 . 2010-05-09 09:40 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F08B0AAF-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:40 . 2010-05-09 09:40 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F08B0AAD-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:33 . 2010-05-09 09:34 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E55B22B3-5B4D-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-08 21:23 . 2010-05-08 21:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E4D26788-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:23 . 2010-05-08 21:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E4D26787-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 22:19 . 2010-05-08 22:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CA1E2AE4-5AEF-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:15 . 2010-05-08 21:15 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C2BBC910-5AE6-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:15 . 2010-05-08 21:15 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C2BBC90F-5AE6-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 22:19 . 2010-05-08 22:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C1B7A1C9-5AEF-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-09 09:39 . 2010-05-09 09:40 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BE8F1DD7-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:39 . 2010-05-09 09:39 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BB79F375-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-08 20:52 . 2010-05-08 20:52 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A9B65D83-5AE3-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-09 09:31 . 2010-05-09 09:31 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A817F61B-5B4D-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-08 20:09 . 2010-05-08 20:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A415B504-5ADD-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 20:09 . 2010-05-08 20:10 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9C514BD8-5ADD-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 22:18 . 2010-05-08 22:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99346C7D-5AEF-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 20:09 . 2010-05-08 20:09 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9656A61D-5ADD-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 21:06 . 2010-05-08 21:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9433E4E8-5AE5-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:06 . 2010-05-08 21:06 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9433E4E7-5AE5-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:49 . 2010-05-08 21:49 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8CF59B8A-5AEB-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:49 . 2010-05-08 21:49 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8CF59B89-5AEB-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 19:03 . 2010-05-08 19:06 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{714F6741-5AD4-11DF-99BB-001D92B0CA87}.dat
+ 2010-05-08 19:39 . 2010-05-08 19:39 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6212FC80-5AD9-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 19:39 . 2010-05-08 19:39 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6212FC7F-5AD9-11DF-99BC-001D92B0CA87}.dat
+ 2010-05-08 21:19 . 2010-05-08 21:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5A6D674E-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:19 . 2010-05-08 21:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{54621132-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 22:23 . 2010-05-08 22:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{506EE523-5AF0-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:18 . 2010-05-08 21:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4D0B541E-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:18 . 2010-05-08 21:18 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4D0B541D-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:18 . 2010-05-08 21:19 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4D0B541C-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 22:23 . 2010-05-08 22:23 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{49F38071-5AF0-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:18 . 2010-05-08 21:18 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{40F24571-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-08 21:18 . 2010-05-08 21:18 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{40F2456F-5AE7-11DF-99BD-001D92B0CA87}.dat
+ 2010-05-09 09:42 . 2010-05-09 09:42 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{26266A40-5B4F-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:34 . 2010-05-09 09:34 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1D305453-5B4E-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-08 18:53 . 2010-05-08 18:53 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E6E00F6-5AD3-11DF-99BA-001D92B0CA87}.dat
+ 2010-05-09 09:41 . 2010-05-09 09:42 9728 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E6B827A-5B4F-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:41 . 2010-05-09 09:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E6B8279-5B4F-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:41 . 2010-05-09 09:41 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E6B8278-5B4F-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:41 . 2010-05-09 09:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07BBAA0D-5B4F-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-09 09:41 . 2010-05-09 09:41 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{07BBAA0C-5B4F-11DF-99BE-001D92B0CA87}.dat
+ 2010-05-08 18:53 . 2010-05-08 18:53 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{05F929C0-5AD3-11DF-99BA-001D92B0CA87}.dat
+ 2010-05-08 18:53 . 2010-05-08 18:53 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{05F929BF-5AD3-11DF-99BA-001D92B0CA87}.dat
+ 2001-08-23 11:00 . 2010-05-09 09:47 432356 c:\windows\system32\perfh009.dat
- 2001-08-23 11:00 . 2010-05-08 18:37 432356 c:\windows\system32\perfh009.dat
+ 2010-05-07 13:55 . 2010-05-09 09:41 458752 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2009-11-07 22:25 . 2010-05-09 09:45 2539520 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-07 22:25 . 2010-05-08 18:44 2539520 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\Jane\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jane\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\GAMES\\Sony\\EverQuest II\\LaunchPad.exe"=
"c:\\Program Files\\GAMES\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"f:\\Div programs\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\Jane\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4466:TCP"= 4466:TCP:rsbhu

