*forsigtigt* Ingen der har et forslag til hvad der kan gøres…? Jeg kan ikke rigtig komme videre med computeren lige nu….

Hej    

Vi er nødt til at se hvad der kører på systemet ->

Hent DDS og gem programmet på dit Skrivebord:
Her
Dobbeltklik på DDS.scr og tillad programmet at køre.
Når programmet er færdig vil det åbne to logs/tekst-filer.
Gem begge filer på dit Skrivebord og kopier indholdet af txt filerne herind i dit næste indlæg.

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Beklager men efter jeg har dobbeltklikket på dds.scr kommer der et tomt dos vindue op i 1 sek. og så forsvinder det igen. That´s it. Ingen logfiler….

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Det tog lidt tid - Combofix fandt rootkits! Log:

ComboFix 10-09-02.03 - start 03-09-2010 15:55:15.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1014.599 [GMT 2:00]
Kører fra: c:\documents and settings\start\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\start\Skrivebord\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\start\Application Data\674812ED785F219DC9743A9333079F2E
c:\documents and settings\start\Application Data\674812ED785F219DC9743A9333079F2E\enemies-names.txt
c:\documents and settings\start\Application Data\674812ED785F219DC9743A9333079F2E\local.ini
c:\documents and settings\start\Application Data\674812ED785F219DC9743A9333079F2E\lsrslt.ini
c:\documents and settings\start\Menuen Start\Programmer\Antimalware Doctor
c:\windows\system32\drivers\mefbxzgm.sys
c:\windows\system32\drivers\yzgmqdpz.sys
c:\windows\system32\Install.txt
c:\windows\system32\szetyj67v.txt
c:\windows\system32\wwxqvzv.dll
c:\windows\system32\yvfjdvo.dll

c:\windows\system32\drivers\ndis.sys . . . er inficeret!!

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_LVDGWGCB
———-\Legacy_MEFBXZGM
———-\Legacy_SSHNAS
———-\Service_lvdgwgcb
———-\Service_mefbxzgm

(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-03 til 2010-09-03 )))))))))))))))))))))))))))))))))))
.

2010-09-03 13:35 . 2010-09-03 13:35   ————  d——-r-  c:\documents and settings\NetworkService\Foretrukne
2010-09-02 14:08 . 2010-09-02 14:08   ————  d——-w-  c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-02 14:08 . 2010-09-02 14:08   ————  d——-w-  c:\programmer\SUPERAntiSpyware
2010-09-02 14:08 . 2010-09-02 14:08   ————  d——-w-  c:\documents and settings\start\Application Data\SUPERAntiSpyware.com
2010-09-02 13:56 . 2010-09-02 13:56   ————  d——-w-  c:\documents and settings\start\Application Data\IObit
2010-09-02 13:39 . 2010-09-02 13:39   ————  d——-w-  c:\programmer\ToniArts
2010-09-02 13:32 . 2010-09-02 13:32   ————  d——-w-  c:\documents and settings\Administrator\Application Data\IObit
2010-09-02 13:32 . 2010-09-02 13:32   ————  d——-w-  c:\programmer\IObit
2010-09-02 13:31 . 2010-09-02 13:31   ————  d-sh—w-  c:\documents and settings\Administrator\IETldCache
2010-09-02 12:37 . 2010-09-02 12:37   ————  d——-w-  c:\programmer\Fælles filer\Wise Installation Wizard
2010-09-02 12:34 . 2010-09-02 12:34   ————  d——-w-  c:\documents and settings\start\Application Data\Malwarebytes
2010-09-02 12:34 . 2010-04-29 13:39   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 12:34 . 2010-09-02 12:34   ————  d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2010-09-02 12:34 . 2010-09-02 12:34   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 12:34 . 2010-04-29 13:39   20952   ——a-w-  c:\windows\system32\drivers\mbam.sys
2010-08-04 18:27 . 2010-08-04 18:27   ————  d——-w-  c:\windows\system32\wbem\Repository
2010-08-04 17:52 . 2010-09-02 13:28   ————  d——-w-  c:\documents and settings\start\Lokale indstillinger\Application Data\jvpuisxjk
2010-08-04 17:11 . 2010-09-03 14:04   781824   ——a-w-  c:\windows\system32\drivers\zuaie.sys
2010-08-04 17:11 . 2010-09-02 13:28   ————  d——-w-  c:\documents and settings\start\Lokale indstillinger\Application Data\btywajgai
2010-08-04 16:03 . 2010-08-04 16:03   ————  d——-w-  c:\programmer\ASIO4ALL v2
2010-08-04 16:03 . 2006-06-20 08:56   225280   ——a-w-  c:\windows\system32\rewire.dll
2010-08-04 16:02 . 2010-08-04 16:03   ————  d——-w-  c:\programmer\VstPlugins
2010-08-04 16:02 . 2010-08-04 16:02   ————  d——-w-  c:\programmer\Outsim
2010-08-04 15:58 . 2010-08-04 16:03   ————  d——-w-  c:\programmer\Image-Line
2010-08-04 14:36 . 2010-08-04 14:39   ————  d——-w-  c:\documents and settings\start\.ultramixer
2010-08-04 14:35 . 2010-08-04 15:06   ————  d——-w-  c:\programmer\UltraMixer

