tomorrow
Medlem-
Innehållsantal
340 -
Gick med
-
Besökte senast
Allt postat av tomorrow
-
Köpes: Skrivarhuvud till Canon
tomorrow svarade på tomorrow's ämne i Allmänna datorfrågor och -diskussioner
Måste bara tala om. Kontaktade en Canon reservdelsbutik ang ovanstående. Pris: 1123:- Jag frågade om det var 10-pack! En ny Canon Pixma iP4600 får man för 990:- /tomorrow -
Hej! Någon som har eller vet var jag kan få tag på ett skrivarhuvud till Canon Pixma iP4200. Gärna ett PM till mig. /tomorow
-
Hej! Som rubriken. Någon som vet. /tomorrow
-
Hej Malou! Har nu gjort ovanstående enligt instruktioner och återaktiverat systemåterställningen och Defender. Datorn går bra! Hoppas att den fortsätter att vara ren. Varför uppstod detta, med tanke på filen IPv6.dll ? Hoppas att du nu kan pusta ut lite grann! TM JHT-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:42:10, on 2009-08-03 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Personal\bin\Personal.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Windows\System32\mobsync.exe C:\Windows\system32\conime.exe C:\Program Files\Trend Micro\HijackThis\tomorrow.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- End of file - 2757 bytes /tomorrow
-
Hej Malou! Har nu gjort allt ovan enligt instruktionerna. Datorn går mycket bra. Antar att jag ska aktivera Windows Defender igen. (Har inte gjort det än) Här är loggarna: Malwarebytes' Anti-Malware 1.39 Databasversion: 2549 Windows 6.0.6002 Service Pack 2 2009-08-03 14:35:46 mbam-log-2009-08-03 (14-35-46).txt Skanningstyp: Snabb skanning Antal skannade objekt: 75232 Förfluten tid: 2 minute(s), 20 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades) ------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:37:01, on 2009-08-03 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Program Files\Personal\bin\Personal.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\tomorrow.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- End of file - 2734 bytes / tomorrow
-
God förmiddag Malou! Har nu flyttat filen IPv6.dll från C:\Windows\System32 till en mapp på skrivbordet. Startat om datorn och konstaterar att jag kommer ut på nätet. På eget bevåg gjorde jag en mbam scanning efter uppdatering av mbam och loggen kommer här: Malwarebytes' Anti-Malware 1.39 Databasversion: 2549 Windows 6.0.6002 Service Pack 2 2009-08-03 11:38:46 mbam-log-2009-08-03 (11-38-46).txt Skanningstyp: Snabb skanning Antal skannade objekt: 75275 Förfluten tid: 1 minute(s), 39 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades) Fint va!! /tomorrow
-
Malou! Har nu gjort en ny TM HJT(som Admin) och storleken är inte lika Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:00:06, on 2009-08-03 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Personal\bin\Personal.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Program Files\Trend Micro\HijackThis\tomorrow.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- End of file - 2559 bytes Ska vi inte sluta för ikväll? /tomorrow
-
Hej Malou! Här kommer mbam loggan och Hijack loggan. Som du ser av mbam loggan så har en av två Backdoor.bot försvunnit. Malwarebytes' Anti-Malware 1.39 Databasversion: 2547 Windows 6.0.6001 Service Pack 1 2009-08-02 23:14:57 mbam-log-2009-08-02 (23-11-06).txt Skanningstyp: Snabb skanning Antal skannade objekt: 75172 Förfluten tid: 1 minute(s), 47 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 1 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: C:\Windows\System32\ipv6.dll (Backdoor.Bot) -> No action taken. -------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:00, on 2009-08-02 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Personal\bin\Personal.exe C:\Windows\SYSTEM32\CTXFISPI.EXE C:\Windows\System32\wsqmcons.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\tomorrow.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- End of file - 2635 bytes /tomorrow
-
Hej igen Malou! Någon logga har jag inte kvar, så jag uppdaterade mbam och gjorde en ny. Hinner inte göra en TM HJT-logga nu för jag måste först hitta hur det var man gjorde. Och för det måste jag ut på en promenad med min dotter. Några återställningspunkter har jag inte. Blev väl inte aktiverat vid senaste ominstallationen. Hur jag ska avaktivera IPv6 vet jag inte när det nu inte finns med när jag tittar på ststus i kontrollpanelen. (se bild) Återkommer /tomorrow
-
Hej igen Malou! Har nu gjort som sUBs rekomenderade men med samma resultat, ingen internet uppkoppling. Har också provat Venoms förslag, men någon "mnwin32" har jag inte så någon avaktivering kunde inte göras. Eftersom datorn inte fungerade på internet så kopierade jag in ipv6.dll till Windows\System32 och "vips" så är jag ute på nätet igen, MEN efter en scanning med Malwarebytes så har jag naturligtvis två "Backdoor.Bot" i resultatlistan. Backdoor.Bot File C:\Windows\System32\ipv6.dll Backdoor.Bot Memory Module C:\Windows\System32\ipv6.dll Om jag nu tar bort dessa som mbam föreslår så kommer jag ju att tappa nätkontakten igen. Är ipv6.dll verkligen infekterade? SUCK! /tomorrow