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12-01-2010 00:41 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08-05-2010 18:22 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08-05-2010 18:22 19024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 17:52 1285864]
S0 lxgevjff;lxgevjff; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-01-2010 13:58 135664]
S2 uaznwh;Boot Shell;c:\windows\system32\svchost.exe -k netsvcs [14-04-2008 14:42 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-11-2009 13:58 691696]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uaznwh
.
Contents of the 'Scheduled Tasks' folder

2010-05-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:41]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 11:58]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {B283F823-BBFC-45CE-AF3F-C0A7CF50B58B} = 208.67.222.222,208.67.220.220
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.
- - - - ORPHANS REMOVED - - - -

SSODL-GootkitSSO-{413E96E6-9A34-428D-B6D1-C6A9A35C0AFE} - c:\windows\System32\msxsltsso.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 11:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\uaznwh]
"ServiceDll"="c:\windows\system32\vvstsrtv.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,15,c7,14,fb,f2,28,45,ad,af,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,15,c7,14,fb,f2,28,45,ad,af,89,\
.
Completion time: 2010-05-09 11:50:26
ComboFix-quarantined-files.txt 2010-05-09 09:50
ComboFix2.txt 2010-05-08 18:47

Pre-Run: 10.035.183.616 bytes free
Post-Run: 10.023.182.336 bytes free

- - End Of File - - E16B763EA36D65780D58C8BA0222A2BA

Synes godt om

johnstigers Seniormester

09. maj 2010 - 12:40 #12

Ja, der er vist noget der skal fixes med Combofix, men f-arn ved mere om dette, så vent lige til han vender tilbage.

Synes godt om

sullep Nybegynder

09. maj 2010 - 13:55 #13

Åben Notesblok og kopier følgende (tekst med fed skrift) ind - og gem tekst-filen som CFScript.txt samme sted som du har ComboFix:

Killall::
Snapshot::
File::
c:\windows\system32\vvstsrtv.dll
Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote
c:\documents and settings\Jane\Application Data\StreamTorrent
c:\program files\Common Files\Symantec Shared
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote
c:\program files\Vuze_Remote
c:\program files\Vuze
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\uaznwh]
Driver::
lxgevjff
uaznwh
hosts::
NetSvc::
uaznwh
SRPeek::
c:\windows\system32\drivers\ndis.sys
MIA::
c:\windows\system32\drivers\ndis.sys .
Restore::
c:\windows\system32\drivers\ndis.sys

Træk CFScript filen over på ComboFix ikonet - det vil starte ComboFix igen (hvis computeren vil genstarte, så lad den gøre det). Se eventuelt her:
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Læg den nye ComboFix log herind.

PS: Husk når du gemmer den fil at du ikke får 2 txt med, det gjorde du sidste gang og så vil det ikke virke.

Synes godt om

waskus Nybegynder

09. maj 2010 - 16:14 #14

Nu ser den combo log sådan her ud:

ComboFix 10-05-08.02 - Jane 09-05-2010 16:01:21.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1688 [GMT 2:00]
Running from: c:\documents and settings\Jane\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jane\Desktop\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\vvstsrtv.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\04-10-2010-19h47m06s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\04-10-2010-19h47m06s\NortonInstall-04-10-2010-19h47m06s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\04-11-2010-19h48m42s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\04-11-2010-19h48m42s\NortonInstall-04-11-2010-19h48m42s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\04-11-2010-19h48m50s\NortonInstall-04-11-2010-19h48m50s.log
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\symdata.xml
c:\documents and settings\Jane\Application Data\StreamTorrent
c:\documents and settings\Jane\Application Data\StreamTorrent\1.0\config\ft.dat
c:\documents and settings\Jane\Application Data\StreamTorrent\1.0\config\kn.dat
c:\documents and settings\Jane\Application Data\StreamTorrent\1.0\config\settings.ini
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633802669919925000_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633808694045275000_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633809126480237500_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633820122725725000_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633959333954012500_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633995607281715000_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633997096343121250_png.png
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_634001364341241250_png.png
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_Email_xml-2-Classic-633609893622793750_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_Rss_xml-4-rssIcons-633590057687175000_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\EmailNotifier\AccountTypes.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\EmailNotifier\aol.com.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\EmailNotifier\comcast.net.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\EmailNotifier\google.com.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\EmailNotifier\hotmail.com.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\EmailNotifier\yahoo.com.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\LanguagePack\en-us\LanguagePack.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\LocalSettings.txt
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\Rss\http___blog_vuze_com_index_php_feed_.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\Rss\http___blog_vuze_com_index_php_feed__structured.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\Rss\http___twitter_com_statuses_user_timeline_15653840_rss.xml
c:\documents and settings\Jane\Local Settings\Application Data\Vuze_Remote\ThirdPartyComponents.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633802669919925000_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633808694045275000_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633809126480237500_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633820122725725000_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633959333954012500_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633995607281715000_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_633997096343121250_png.png
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_634001364341241250_png.png
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_Email_xml-2-Classic-633609893622793750_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_91_250_CT2504091_Images_Rss_xml-4-rssIcons-633590057687175000_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\EmailNotifier\AccountTypes.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\EmailNotifier\aol.com.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\EmailNotifier\comcast.net.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\EmailNotifier\google.com.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\EmailNotifier\hotmail.com.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\EmailNotifier\yahoo.com.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\LanguagePack\en-us\LanguagePack.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\LocalSettings.txt
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\Rss\http___blog_vuze_com_index_php_feed_.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\Rss\http___blog_vuze_com_index_php_feed__structured.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\Rss\http___twitter_com_statuses_user_timeline_15653840_rss.xml
c:\documents and settings\LocalService\Local Settings\Application Data\Vuze_Remote\ThirdPartyComponents.xml
c:\program files\Common Files\Symantec Shared
c:\program files\Vuze
c:\program files\Vuze\.install4j\_shfoldr.dll
c:\program files\Vuze\.install4j\autoUninstall.0
c:\program files\Vuze\.install4j\autoUninstall.1
c:\program files\Vuze\.install4j\files.log
c:\program files\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_1_5p83tu.properties
c:\program files\Vuze\.install4j\i4j_extf_10_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_10_5p83tu_qin5kk.png
c:\program files\Vuze\.install4j\i4j_extf_11_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_11_5p83tu.properties
c:\program files\Vuze\.install4j\i4j_extf_12_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_12_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_13_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_13_5p83tu.properties
c:\program files\Vuze\.install4j\i4j_extf_14_5p83tu_1q2vg51.png
c:\program files\Vuze\.install4j\i4j_extf_14_5p83tu_xza4ha.png