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 13:57 . 2009-04-04 22:48   84258   ——a-w-  c:\windows\system32\perfc006.dat
2010-09-03 13:57 . 2009-04-04 22:48   460806   ——a-w-  c:\windows\system32\perfh006.dat
2010-09-02 13:39 . 2009-04-04 15:22   ————  d—h—w-  c:\programmer\InstallShield Installation Information
2010-08-04 17:46 . 2009-04-04 15:56   ————  d——-w-  c:\documents and settings\All Users\Application Data\Norton
2010-08-04 17:12 . 2009-04-04 22:48   210816   ——a-w-  c:\windows\system32\drivers\ndis.sys
2010-08-04 14:40 . 2010-05-19 19:41   ————  d——-w-  c:\programmer\Graffiti Studio 2.0
2010-08-04 14:01 . 2010-03-15 18:37   ————  d——-w-  c:\documents and settings\start\Application Data\GetRightToGo
2010-08-04 12:54 . 2010-05-31 09:43   ————  d——-w-  c:\documents and settings\start\Application Data\LimeWire
2010-08-03 19:49 . 2010-08-03 19:49   503808   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ad87a12-n\msvcp71.dll
2010-08-03 19:49 . 2010-08-03 19:49   499712   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ad87a12-n\jmc.dll
2010-08-03 19:49 . 2010-08-03 19:49   348160   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ad87a12-n\msvcr71.dll
2010-08-03 19:49 . 2010-08-03 19:49   61440   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ef97721-n\decora-sse.dll
2010-08-03 19:49 . 2010-08-03 19:49   12800   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ef97721-n\decora-d3d.dll
2010-07-26 12:43 . 2010-07-26 12:43   ————  d——-w-  c:\programmer\FlashCatch
2010-07-26 12:30 . 2010-05-10 17:05   ————  d——-w-  c:\programmer\DAEMON Tools Toolbar
2010-07-15 20:38 . 2009-04-04 15:34   ————  d——-w-  c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-09 10:01 . 2010-05-31 09:43   ————  d——-w-  c:\programmer\Ask.com
2010-06-14 14:31 . 2009-04-04 14:05   744448   ——a-w-  c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 08:06 . 2010-06-09 08:06   976832   ——a-w-  c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19802\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06   70584   ——a-w-  c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19802\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06   331176   ——a-w-  c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19802\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06   331176   ——a-w-  c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19802\AcrobatUpdater.exe
2010-06-05 21:49 . 2010-06-05 21:49   503808   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6f8aa4a3-n\msvcp71.dll
2010-06-05 21:49 . 2010-06-05 21:49   499712   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6f8aa4a3-n\jmc.dll
2010-06-05 21:49 . 2010-06-05 21:49   348160   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6f8aa4a3-n\msvcr71.dll
2010-06-05 21:49 . 2010-06-05 21:49   61440   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe17b5f-n\decora-sse.dll
2010-06-05 21:49 . 2010-06-05 21:49   12800   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3fe17b5f-n\decora-d3d.dll
.