-
Hej Malou! Middagen var utmärkt. Sov länge idag. Men här kommer nu ComboFix-loggan. ComboFix 09-07-31.04 - Lars-Owe Gradin 2009-08-02 10:54.2.4 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.46.1053.18.3071.2281 [GMT 2:00] Running from: c:\users\Lars-Owe Gradin\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 ))))))))))))))))))))))))))))))) . 2009-08-02 08:58 . 2009-08-02 08:58 -------- d-----w- c:\users\Lars-Owe Gradin\AppData\Local\temp 2009-07-31 09:06 . 2009-07-31 09:06 552 ----a-w- c:\users\Lars-Owe Gradin\AppData\Local\d3d8caps.dat 2009-07-31 08:46 . 2009-07-31 08:54 -------- d-----w- c:\users\Lars-Owe Gradin\AppData\Roaming\Personal 2009-07-31 08:44 . 2009-07-31 08:44 -------- d-----w- c:\program files\Personal 2009-07-31 08:43 . 2009-07-31 08:43 -------- d-----w- c:\program files\Nordea NCR1 Installationspaket 2009-07-31 08:43 . 2009-07-31 08:43 -------- d-----w- c:\windows\system32\nordea 2009-07-31 08:43 . 2007-10-30 07:45 24064 ----a-w- c:\windows\system32\drivers\nordecr.sys 2009-07-31 08:42 . 2009-07-31 08:42 -------- d-----w- c:\users\Lars-Owe Gradin\AppData\Roaming\InstallShield 2009-07-31 08:14 . 2009-08-01 15:01 -------- d-----w- c:\users\Lars-Owe Gradin\AppData\Roaming\Spotify 2009-07-31 08:14 . 2009-07-31 08:14 -------- d-----w- c:\users\Lars-Owe Gradin\AppData\Local\Spotify 2009-07-31 08:14 . 2009-07-31 08:14 -------- d-----w- c:\program files\Spotify 2009-07-31 00:58 . 2009-07-31 00:58 -------- d-sh--w- C:\Boot 2009-07-31 00:58 . 2009-07-31 00:58 -------- d-----w- c:\windows\system32\OEM 2009-07-31 00:58 . 2009-07-30 15:05 -------- d-----w- c:\windows\PANTHER 2009-07-31 00:57 . 2009-08-02 08:18 596850 ----a-w- c:\windows\system32\perfh01D.dat 2009-07-31 00:57 . 2009-08-02 08:18 116832 ----a-w- c:\windows\system32\perfc01D.dat 2009-07-31 00:57 . 2009-07-31 00:57 35978 ----a-w- c:\windows\system32\perfd01D.dat 2009-07-31 00:57 . 2009-07-31 00:57 290490 ----a-w- c:\windows\system32\perfi01D.dat 2009-07-31 00:57 . 2009-07-31 00:57 -------- d-----w- c:\windows\system32\wbem\sv-SE 2009-07-31 00:57 . 2009-07-31 00:57 -------- d-----w- c:\windows\system32\sv 2009-07-31 00:57 . 2009-07-31 00:57 -------- d-----w- c:\windows\system32\drivers\sv-SE 2009-07-31 00:57 . 2009-07-31 00:57 -------- d-----w- c:\windows\sv-SE 2009-07-30 20:03 . 2009-07-30 20:03 -------- d-----w- c:\users\Lars-Owe Gradin\AppData\Roaming\Malwarebytes 2009-07-30 20:03 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-30 20:03 . 2009-07-30 20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-30 20:03 . 2009-07-30 20:03 -------- d-----w- c:\programdata\Malwarebytes 2009-07-30 20:03 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-30 19:11 . 2009-07-30 19:11 -------- d-----w- c:\users\Lars-Owe Gradin\AppData\Roaming\Foxit 2009-07-30 19:11 . 2009-07-30 19:11 -------- d-----w- c:\program files\Foxit Software 2009-07-30 19:00 . 2009-07-30 19:00 -------- d-----w- c:\program files\BitLord 2009-07-30 18:26 . 2009-07-30 18:27 -------- d-----w- c:\users\Lars-Owe Gradin\AppData\Roaming\Creative 2009-07-30 18:24 . 2009-07-30 18:24 -------- d-----w- c:\users\Lars-Owe Gradin\AppData\Roaming\Ashampoo 2009-07-30 18:24 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll 2009-07-30 18:24 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-07-30 18:24 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-07-30 18:24 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-07-30 18:24 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-07-30 18:24 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll 2009-07-30 18:24 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2009-07-30 18:24 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-07-30 18:24 . 2009-07-30 18:24 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-07-30 18:22 . 2009-07-30 18:22 -------- d-----w- c:\program files\Ashampoo 2009-07-30 18:13 . 2009-07-30 18:13 -------- d-----r- C:\DRIVER 2009-07-30 18:12 . 2009-07-30 18:13 -------- d-----w- C:\CREATIVE DRIVER XFi VISTA 2009-07-30 16:52 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll 2009-07-30 16:02 . 2008-05-27 05:17 87552 ----a-w- c:\windows\system32\SearchFilterHost.exe 2009-07-30 16:01 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-07-30 15:47 . 2009-07-30 15:47 -------- d-----w- c:\program files\Common Files\Creative 2009-07-30 15:44 . 2008-09-25 13:40 20888640 ----a-w- c:\windows\system32\AppSetup.exe 2009-07-30 15:44 . 2009-07-31 08:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-30 15:44 . 