c:\program files\Vuze\.install4j\i4j_extf_15_5p83tu_19c5po3.png
c:\program files\Vuze\.install4j\i4j_extf_15_5p83tu_1rjd818.png
c:\program files\Vuze\.install4j\i4j_extf_16_5p83tu.html
c:\program files\Vuze\.install4j\i4j_extf_16_5p83tu_qin5kk.png
c:\program files\Vuze\.install4j\i4j_extf_17_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_17_5p83tu.html
c:\program files\Vuze\.install4j\i4j_extf_18_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_18_5p83tu_13ickx0.png
c:\program files\Vuze\.install4j\i4j_extf_19_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_19_5p83tu_1rvmsbd.png
c:\program files\Vuze\.install4j\i4j_extf_2_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_20_5p83tu_bm8amj.ico
c:\program files\Vuze\.install4j\i4j_extf_20_5p83tu_xza4ha.png
c:\program files\Vuze\.install4j\i4j_extf_21_5p83tu.dll
c:\program files\Vuze\.install4j\i4j_extf_21_5p83tu_19c5po3.png
c:\program files\Vuze\.install4j\i4j_extf_22_5p83tu_117nkgl.png
c:\program files\Vuze\.install4j\i4j_extf_22_5p83tu_1dcx5tw.png
c:\program files\Vuze\.install4j\i4j_extf_23_5p83tu.html
c:\program files\Vuze\.install4j\i4j_extf_23_5p83tu_1efhqvy.png
c:\program files\Vuze\.install4j\i4j_extf_24_5p83tu_10qu06u.png
c:\program files\Vuze\.install4j\i4j_extf_24_5p83tu_2zcusy.png
c:\program files\Vuze\.install4j\i4j_extf_25_5p83tu.html
c:\program files\Vuze\.install4j\i4j_extf_26_5p83tu_rz1c2y.png
c:\program files\Vuze\.install4j\i4j_extf_26_5p83tu_z1x7tn.png
c:\program files\Vuze\.install4j\i4j_extf_27_5p83tu_bm8amj.ico
c:\program files\Vuze\.install4j\i4j_extf_28_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_29_5p83tu.DLL
c:\program files\Vuze\.install4j\i4j_extf_3_5p83tu.properties
c:\program files\Vuze\.install4j\i4j_extf_30_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_31_5p83tu.dll
c:\program files\Vuze\.install4j\i4j_extf_32_5p83tu.dll
c:\program files\Vuze\.install4j\i4j_extf_33_5p83tu_117nkgl.png
c:\program files\Vuze\.install4j\i4j_extf_34_5p83tu_1w24e9h.png
c:\program files\Vuze\.install4j\i4j_extf_35_5p83tu_1efhqvy.png
c:\program files\Vuze\.install4j\i4j_extf_36_5p83tu_10qu06u.png
c:\program files\Vuze\.install4j\i4j_extf_37_5p83tu.html
c:\program files\Vuze\.install4j\i4j_extf_38_5p83tu_z1x7tn.png
c:\program files\Vuze\.install4j\i4j_extf_4_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_5_5p83tu.properties
c:\program files\Vuze\.install4j\i4j_extf_6_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_7_5p83tu.properties
c:\program files\Vuze\.install4j\i4j_extf_8_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_8_5p83tu_1q2vg51.png
c:\program files\Vuze\.install4j\i4j_extf_9_5p83tu.properties
c:\program files\Vuze\.install4j\i4j_extf_9_5p83tu_1rjd818.png
c:\program files\Vuze\.install4j\i4jdel.exe
c:\program files\Vuze\.install4j\i4jinst.dll
c:\program files\Vuze\.install4j\i4jparams.conf
c:\program files\Vuze\.install4j\i4jruntime.jar
c:\program files\Vuze\.install4j\inst_jre.cfg
c:\program files\Vuze\.install4j\install.prop
c:\program files\Vuze\.install4j\installation.log
c:\program files\Vuze\.install4j\MessagesDefault
c:\program files\Vuze\.install4j\response.varfile
c:\program files\Vuze\.install4j\unicows.dll
c:\program files\Vuze\.install4j\user.jar
c:\program files\Vuze\aereg.dll
c:\program files\Vuze\Azureus.exe
c:\program files\Vuze\Azureus.exe.manifest
c:\program files\Vuze\Azureus.exe.vmoptions
c:\program files\Vuze\Azureus.properties
c:\program files\Vuze\Azureus2.jar
c:\program files\Vuze\AzureusUpdater.exe
c:\program files\Vuze\GPL.txt
c:\program files\Vuze\installer.log
c:\program files\Vuze\msvcr71.dll
c:\program files\Vuze\plugins\azemp\azemp_2.2.2.jar
c:\program files\Vuze\plugins\azemp\azemp_3.1.6.jar
c:\program files\Vuze\plugins\azemp\azemp_3.1.6.zip
c:\program files\Vuze\plugins\azemp\azureus.sig
c:\program files\Vuze\plugins\azemp\cp1250-a.raw
c:\program files\Vuze\plugins\azemp\cp1250-b.raw
c:\program files\Vuze\plugins\azemp\font.desc
c:\program files\Vuze\plugins\azemp\libmprCanvas_1.2.jar
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw
c:\program files\Vuze\plugins\azemp\plugin.properties
c:\program files\Vuze\plugins\azemp\plugin.properties_3.1.6
c:\program files\Vuze\plugins\azemp\vuzeplayer.exe
c:\program files\Vuze\plugins\azitunes\azitunes_0.2.3.jar
c:\program files\Vuze\plugins\azitunes\azureus.sig
c:\program files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
c:\program files\Vuze\plugins\azitunes\jacob_1.14.3.jar
c:\program files\Vuze\plugins\azitunes\libProcessAccess.dll
c:\program files\Vuze\plugins\azitunes\libProcessAccess_0.1.2.jar
c:\program files\Vuze\plugins\azitunes\plugin.properties
c:\program files\Vuze\plugins\azplugins\azplugins_2.1.6.jar
c:\program files\Vuze\plugins\azrating\azrating_1.3.1.jar
c:\program files\Vuze\plugins\azupdater\azupdaterpatcher_1.8.10.jar
c:\program files\Vuze\plugins\azupdater\azupdaterpatcher_1.8.15.jar
c:\program files\Vuze\plugins\azupdater\azureus.sig
c:\program files\Vuze\plugins\azupdater\plugin.properties
c:\program files\Vuze\plugins\azupdater\Updater.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.23.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.28.jar
c:\program files\Vuze\plugins\azupnpav\azureus.sig
c:\program files\Vuze\plugins\azupnpav\plugin.properties
c:\program files\Vuze\swt.jar
c:\program files\Vuze\uninstall.exe
c:\program files\Vuze\Vuze.ico
c:\program files\Vuze_Remote
c:\program files\Vuze_Remote\INSTALL.LOG
c:\program files\Vuze_Remote\tbVuze.dll
c:\program files\Vuze_Remote\toolbar.cfg
c:\program files\Vuze_Remote\UNWISE.EXE
c:\program files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\windows\system32\msxsltsso.dll
c:\windows\system32\vvstsrtv.dll