———- Sigcheck———-

[-] 2010-08-04 17:12 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [———] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-08-04 17:12 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [———] . . c:\windows\system32\dllcache\ndis.sys
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 10:18   451808   ——a-w-  c:\programmer\RadioBar\toolbar.ni.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 15:28   1233288   ——a-w-  c:\programmer\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{5B291E6C-9A74-4034-971B-A4B007A0B315}”= “c:\programmer\RadioBar\toolbar.ni.dll” [2010-01-11 451808]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\programmer\Ask.com\GenericAskToolbar.dll” [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{5B291E6C-9A74-4034-971B-A4B007A0B315}”= “c:\programmer\RadioBar\toolbar.ni.dll” [2010-01-11 451808]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\programmer\Ask.com\GenericAskToolbar.dll” [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41   294912   ——a-w-  c:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Programmer\\Opera\\opera.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\BitLord\\BitLord.exe”=
“c:\\Programmer\\Microsoft Games\\Zoo Tycoon 2\\zt.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\iTunes\\iTunes.exe”=
“c:\\Programmer\\UltraMixer\\jre\\launch4j-tmp\\UltraMixer.exe”=

R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\programmer\Intel\Intel Matrix Storage Manager\IAANTmon.exe [04-04-2009 17:23 354840]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [05-04-2009 00:49 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [04-11-2009 22:28 145152]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04-04-2009 17:32 1684736]
S3 GoogleDesktopManager-110309-193829;Google Desktop-administrator 5.9.911.3589;c:\programmer\Google\Google Desktop Search\GoogleDesktop.exe [04-11-2009 22:30 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys—> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys—> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [31-05-2010 11:30 41472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-05-2010 19:05 691696]

—- Andre Services/Drivers i Hukommelsen—-

*NewlyCreated* - MEFBXZGM
*Deregistered* - mefbxzgm
*Deregistered* - zuaie
.
Indhold af mappen ‘Planlagte Opgaver’

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035789119-3646499915-426764551-1006Core.job
- c:\documents and settings\start\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-07 11:42]

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035789119-3646499915-426764551-1006UA.job
- c:\documents and settings\start\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-07 11:42]

2010-09-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmer\Ask.com\UpdateTask.exe [2010-06-10 15:28]
.
.
———- Yderligere scanning———-
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\programmer\RadioBar\toolbar.ni.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.
- - - - TOMME GENVEJE FJERNET - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 16:04
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x859C40E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7691f28
\Driver\ACPI -> ACPI.sys @ 0xf75f4cb8
\Driver\atapi -> atapi.sys @ 0xf74e6852
\Driver\iaStor -> iaStor.sys @ 0xf744d78c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8132 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0x859abbb0
PacketIndicateHandler -> NDIS.sys @ 0x8599aa0d
SendHandler -> NDIS.sys @ 0x859aeb40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zuaie]

.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-2035789119-3646499915-426764551-1006\Software\SecuROM\License information*]
“datasecu”=hex:fd,d2,bd,a6,dc,f4,cc,5e,f3,89,3a,b4,29,5f,77,5c,8a,cb,96,b9,5c,
  97,80,55,af,7d,49,ad,cb,8c,da,41,fa,36,1a,a6,b2,a1,b1,4d,48,40,d0,88,ff,ce,\
“rkeysecu”=hex:9a,19,3c,63,e9,52,59,f3,c7,50,d4,62,1d,aa,f9,98
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(832)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > ‘explorer.exe’(4760)
c:\windows\system32\webcheck.dll
.
————————————Andre kørende processer————————————
.
c:\programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-03 16:09:31 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-09-03 14:09

Pre-Kørsel: 114.063.691.776 byte ledig
Post-Kørsel: 114.132.242.432 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=“do not select this” /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect

- - End Of File - - F040048A3E32D95063D0F44A2206FB37

Fildeling (Limewire og Bitlord), så skal det gå galt.
Forhåbentlig har den ikke været brugt til netbank?

Drop fildeling >> http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
Afinstaller Limewire og Bitlord i Tilføj/Fjern programmer.
http://www.computerworld.dk/art/52569?a=exp&i=80

———————————————————-
Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Mia::
c:\windows\system32\drivers\ndis.sys
Srpeek::
c:\windows\system32\drivers\ndis.sys
Restore::
c:\windows\system32\drivers\ndis.sys
File::
c:\windows\system32\drivers\zuaie.sys
Folder::
c:\documents and settings\start\Lokale indstillinger\Application Data\jvpuisxjk
c:\documents and settings\start\Lokale indstillinger\Application Data\btywajgai
c:\documents and settings\start\Application Data\LimeWire
c:\programmer\Ask.com
c:\Programmer\BitLord
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”=-
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”=-

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

“Fildeling (Limewire og Bitlord), så skal det gå galt.
Forhåbentlig har den ikke været brugt til netbank?”