2009-07-30 15:44 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-30 15:43 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2009-07-30 15:43 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2009-07-30 15:43 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2009-07-30 15:43 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2009-07-30 15:43 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2009-07-30 15:42 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2009-07-30 15:42 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2009-07-30 15:38 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll 2009-07-30 15:38 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll 2009-07-30 15:38 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-07-30 15:38 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2009-07-30 15:38 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2009-07-30 15:35 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll 2009-07-30 15:35 . 2008-02-29 07:11 927288 ----a-w- c:\windows\system32\winresume.exe 2009-07-30 15:35 . 2008-02-29 07:11 988216 ----a-w- c:\windows\system32\winload.exe 2009-07-30 15:35 . 2008-02-22 05:05 615992 ----a-w- c:\windows\system32\ci.dll 2009-07-30 15:35 . 2008-02-29 06:53 378368 ----a-w- c:\windows\system32\srcore.dll 2009-07-30 15:35 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll 2009-07-30 15:35 . 2008-02-29 06:53 46592 ----a-w- c:\windows\system32\setbcdlocale.dll 2009-07-30 15:35 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll 2009-07-30 15:35 . 2008-02-29 04:12 318464 ----a-w- c:\windows\system32\rstrui.exe 2009-07-30 15:35 . 2008-02-29 04:12 14848 ----a-w- c:\windows\system32\srdelayed.exe 2009-07-30 15:32 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2009-07-30 15:32 . 2008-12-16 05:31 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-07-30 15:32 . 2008-12-16 05:31 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-07-30 15:32 . 2008-12-16 03:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-07-30 15:32 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2009-07-30 15:32 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll 2009-07-30 15:32 . 2008-12-16 02:42 288768 ----a-w- c:\windows\system32\drivers\srv.sys 2009-07-30 15:32 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe 2009-07-30 15:32 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll 2009-07-30 15:32 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll 2009-07-30 15:29 . 2009-07-30 15:29 -------- d-----w- c:\windows\system32\Macromed 2009-07-30 15:23 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll 2009-07-30 15:18 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe 2009-07-30 15:18 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll 2009-07-30 15:18 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll 2009-07-30 15:18 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll 2009-07-30 15:18 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll 2009-07-30 15:18 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll 2009-07-30 15:18 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll 2009-07-30 15:18 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll 2009-07-30 15:18 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe 2009-07-30 15:12 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-07-30 15:12 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-07-30 15:12 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-07-30 15:12 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-07-30 15:12 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-07-30 15:12 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-07-30 15:12 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-07-30 15:12 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-07-30 15:12 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2009-07-30 15:12 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2009-07-30 15:12 . 2009-07-30 15:12 -------- d-----w- c:\program files\Alwil Software 2009-07-30 15:06 . 2009-07-30 15:06 -------- d-sh--we c:\users\Default\Start-meny . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-02 08:13 . 2009-07-30 15:09 680 ----a-w- c:\users\Lars-Owe Gradin\AppData\Local\d3d9caps.dat 2009-07-31 00:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-07-31 00:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-07-31 00:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-07-31 00:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-07-31 00:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-07-31 00:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-07-31 00:57 . 2009-07-31 00:57 35978 ----a-w- c:\windows\inf\PERFLIB\041D\perfd.dat 2009-07-31 00:57 . 2009-07-31 00:57 35978 ----a-w- c:\windows\inf\PERFLIB\041D\perfc.dat 2009-07-31 00:57 . 2009-07-31 00:57 290490 ----a-w- c:\windows\inf\PERFLIB\041D\perfi.dat 2009-07-31 00:57 . 2009-07-31 00:57 290490 ----a-w- c:\windows\inf\PERFLIB\041D\perfh.dat 2009-07-30 16:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-30 16:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-07-30 15:48 . 2009-07-30 15:47 -------- d--h--w- c:\program files\Creative Installation Information 2009-07-30 15:47 . 2009-07-30 15:44 -------- d-----w- c:\program files\Creative 2009-07-30 15:46 . 2009-07-30 15:46 -------- d-----w- c:\programdata\Creative 2009-07-30 15:45 . 2009-07-30 15:45 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2009-07-30 15:45 . 