c:\windows\system32\drivers\ndis.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LXGEVJFF
-------\Legacy_UAZNWH
-------\Service_lxgevjff
-------\Service_uaznwh

((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-08 20:56 . 2010-05-08 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-08 16:22 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-08 16:22 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-08 16:22 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-08 16:22 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-08 16:22 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-08 16:22 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-08 16:22 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-08 16:21 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-08 16:21 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-08 16:21 . 2010-05-08 16:21 -------- d-----w- c:\program files\Alwil Software
2010-05-08 16:21 . 2010-05-08 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-08 11:55 . 2010-05-08 11:55 -------- d-----w- c:\program files\CCleaner
2010-05-08 09:53 . 2010-05-08 09:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-07 19:16 . 2010-05-08 13:10 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2010-05-07 16:31 . 2010-05-07 16:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-07 13:55 . 2010-05-07 13:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-07 13:55 . 2010-05-07 13:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-07 13:44 . 2010-05-07 13:44 -------- d-----w- c:\documents and settings\Jane\Application Data\Malwarebytes
2010-05-07 13:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-07 13:43 . 2010-05-07 13:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 13:43 . 2010-05-07 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-07 13:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-07 13:41 . 2010-05-07 13:41 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-05-07 13:41 . 2010-05-07 13:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-05-06 11:59 . 2010-05-09 14:08 -------- d-----w- c:\documents and settings\Jane\Application Data\Dropbox
2010-05-06 11:58 . 2010-05-06 11:59 -------- d-----w- c:\program files\Dropbox
2010-04-30 00:01 . 2010-04-30 00:01 -------- d-----w- c:\documents and settings\Jane\Application Data\AVS4YOU
2010-04-30 00:01 . 2010-04-30 00:01 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-30 00:01 . 2010-04-30 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-04-30 00:01 . 2010-04-30 00:01 -------- d-----w- c:\program files\AVS4YOU
2010-04-30 00:01 . 2008-08-13 08:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-04-30 00:01 . 2008-08-13 08:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-04-30 00:01 . 2008-08-13 08:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-04-30 00:01 . 2008-08-13 08:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-04-26 15:58 . 2010-04-26 15:58 -------- d-----w- C:\Perfect World Entertainment
2010-04-26 15:16 . 2010-04-29 23:26 -------- d-----w- C:\Ether saga
2010-04-26 15:16 . 2010-04-26 15:45 -------- d-----w- c:\documents and settings\Jane\Application Data\GetRightToGo
2010-04-23 19:16 . 2010-04-23 19:16 -------- d-----w- c:\documents and settings\Jane\Local Settings\Application Data\PunkBuster
2010-04-23 19:14 . 2010-04-23 19:14 -------- d-----w- c:\windows\system32\LogFiles
2010-04-21 16:09 . 2010-04-21 16:09 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-21 16:09 . 2010-04-21 16:09 -------- d-----w- c:\program files\Java
2010-04-20 20:46 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-19 19:29 . 2010-04-19 19:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-19 19:27 . 2010-04-19 19:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-19 19:27 . 2010-04-19 19:27 -------- d-----w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 21:27 . 2010-01-06 13:19 5632 --sha-w- c:\program files\Thumbs.db
2010-05-08 12:01 . 2009-11-08 14:17 -------- d-----w- c:\documents and settings\Jane\Application Data\Azureus
2010-05-07 13:39 . 2008-04-14 07:50 210816 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-07 12:23 . 2010-03-01 11:05 -------- d-----w- c:\documents and settings\Jane\Application Data\XnView
2010-05-06 11:59 . 2010-05-06 11:59 89831 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\Uninstall.exe
2010-05-03 19:52 . 2009-11-10 13:32 -------- d-----w- c:\documents and settings\Jane\Application Data\vlc
2010-05-03 14:24 . 2010-01-17 17:14 16 ----a-w- c:\windows\popcinfo.dat