Ved det ikke da det som sagt ikke er min eller en i min families computer men vil helt sikkert sige det videre….Limewire er ifølge min mening noget af det værste man kan have på sin computer….

Tak for al hjælp indtilvidere - I er fantastiske her på spywarefri.dk. Vender tilbage med ny log fra ComboFix snarest.

God weekend!

Fint nok, og tak i lige måde    

Og her er så den sidste log fra Combofix:

ComboFix 10-09-04.06 - start 06-09-2010   9:54.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1014.722 [GMT 2:00]
Kører fra: c:\documents and settings\start\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\start\Skrivebord\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Dannede nyt systemgendannelsespunkt

FILE ::
“c:\windows\system32\drivers\zuaie.sys”
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\start\Application Data\LimeWire
c:\documents and settings\start\Application Data\LimeWire\active.mojito
c:\documents and settings\start\Application Data\LimeWire\browser\xul-v2.0b2.5-do-not-remove
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\start\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\start\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\start\Application Data\LimeWire\createtimes.cache
c:\documents and settings\start\Application Data\LimeWire\downloads.dat
c:\documents and settings\start\Application Data\LimeWire\fileurns.cache
c:\documents and settings\start\Application Data\LimeWire\gnutella.net
c:\documents and settings\start\Application Data\LimeWire\installation.props
c:\documents and settings\start\Application Data\LimeWire\library.dat
c:\documents and settings\start\Application Data\LimeWire\library5.dat
c:\documents and settings\start\Application Data\LimeWire\limewire.props
c:\documents and settings\start\Application Data\LimeWire\lock
c:\documents and settings\start\Application Data\LimeWire\mojito.props
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\Cache\03A7FE01d01
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\Cache\1FEE1D11d01
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\start\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\start\Application Data\LimeWire\player.props
c:\documents and settings\start\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\start\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\start\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\start\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\start\Application Data\LimeWire\questions.props
c:\documents and settings\start\Application Data\LimeWire\responses.cache
c:\documents and settings\start\Application Data\LimeWire\simpp.cert
c:\documents and settings\start\Application Data\LimeWire\simpp.xml
c:\documents and settings\start\Application Data\LimeWire\spam.dat
c:\documents and settings\start\Application Data\LimeWire\tables.props
c:\documents and settings\start\Application Data\LimeWire\ttdata.cache
c:\documents and settings\start\Application Data\LimeWire\ttroot.cache
c:\documents and settings\start\Application Data\LimeWire\update.cert
c:\documents and settings\start\Application Data\LimeWire\urns.dat
c:\documents and settings\start\Application Data\LimeWire\version.xml
c:\documents and settings\start\Application Data\LimeWire\versions.props
c:\documents and settings\start\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\start\Application Data\LimeWire\xml\data\torrent.sxml3
c:\documents and settings\start\Lokale indstillinger\Application Data\btywajgai
c:\documents and settings\start\Lokale indstillinger\Application Data\jvpuisxjk
c:\programmer\Ask.com
c:\programmer\Ask.com\btn_search.png
c:\programmer\Ask.com\cobrand.ico
c:\programmer\Ask.com\config.xml
c:\programmer\Ask.com\favicon.ico
c:\programmer\Ask.com\GenericAskToolbar.dll
c:\programmer\Ask.com\limewire_logo.png
c:\programmer\Ask.com\mupcfg.xml
c:\programmer\Ask.com\SaUpdate.exe
c:\programmer\Ask.com\UpdateTask.exe
c:\programmer\BitLord
c:\programmer\BitLord\BitLord.exe
c:\programmer\BitLord\BitLord.url
c:\programmer\BitLord\BitLord.xml
c:\programmer\BitLord\Downloads.xml
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\Crack\clownBold.ttg
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\Crack\Data\clownBold.ttg
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\Crack\Data\grass.tga
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\Crack\Data\lib_art.map
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\Crack\Data\ra3_1.10.game
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\Crack\grass.tga
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\Crack\lib_art.map