2009-07-30 15:45 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2009-07-30 15:45 . 2009-07-30 15:45 -------- d-----w- c:\program files\OpenAL 2009-07-30 15:45 . 2009-07-30 15:45 -------- d-----w- c:\program files\Common Files\Creative Labs Shared 2009-07-30 15:12 . 2009-07-30 15:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-07-30 15:09 . 2009-07-30 15:09 48600 ----a-w- c:\users\Lars-Owe Gradin\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-30 15:08 . 2009-07-30 15:08 12 ----a-w- c:\windows\system32\drivers\FSC__RC__AMD690VM-FMH__FUJITSU SIEMENS_AMD690VM-FMH__)Phoenix - Award WorkstationBIOS v6.00PG_FSC - 42302e31_V5.13.MRK 2009-07-30 15:06 . 2009-07-30 15:06 -------- d-sh--we c:\programdata\Start-meny 2009-07-30 15:06 . 2009-07-30 15:06 -------- d-sh--we c:\programdata\Skrivbord 2009-07-30 15:06 . 2009-07-30 15:06 -------- d-sh--we c:\programdata\Mallar 2009-07-30 15:06 . 2009-07-30 15:06 -------- d-sh--we c:\programdata\Favoriter 2009-07-30 15:06 . 2009-07-30 15:06 -------- d-sh--we c:\programdata\Dokument 2009-07-30 15:06 . 2009-07-30 15:06 -------- d-sh--we c:\program files\Delade filer 2009-07-21 21:52 . 2009-07-30 16:53 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-30 16:53 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-30 16:53 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 20:13 . 2009-07-30 16:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-06-15 15:24 . 2009-07-30 15:36 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-30 15:36 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-30 15:36 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-30 15:36 289792 ----a-w- c:\windows\system32\atmfd.dll 2008-04-23 10:43 . 2008-04-23 10:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-08-01_10.04.21 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 01:58 . 2009-08-02 08:15 25650 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 13:05 . 2009-08-02 08:15 60266 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-07-30 15:07 . 2009-08-01 09:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-30 15:07 . 2009-08-02 08:54 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-30 15:07 . 2009-08-01 09:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-30 15:07 . 2009-08-02 08:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-30 15:07 . 2009-08-02 08:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-30 15:07 . 2009-08-01 09:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-08-01 10:46 . 2009-08-01 10:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-08-01 10:46 . 2009-08-01 10:46 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-08-01 10:46 . 2009-08-01 10:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-30 15:11 . 2009-08-02 08:15 3008 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-727541656-2807401189-1181402284-1000_UserData.bin + 2009-08-02 08:13 . 2009-08-02 08:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-08-02 08:13 . 2009-08-02 08:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 10:33 . 2009-08-02 08:18 586568 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-08-01 09:00 586568 c:\windows\System32\perfh009.dat - 2006-11-02 10:33 . 2009-08-01 09:00 100640 c:\windows\System32\perfc009.dat + 2006-11-02 10:33 . 2009-08-02 08:18 100640 c:\windows\System32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2008-10-07 23552] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Personal.lnk - c:\program files\Personal\bin\Personal.exe [2009-7-31 939536] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{2A8206C9-B319-43FC-9C5D-7A1A7830844D}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{E7CFE675-64CE-4D64-AA31-F66E86AD5CA9}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{F1E9262F-9043-4F79-9421-97F892AE8CCE}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{9476D242-1214-45F3-B471-244971A09322}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-07-30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-07-30 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-07-30 51792] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.sys [2008-10-08 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.sys [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-07-30 79360] S3 CT20XUT;CT20XUT;c:\windows\System32\drivers\CT20XUT.sys [2008-10-08 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\System32\drivers\CTEXFIFX.sys [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\System32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\System32\drivers\nordecr.sys [2009-07-31 24064] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . LSP: ipv6.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-02 10:58 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-02 11:00 ComboFix-quarantined-files.txt 2009-08-02 09:00 ComboFix2.txt 2009-08-01 10:06 Pre-Run: 217 247 477 760 byte ledigt Post-Run: 216 697 085 952 byte ledigt 237 --- E O F --- 2009-07-30 16:54 /tomorrow