2010-04-29 21:42 . 2010-04-19 19:29 566432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-04-29 21:42 . 2010-01-11 22:41 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-04-29 21:42 . 2010-01-27 10:49 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-04-29 21:42 . 2010-01-11 23:27 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-29 21:42 . 2010-01-11 22:41 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-04-29 21:42 . 2010-01-11 22:41 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-04-29 21:42 . 2010-01-11 22:41 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-04-29 21:42 . 2010-04-19 19:28 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-04-29 21:42 . 2010-01-11 22:41 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-04-29 21:42 . 2010-01-27 10:49 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-04-29 21:42 . 2010-01-11 22:41 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-04-29 21:41 . 2010-01-27 10:47 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-04-29 21:41 . 2010-01-27 10:47 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-29 21:41 . 2010-04-19 19:28 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-04-29 21:41 . 2010-01-11 22:41 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-29 21:41 . 2010-01-11 22:41 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-29 21:41 . 2010-01-11 22:41 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-29 21:41 . 2010-01-11 22:40 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-29 21:41 . 2010-04-29 21:41 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-04-29 21:41 . 2010-01-11 22:40 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-29 21:41 . 2010-01-11 22:40 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-26 15:00 . 2009-11-07 22:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 19:29 . 2010-04-19 19:29 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-04-19 19:29 . 2010-04-19 19:29 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-04-19 19:28 . 2010-04-19 19:28 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-04-19 19:28 . 2010-04-19 19:28 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-04-19 19:28 . 2010-04-19 19:28 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-04-17 19:21 . 2009-11-08 14:43 -------- d-----w- c:\program files\Google
2010-03-27 16:56 . 2010-03-27 16:55 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-27 16:56 . 2010-03-27 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-03-27 16:47 . 2009-12-20 13:34 -------- d-----w- c:\program files\ATI Technologies
2010-03-26 12:07 . 2010-02-09 19:19 50354 ----a-w- c:\documents and settings\Jane\Application Data\Facebook\uninstall.exe
2010-03-26 12:07 . 2010-03-26 12:07 2114184 ----a-w- c:\documents and settings\Jane\Application Data\Facebook\Install_Facebook_Plug-In_1.0.3.exe
2010-03-26 12:07 . 2010-02-09 19:19 -------- d-----w- c:\documents and settings\Jane\Application Data\Facebook
2010-03-16 06:51 . 2010-03-27 16:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-16 06:51 . 2010-03-27 16:55 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51 . 2010-03-27 16:55 10232352 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-16 06:51 . 2010-03-27 16:55 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51 . 2010-03-27 16:55 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-16 06:51 . 2010-03-27 16:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-16 06:51 . 2010-03-27 16:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-16 06:51 . 2010-03-27 16:55 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51 . 2010-03-27 16:55 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51 . 2010-03-27 16:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-16 06:51 . 2010-03-27 16:55 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-16 06:51 . 2010-03-27 16:55 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-03-16 02:37 . 2010-03-16 02:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 02:37 . 2010-03-16 02:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 02:37 . 2010-03-16 02:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 02:37 . 2010-03-16 02:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 02:37 . 2010-03-16 02:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 02:37 . 2010-03-16 02:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-10 06:15 . 2008-04-14 12:42 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-01 10:41 . 2010-01-20 16:41 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-28 11:51 . 2010-02-28 11:51 503808 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68bf92d6-n\msvcp71.dll
2010-02-28 11:51 . 2010-02-28 11:51 499712 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68bf92d6-n\jmc.dll
2010-02-28 11:51 . 2010-02-28 11:51 348160 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-68bf92d6-n\msvcr71.dll
2010-02-28 11:51 . 2010-02-28 11:51 61440 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-33515095-n\decora-sse.dll
2010-02-28 11:51 . 2010-02-28 11:51 12800 ----a-w- c:\documents and settings\Jane\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-33515095-n\decora-d3d.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ----a-w- c:\documents and settings\Jane\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-26 05:10 . 2010-02-26 05:10 21979992 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\Dropbox.exe
2010-02-25 06:24 . 2009-01-12 02:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 07:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 12:18 . 2010-02-19 12:18 1955472 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-16 14:08 . 2008-04-14 07:54 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 12:41 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 07:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