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\Crack\RedAlert3_english_patch1.010.exe
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\reloaded.nfo
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED\rld-ra3.iso
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3.Update.1.10-RELOADED\reloaded.nfo
c:\programmer\BitLord\Downloads\Command.And.Conquer.Red.Alert.3.Update.1.10-RELOADED\rld-r311.sfv
c:\programmer\BitLord\Downloads\FOOTBALL MANAGER 2010 10.1.1 UPDATE.zip
c:\programmer\BitLord\Downloads\Football.Manager.2010-RELOADED\reloaded.nfo
c:\programmer\BitLord\Downloads\Football.Manager.2010-RELOADED\rld-fm10.iso
c:\programmer\BitLord\Downloads\Football.Manager.2010-RELOADED\rld-fm10\reloaded.nfo
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vitality.nfo
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.001
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.002
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.003
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.004
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.005
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.006
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.007
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.008
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.009
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.010
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.011
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.012
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.013
c:\programmer\BitLord\Downloads\Football.Manager.2010.Update.10.2-ViTALiTY\vty-0279.sfv
c:\programmer\BitLord\Downloads\Fruity Loops FL Studio Producer Edition [2010] + Cracks - http://www.GuruFuel.com.rar
c:\programmer\BitLord\Downloads\zoo tycoon 2\zoo tycoon 2.rar
c:\programmer\BitLord\lang\lang_ar_ae.xml
c:\programmer\BitLord\lang\lang_bg_bg.xml
c:\programmer\BitLord\lang\lang_ca_es.xml
c:\programmer\BitLord\lang\lang_cz_cz.xml
c:\programmer\BitLord\lang\lang_da_dk.xml
c:\programmer\BitLord\lang\lang_de_de.xml
c:\programmer\BitLord\lang\lang_el_gr.xml
c:\programmer\BitLord\lang\lang_en_us.xml
c:\programmer\BitLord\lang\lang_es_ar.xml
c:\programmer\BitLord\lang\lang_es_es.xml
c:\programmer\BitLord\lang\lang_et_ee.xml
c:\programmer\BitLord\lang\lang_fi_fi.xml
c:\programmer\BitLord\lang\lang_fr_fr.xml
c:\programmer\BitLord\lang\lang_gl_es.xml
c:\programmer\BitLord\lang\lang_he_il.xml
c:\programmer\BitLord\lang\lang_hu_hu.xml
c:\programmer\BitLord\lang\lang_it_it.xml
c:\programmer\BitLord\lang\lang_jp_jp.xml
c:\programmer\BitLord\lang\lang_ko_kr.xml
c:\programmer\BitLord\lang\lang_nb_no.xml
c:\programmer\BitLord\lang\lang_nl_nl.xml
c:\programmer\BitLord\lang\lang_pl_pl.xml
c:\programmer\BitLord\lang\lang_pt_br.xml
c:\programmer\BitLord\lang\lang_pt_pt.xml
c:\programmer\BitLord\lang\lang_ro_ro.xml
c:\programmer\BitLord\lang\lang_ru_ru.xml
c:\programmer\BitLord\lang\lang_sk_sk.xml
c:\programmer\BitLord\lang\lang_sl_si.xml
c:\programmer\BitLord\lang\lang_sr_sr.xml
c:\programmer\BitLord\lang\lang_sv_se.xml
c:\programmer\BitLord\lang\lang_th_th.xml
c:\programmer\BitLord\lang\lang_tr_tr.xml
c:\programmer\BitLord\lang\lang_va_es.xml
c:\programmer\BitLord\lang\lang_zh_tw.xml
c:\programmer\BitLord\License.txt
c:\programmer\BitLord\rules\ipfilter.dat
c:\programmer\BitLord\rules\tracker.dat
c:\programmer\BitLord\Torrents\Command.And.Conquer.Red.Alert.3-RELOADED.torrent
c:\programmer\BitLord\Torrents\Command.And.Conquer.Red.Alert.3-RELOADED.xml
c:\programmer\BitLord\Torrents\Command.And.Conquer.Red.Alert.3.Update.1.10-RELOADED.torrent
c:\programmer\BitLord\Torrents\Command.And.Conquer.Red.Alert.3.Update.1.10-RELOADED.xml
c:\programmer\BitLord\Torrents\FOOTBALL MANAGER 2010 10.1.1 UPDATE.zip.torrent
c:\programmer\BitLord\Torrents\FOOTBALL MANAGER 2010 10.1.1 UPDATE.zip.xml
c:\programmer\BitLord\Torrents\Football.Manager.2010-RELOADED.torrent
c:\programmer\BitLord\Torrents\Football.Manager.2010-RELOADED.xml
c:\programmer\BitLord\Torrents\Football.Manager.2010.Update.10.2-ViTALiTY.torrent
c:\programmer\BitLord\Torrents\Football.Manager.2010.Update.10.2-ViTALiTY.xml
c:\programmer\BitLord\Torrents\Fruity Loops FL Studio Producer Edition [2010] + Cracks - http://www.GuruFuel.com.rar.torrent
c:\programmer\BitLord\Torrents\Fruity Loops FL Studio Producer Edition [2010] + Cracks - http://www.GuruFuel.com.rar.xml
c:\programmer\BitLord\Torrents\zoo tycoon 2.rar.torrent
c:\programmer\BitLord\Torrents\zoo tycoon 2.rar.xml
c:\programmer\BitLord\uninst.exe
c:\windows\system32\drivers\zuaie.sys

c:\windows\system32\drivers\ndis.sys . . . er inficeret!!

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.

———-\Legacy_zuaie
———-\Service_zuaie

(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-06 til 2010-09-06 )))))))))))))))))))))))))))))))))))
.

2010-09-03 14:20 . 2010-06-28 20:37   46672   ——a-w-  c:\windows\system32\drivers\aswTdi.sys
2010-09-03 14:20 . 2010-06-28 20:37   165456   ——a-w-  c:\windows\system32\drivers\aswSP.sys
2010-09-03 14:20 . 2010-06-28 20:33   23376   ——a-w-  c:\windows\system32\drivers\aswRdr.sys
2010-09-03 14:20 . 2010-06-28 20:32   17744   ——a-w-  c:\windows\system32\drivers\aswFsBlk.sys
2010-09-03 14:20 . 2010-06-28 20:32   100176   ——a-w-  c:\windows\system32\drivers\aswmon2.sys
2010-09-03 14:20 . 2010-06-28 20:32   94544   ——a-w-  c:\windows\system32\drivers\aswmon.sys
2010-09-03 14:20 . 2010-06-28 20:32   28880   ——a-w-  c:\windows\system32\drivers\aavmker4.sys
2010-09-03 14:20 . 2010-06-28 20:57   38848   ——a-w-  c:\windows\avastSS.scr
2010-09-03 14:20 . 2010-06-28 20:57   165032   ——a-w-  c:\windows\system32\aswBoot.exe
2010-09-03 14:20 . 2010-09-03 14:20   ————  d——-w-  c:\programmer\Alwil Software
2010-09-03 14:20 . 2010-09-03 14:20   ————  d——-w-  c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-03 13:35 . 2010-09-03 13:35   ————  d——-r-  c:\documents and settings\NetworkService\Foretrukne
2010-09-02 14:08 . 2010-09-02 14:08   ————  d——-w-  c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-02 14:08 . 2010-09-02 14:08   ————  d——-w-  c:\programmer\SUPERAntiSpyware
2010-09-02 14:08 . 2010-09-02 14:08   ————  d——-w-  c:\documents and settings\start\Application Data\SUPERAntiSpyware.com
2010-09-02 13:56 . 2010-09-02 13:56   ————  d——-w-  c:\documents and settings\start\Application Data\IObit
2010-09-02 13:39 . 2010-09-02 13:39   ————  d——-w-  c:\programmer\ToniArts
2010-09-02 13:32 . 2010-09-02 13:32   ————  d——-w-  c:\documents and settings\Administrator\Application Data\IObit
2010-09-02 13:32 . 2010-09-02 13:32   ————  d——-w-  c:\programmer\IObit
2010-09-02 13:31 . 2010-09-02 13:31   ————  d-sh—w-  c:\documents and settings\Administrator\IETldCache
2010-09-02 12:37 . 2010-09-02 12:37   ————  d——-w-  c:\programmer\Fælles filer\Wise Installation Wizard
2010-09-02 12:34 . 2010-09-02 12:34   ————  d——-w-  c:\documents and settings\start\Application Data\Malwarebytes
2010-09-02 12:34 . 2010-04-29 13:39   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 12:34 . 2010-09-02 12:34   ————  d——-w-  c:\programmer\Malwarebytes’ Anti-Malware
2010-09-02 12:34 . 2010-09-02 12:34   ————  d——-w-  c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 12:34 . 2010-04-29 13:39   20952   ——a-w-  c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 07:56 . 2009-04-04 22:48   84258   ——a-w-  c:\windows\system32\perfc006.dat
2010-09-06 07:56 . 2009-04-04 22:48   460806   ——a-w-  c:\windows\system32\perfh006.dat
2010-09-02 13:39 . 2009-04-04 15:22   ————  d—h—w-  c:\programmer\InstallShield Installation Information
2010-08-04 17:46 . 2009-04-04 15:56   ————  d——-w-  c:\documents and settings\All Users\Application Data\Norton
2010-08-04 17:12 . 2009-04-04 22:48   210816   ——a-w-  c:\windows\system32\drivers\ndis.sys
2010-08-04 16:03 . 2010-08-04 16:03   ————  d——-w-  c:\programmer\ASIO4ALL v2
2010-08-04 16:03 . 2010-08-04 16:02   ————  d——-w-  c:\programmer\VstPlugins
2010-08-04 16:03 . 2010-08-04 15:58   ————  d——-w-  c:\programmer\Image-Line
2010-08-04 16:02 . 2010-08-04 16:02   ————  d——-w-  c:\programmer\Outsim
2010-08-04 15:06 . 2010-08-04 14:35   ————  d——-w-  c:\programmer\UltraMixer
2010-08-04 14:40 . 2010-05-19 19:41   ————  d——-w-  c:\programmer\Graffiti Studio 2.0
2010-08-04 14:01 . 2010-03-15 18:37   ————  d——-w-  c:\documents and settings\start\Application Data\GetRightToGo
2010-08-03 19:49 . 2010-08-03 19:49   503808   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ad87a12-n\msvcp71.dll
2010-08-03 19:49 . 2010-08-03 19:49   499712   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ad87a12-n\jmc.dll
2010-08-03 19:49 . 2010-08-03 19:49   348160   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ad87a12-n\msvcr71.dll
2010-08-03 19:49 . 2010-08-03 19:49   61440   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ef97721-n\decora-sse.dll
2010-08-03 19:49 . 2010-08-03 19:49   12800   ——a-w-  c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ef97721-n\decora-d3d.dll
2010-07-26 12:43 . 2010-07-26 12:43   ————  d——-w-  c:\programmer\FlashCatch
2010-07-26 12:30 . 2010-05-10 17:05   ————  d——-w-  c:\programmer\DAEMON Tools Toolbar
2010-07-15 20:38 . 2009-04-04 15:34   ————  d——-w-  c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-14 14:31 . 2009-04-04 14:05   744448   ——a-w-  c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 08:06 . 2010-06-09 08:06   976832   ——a-w-  c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19802\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06   70584   ——a-w-  c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19802\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06   331176   ——a-w-  c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19802\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06   331176   ——a-w-  c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19802\AcrobatUpdater.exe
.