2010-05-07 13:39 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\dllcache\ndis.sys

2010-05-07 13:39 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\drivers\ndis.sys

2009-01-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Jane\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\Jane\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Jane\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\GAMES\\Sony\\EverQuest II\\LaunchPad.exe"=
"c:\\Program Files\\GAMES\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"f:\\Div programs\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Jane\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4466:TCP"= 4466:TCP:rsbhu

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12-01-2010 00:41 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08-05-2010 18:22 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08-05-2010 18:22 19024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 17:52 1285864]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-01-2010 13:58 135664]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-11-2009 13:58 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-05-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:41]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 11:58]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.dk/webhp?sourceid=navclient&hl=da&ie=UTF-8
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {B283F823-BBFC-45CE-AF3F-C0A7CF50B58B} = 208.67.222.222,208.67.220.220
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.
- - - - ORPHANS REMOVED - - - -

SSODL-GootkitSSO-{147445A0-DE8A-4AA6-91AA-B7979957BE43} - c:\windows\System32\msxsltsso.dll
AddRemove-8461-7759-5462-8226 - c:\program files\Vuze\uninstall.exe
AddRemove-Vuze_Remote Toolbar - c:\progra~1\VUZE_R~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 16:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A5450E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> atapi.sys @ 0xb7f11852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0x8a4e1bb0
PacketIndicateHandler -> NDIS.sys @ 0x8a4eea21
SendHandler -> NDIS.sys @ 0x8a4cc87b

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,15,c7,14,fb,f2,28,45,ad,af,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,15,c7,14,fb,f2,28,45,ad,af,89,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1276)
c:\windows\system32\WININET.dll
c:\documents and settings\Jane\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\system volume information\Whistler\svchost.exe
c:\system volume information\Whistler\smss.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WgaTray.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-05-09 16:12:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-09 14:12
ComboFix2.txt 2010-05-09 09:50
ComboFix3.txt 2010-05-08 18:47

Pre-Run: 10.011.111.424 bytes free
Post-Run: 9.925.853.184 bytes free

- - End Of File - - DDF5FA49C8758ADF17AA70EEA2F5EDC9

Synes godt om

waskus Nybegynder

09. maj 2010 - 17:05 #15

her er en malware log som jeg lige har kørt den fandt 2 ting

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4082

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09-05-2010 17:00:34
mbam-log-2010-05-09 (17-00-34).txt

Scan type: Quick scan
Objects scanned: 124722
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.

Synes godt om

sullep Nybegynder

09. maj 2010 - 17:17 #16

1. Hent dette lille værktøj:
http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)
2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:filefind
*ndis.sys*

3. Klik på knappen Look. Programmet vil nu lede på din computer.
4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Synes godt om

waskus Nybegynder

09. maj 2010 - 17:23 #17

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:21 on 09/05/2010 by Jane (Administrator - Elevation successful)

========== filefind ==========

Searching for "*ndis.sys*"
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir --a--- 210816 bytes [18:39 08/05/2010] [13:39 07/05/2010] 09925C49086F2785C061418F7FCA406F
C:\WINDOWS\system32\dllcache\ndis.sys --a--c 210816 bytes [07:50 14/04/2008] [13:39 07/05/2010] (Unable to calculate MD5)
C:\WINDOWS\system32\drivers\ndis.sys --a--- 210816 bytes [07:50 14/04/2008] [13:39 07/05/2010] (Unable to calculate MD5)

-=End Of File=-

Synes godt om

sullep Nybegynder

09. maj 2010 - 17:57 #18

Har du en original Windows XP installations cd ?

Synes godt om

waskus Nybegynder

09. maj 2010 - 19:17 #19

Ja jeg har den originale cd. Hendes browser(IE) virker også ekstrem langsom nu. Kan godt bruge et minut når man åbner for den på at komme frem til google.

Synes godt om

sullep Nybegynder

10. maj 2010 - 11:53 #20

Skriv lige hvilken drev bogstav dit cdrom har ?

Synes godt om

waskus Nybegynder

10. maj 2010 - 13:29 #21

Jeg er på arbejde nu så jeg tjekker lige når jeg kommer hjem men jeg mener det er G ellers sætter jeg bare det rigtige drev nr ind.

Synes godt om

sullep Nybegynder

10. maj 2010 - 14:35 #22

Hvis drev bogstav ikke er g må du kopier de 5 linjer ind i "Notesblok" for at rediger, du kan ikke gøre
det efter du har kopieret det ind i dos vinduet.

Læg din XP cd I cdrom drevet.
Kopier de 5 linjer af 1 gang.

cd\
del c:\windows\system32\dllcache\ndis.sys
del c:\windows\system32\drivers\ndis.sys
copy g:\i386\ndis.sy_ c:\windows\system32\dllcache\ndis.sys
copy g:\i386\ndis.sy_ c:\windows\system32\drivers\ndis.sys

Så dette > Start > Kør > Skriv cmd > Klik OK > Klik med højre Musetast i dos vinduet > Vælg "Sæt ind".
Nu skal den gerne skrive 2 filer er blevet kopieret.