((((((((((((((((((((((((((((((((((((((((((  SR_Search   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
———- Sigcheck———-

[-] 2010-08-04 17:12 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [———] . . c:\windows\system32\drivers\ndis.sys
[-] 2010-08-04 17:12 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [———] . . c:\windows\system32\dllcache\ndis.sys
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 10:18   451808   ——a-w-  c:\programmer\RadioBar\toolbar.ni.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{5B291E6C-9A74-4034-971B-A4B007A0B315}”= “c:\programmer\RadioBar\toolbar.ni.dll” [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{5B291E6C-9A74-4034-971B-A4B007A0B315}”= “c:\programmer\RadioBar\toolbar.ni.dll” [2010-01-11 451808]

[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41   294912   ——a-w-  c:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Programmer\\Opera\\opera.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Microsoft Games\\Zoo Tycoon 2\\zt.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\iTunes\\iTunes.exe”=
“c:\\Programmer\\UltraMixer\\jre\\launch4j-tmp\\UltraMixer.exe”=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03-09-2010 16:20 165456]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\programmer\Intel\Intel Matrix Storage Manager\IAANTmon.exe [04-04-2009 17:23 354840]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [05-04-2009 00:49 38912]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [04-11-2009 22:28 145152]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys—> aswFsBlk.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04-04-2009 17:32 1684736]
S3 GoogleDesktopManager-110309-193829;Google Desktop-administrator 5.9.911.3589;c:\programmer\Google\Google Desktop Search\GoogleDesktop.exe [04-11-2009 22:30 30192]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys—> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys—> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [31-05-2010 11:30 41472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-05-2010 19:05 691696]
.
Indhold af mappen ‘Planlagte Opgaver’

2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035789119-3646499915-426764551-1006Core.job
- c:\documents and settings\start\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-07 11:42]

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035789119-3646499915-426764551-1006UA.job
- c:\documents and settings\start\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-07 11:42]
.
.
———- Yderligere scanning———-
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\programmer\RadioBar\toolbar.ni.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.
- - - - TOMME GENVEJE FJERNET - - - -

AddRemove-BitLord - c:\programmer\BitLord\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 10:03
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x859C00E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7681f28
\Driver\ACPI -> ACPI.sys @ 0xf75f4cb8
\Driver\atapi -> atapi.sys @ 0xf74e6852
\Driver\iaStor -> iaStor.sys @ 0xf744d78c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8132 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0x859a7bb0
PacketIndicateHandler -> NDIS.sys @ 0x85996a0d
SendHandler -> NDIS.sys @ 0x859aab40
user & kernel MBR OK

**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-

[HKEY_USERS\S-1-5-21-2035789119-3646499915-426764551-1006\Software\SecuROM\License information*]
“datasecu”=hex:fd,d2,bd,a6,dc,f4,cc,5e,f3,89,3a,b4,29,5f,77,5c,8a,cb,96,b9,5c,
  97,80,55,af,7d,49,ad,cb,8c,da,41,fa,36,1a,a6,b2,a1,b1,4d,48,40,d0,88,ff,ce,\
“rkeysecu”=hex:9a,19,3c,63,e9,52,59,f3,c7,50,d4,62,1d,aa,f9,98
.
——————————- DLLs startet under kørende Processer——————————-

- - - - - - - > ‘winlogon.exe’(832)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > ‘explorer.exe’(4836)
c:\windows\system32\webcheck.dll
.
————————————Andre kørende processer————————————
.
c:\programmer\Alwil Software\Avast5\AvastSvc.exe
c:\programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-06 10:08:29 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-09-06 08:08
ComboFix2.txt 2010-09-03 14:09

Pre-Kørsel: 113.693.884.416 byte ledig
Post-Kørsel: 113.450.512.384 byte ledig

- - End Of File - - A48B32F01C50A4CEEF081CFC29917D5F

Det ser forholdsvis fint ud, men det der er tilbage er til gengæld noget skrammel.

Sæt din XP cd i drevet og boot op på den, i første skærmbillede “Velkommen til Installation”, trykker du på <F10> eller tryk på <R> for at reparere.
Når Windows Genoprettelseskonsollen er startet, får du vist følgende meddelelse:
Microsoft Windows(R) Genoprettelseskonsol

Genoprettelseskonsol indeholder funktioner til systemreparation og -genoprettelse.
Skriv EXIT for at afslutte Genoprettelseskonsol, og genstart computeren.

1: C:\WINDOWS
(Hvis den spørger efter admin.kode og du ikke bruger nogen, så tryk blot på <Enter>)

Hvilken Windows-installation vil du logge på:  1     <Enter>
Efter : <C:\WINDOWS >  Skriver du:
EXPAND D:\i386\ndis.sy_ c:\windows\system32\dllcache\ndis.sys     <Enter>
EXPAND D:\i386\ndis.sy_ c:\windows\system32\drivers\ndis.sys     <Enter>
(Husk at udskifte D med det rigtige drevbogstav)
Når den er færdig, så skriver du Exit og trykker på <Enter>

Lav derefter en ny Combofixlog med følgende CFScript:

Killall::
Snapshot::

Kopier loggen herind.

OK. Det er sådan en netbook fætter uden drev - skal lige skaffe et eksternt drev så vender jeg tilbage.

Prøv lige at tjekke om du har en mappe der hedder i386 på maskinen.
Den kan være skjult, så du skal have fuld filvisning aktiveret.
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.

Alternativt kan du kopiere en ren Ndis.sys over ved hjælp af Sardu, f.eks i PuppyLinux eller Kaspersky.
Det lyder som volapyk, men hvis du læser vejledningen her, så burde det være til at have med at gøre.
http://www.fromsej.dk/Vejledninger/html/sardu.html
Den kan køres fra en USB-pind.

Tak det prøver jeg lige imorgen!

Hmm…nu har jeg rodet med Sardu (glimrende værktøj iøvrigt - tak for det!!!) og har erstattet ndis.sys i c:\windows\system32\dllcache og c:\windows\system32\drivers med ndis.sys fra c:\i386 og nu får jeg kun BSOD ved opstart kan dog godt starte den i fejlsikret tilstand…..

Hvad skriver den BSOD?