Kør denne online scanner:
http://www.superantispyware.com/onlinescan.html

Start superantispyware, klik på Check for updates, hent opdateringer

Klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Sørg for, at alt i den hvide boks har et flueben ud for det, og derefter klik på Næste.
Og hvis den spørger om du vil genstarte, skal du klikke
NO.

———————————————————-
Klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

Så sletter du den Combofix du har liggende og henter en ny her.

--Hent Combofix, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åben Notesblok og kopier følgende (tekst med fed skrift) ind - og gem tekst-filen som CFScript.txt samme sted som du har ComboFix:

Killall::
Snapshot::
DDS::
uInternet Settings,ProxyOverride = *.local

Træk CFScript filen over på ComboFix ikonet - det vil starte ComboFix igen (hvis computeren vil genstarte, så lad den gøre det). Se eventuelt her:
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Læg den nye ComboFix log herind.

Synes godt om

sullep Nybegynder

10. maj 2010 - 15:08 #23

Med de infektioner du har haft skal du lige deaktiver systemgendannelsen - genstart og aktiver den igen.
Gør det først hvis du læser inden du gør noget.
Se her hvordan du gør hvis du ikke ved det.

http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&title=systemgendannelse

Synes godt om

waskus Nybegynder

11. maj 2010 - 18:23 #24

Har først haft tid til at skrive nu. Nå men jeg skulle igang med alt det og så begyndte system harddisken at sige "mærklige" klikkelyde og sidste jeg hørte det fra en af konens andre gamle harddiske døde den 14 dage senere. Så jeg har købt en 500gb harddisk, delt den op 100gb til windows. Har opdateret windows installeret avast på den og er igang med at kopier hendes billeder osv fra den harddisk som ikke fejler noget over. Jeg har scannet den med avast og den fandt intet så jeg håber at det betyder at den er virus fri.
Mange tak for hjælpen:-)

Mvh Nikolaj

Synes godt om

sullep Nybegynder

11. maj 2010 - 18:52 #25

Klikke lyde fra disken lyder ikke godt.
Vil det sige vi stopper her, Combofix kom med en fejlmelding på denne fil ndis.sys det vil nok være en god ide at udskifte denne.

Synes godt om

waskus Nybegynder

11. maj 2010 - 22:17 #26

Sådan ser malware loggen ud:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4090

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31-12-2001 22:35:00
mbam-log-2001-12-31 (22-35-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 139313
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Sådan ser Superantiscan loggen ud:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2010 at 09:09 PM

Application Version : 4.33.1000

Core Rules Database Version : 4919
Trace Rules Database Version: 2731

Scan type : Complete Scan
Total Scan Time : 00:06:53

Memory items scanned : 425
Memory threats detected : 0
Registry items scanned : 3670
Registry threats detected : 0
File items scanned : 599
File threats detected : 39

Adware.Tracking Cookie
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@msnportal.112.2o7[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@at.atwola[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@c.t.q.cltomedia[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@server.iad.liveperson[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@tradedoubler[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@ad.yieldmanager[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@content.yieldmanager[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@advertising[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@bs.serving-sys[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@trafficmp[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@b.q.q.cltomedia[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@tribalfusion[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@xiti[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@cdn5.specificclick[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@apmebf[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@burstnet[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@www.burstnet[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@adviva[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@www.googleadservices[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@bluestreak[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@adserver3.openadex[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@collective-media[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@media6degrees[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@fastclick[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@revsci[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@cltomedia[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@adtech[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@serving-sys[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@tacoda[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@mediaplex[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@smartadserver[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@adserver.karamco[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@microsoftinternetexplorer.112.2o7[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@content.yieldmanager[3].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@interclick[1].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@atdmt[2].txt
C:\Documents and Settings\JJprinzez\Cookies\jjprinzez@specificclick[2].txt

Computeren kører fint igen. Mange tak for hjælpen. Den harddiske som laver mærklige lyde(kan hører den spinner op, siger klik klik, slukker, spinner op, klik klik og sådan bliver den ved) er arkiveret lodret i skuffen med fortabt hardware:)

Nu kører den fint igen hendes computer og nu har jeg installeret avast på den.

Synes godt om

sullep Nybegynder

12. maj 2010 - 11:46 #27

Velbekomme
Du er velkommen en anden gang.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53
Total AV Af Malm i Virus	10	16/01/202516:48	17/01/202520:47

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS