CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede mohandas Nybegynder
26. september 2007 - 23:31 Der er 20 kommentarer og
1 løsning

Hijackthis-log - er der noget galt?

Vil gerne have undersøgt min computer for spyware, virus e.l. Jeg synes tit programmer går ned, at den ikke kan åbne mapper eller andre lidt irriterende ting...

Her er loggen:

Logfile of HijackThis v1.99.1
Scan saved at 23:29:37, on 26-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\temp1.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
D:\programmer\Phone\Skype.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
D:\programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\Gandhi\LOKALE~1\Temp\woso.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [Skype] "D:\programmer\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe

Håber på hurtigt svar!
Avatar billede arlet Juniormester
27. september 2007 - 07:03 #1
Ja, der er noget snavs i loggen..

Kør trin 1 og 2 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11
Genstart og hijackthis log(vejledning http://www.malwarecheck.dk/forum/viewtopic.php?t=9) samt log´ne fra SuperAntiSpyware scanneren og Avg/Ewido
Avatar billede Computer Hjælp (Gratis) Mester
27. september 2007 - 07:06 #2
Jeg ka' godt se hvad der er galt ...

Gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede Computer Hjælp (Gratis) Mester
27. september 2007 - 07:06 #3
(Fik ikke opdateret *S* - ta' den bare...)
Avatar billede mohandas Nybegynder
29. september 2007 - 21:46 #4
Jeg kørte de to scannere, ewido og superspyware, og så har jeg lavet en ny log med hijackthis... har derudover kopieret resultatet af Rootchk ind i hijackthis-loggen:

(håber det var det jeg sku? Skal jeg ikke ind og slette noget af det i hijackthis-scanningen?)

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
29-09-2007 21:43:56,75

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 21:43:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede mohandas Nybegynder
29. september 2007 - 21:46 #5
WHOOPS... glemte at kopiere det hele... here ya go.

Logfile of HijackThis v1.99.1
Scan saved at 21:45:05, on 29-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
D:\programmer\Phone\Skype.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\avpo.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
D:\programmer\iPod\bin\iPodService.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\Gandhi\LOKALE~1\Temp\woso.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [Skype] "D:\programmer\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
29-09-2007 21:43:56,75

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 21:43:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede arlet Juniormester
29. september 2007 - 23:06 #6
-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.
Avatar billede mohandas Nybegynder
30. september 2007 - 18:15 #7
Har kørt combofix.exe, men den genstartede nu ikke computeren??

Her er loggen:

ComboFix 07-09-21.2 - "Gandhi" 2007-09-30 18:11:36.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.172 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\autorun.inf
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-30 18:10    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-30 18:04    <DIR>    d--hs----    C:\FOUND.002
2007-09-29 18:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\SUPERAntiSpyware.com
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-26 19:31    <DIR>    d--------    C:\Programmer\Polob32
2007-09-20 17:30    <DIR>    d--------    C:\Programmer\iTunes
2007-09-16 14:00    27,308    -r-hs----    C:\WINDOWS\system32\avpo0.dll
2007-09-10 21:07    <DIR>    d--------    C:\Programmer\Gyldendal
2007-09-05 10:28    <DIR>    d--------    C:\Programmer\Gads Bogskab
2007-09-03 22:27    <DIR>    d--------    C:\DOCUME~1\Gandhi\OngameNetwork
2007-09-03 14:21    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\InstallShield
2007-08-25 17:45    <DIR>    d--------    C:\Programmer\mIRC
2007-08-25 17:45    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\mIRC
2007-08-24 23:38    27,308    -r-hs----    C:\WINDOWS\system32\avpo1.dll
2007-08-20 09:06    86,851    -r-hs----    C:\WINDOWS\system32\avpo.exe
2007-08-20 09:06    86,851    -r-hs----    C:\ntde1ect.com
2007-08-18 17:02    <DIR>    d--------    C:\Programmer\Mediatwins software
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\CDCARDS
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\.oces
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\TDC
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-08-12 17:09    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\Cryptomathic

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-05-26 21:44]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-05-20 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-05-20 12:46 C:\WINDOWS\SOUNDMAN.EXE]
"BisonCom"="C:\WINDOWS\VdCap03C\BisonCom" []
"ASUS Live Update"="C:\Programmer\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 16:33]
"PRONoMgr.exe"="c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 16:33]
"\\jens\Stylus_Photo_RX420"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00]
"RemoteControl"="C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="D:\programmer\quickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"Utopia Angel"="D:\programmer\Angel.exe" [2007-09-03 01:44]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"avpa"="C:\WINDOWS\system32\avpo.exe" [2007-09-23 23:33]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

C:\DOCUME~1\GANDHI\MENUEN~1\PROGRA~1\START\
OpenOffice.org 1.1.4.lnk - C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe [2004-12-13 01:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-03-03 16:48 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys
R1 ewido security suite driver;ewido security suite driver;\??\D:\programmer\security suite\guard.sys
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 15:03:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 18:13:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\jens\\Stylus_Photo_RX420"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9CE.EXE /P25 \"\\\\jens\\Stylus_Photo_RX420\" /O34 \"\\\\192.168.0.130\\Stylus_Photo_RX420\" /M \"Stylus Photo RX420\""
.
Completion time: 2007-09-30 18:13:58
C:\ComboFix-quarantined-files.txt ... 2007-09-30 18:13
.
    --- E O F ---
Avatar billede arlet Juniormester
30. september 2007 - 18:27 #8
Ser godt ud. Genstart og lad mig se en ny hijackthis log
Avatar billede Computer Hjælp (Gratis) Mester
30. september 2007 - 18:28 #9
C:\ntde1ect.com ???
Avatar billede arlet Juniormester
30. september 2007 - 18:54 #10
dr1 larry-> Ja, den skal væk, men ville lige se om jeg skulle have en f3 med fra hijackthis loggen
Avatar billede mohandas Nybegynder
30. september 2007 - 18:58 #11
Logfile of HijackThis v1.99.1
Scan saved at 18:58:36, on 30-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programmer\iPod\bin\iPodService.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
Avatar billede arlet Juniormester
30. september 2007 - 19:22 #12
Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\WINDOWS\system32\avpo.exe
C:\ntde1ect.com
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis log
Avatar billede mohandas Nybegynder
30. september 2007 - 19:55 #13
ComboFix 07-09-21.2 - "Gandhi" 2007-09-30 19:32:13.2 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.175 [GMT 2:00]
Command switches used ::  D:\Prison Break\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\avpo.exe
C:\ntde1ect.com
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\ntde1ect.com
C:\WINDOWS\system32\avpo.exe
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-30 18:10    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-30 18:04    <DIR>    d--hs----    C:\FOUND.002
2007-09-29 18:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\SUPERAntiSpyware.com
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-26 19:31    <DIR>    d--------    C:\Programmer\Polob32
2007-09-20 17:30    <DIR>    d--------    C:\Programmer\iTunes
2007-09-16 14:00    27,308    -r-hs----    C:\WINDOWS\system32\avpo0.dll
2007-09-10 21:07    <DIR>    d--------    C:\Programmer\Gyldendal
2007-09-05 10:28    <DIR>    d--------    C:\Programmer\Gads Bogskab
2007-09-03 22:27    <DIR>    d--------    C:\DOCUME~1\Gandhi\OngameNetwork
2007-09-03 14:21    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\InstallShield
2007-08-25 17:45    <DIR>    d--------    C:\Programmer\mIRC
2007-08-25 17:45    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\mIRC
2007-08-24 23:38    27,308    -r-hs----    C:\WINDOWS\system32\avpo1.dll
2007-08-18 17:02    <DIR>    d--------    C:\Programmer\Mediatwins software
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\CDCARDS
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\.oces
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\TDC
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-08-12 17:09    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\Cryptomathic

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-05-26 21:44]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-05-20 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-05-20 12:46 C:\WINDOWS\SOUNDMAN.EXE]
"BisonCom"="C:\WINDOWS\VdCap03C\BisonCom" []
"ASUS Live Update"="C:\Programmer\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 16:33]
"PRONoMgr.exe"="c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 16:33]
"\\jens\Stylus_Photo_RX420"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00]
"RemoteControl"="C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="D:\programmer\quickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"Utopia Angel"="D:\programmer\Angel.exe" [2007-09-03 01:44]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"avpa"="C:\WINDOWS\system32\avpo.exe" []
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

C:\DOCUME~1\GANDHI\MENUEN~1\PROGRA~1\START\
OpenOffice.org 1.1.4.lnk - C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe [2004-12-13 01:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-03-03 16:48 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys
R1 ewido security suite driver;ewido security suite driver;\??\D:\programmer\security suite\guard.sys
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 15:03:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 19:33:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\jens\\Stylus_Photo_RX420"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9CE.EXE /P25 \"\\\\jens\\Stylus_Photo_RX420\" /O34 \"\\\\192.168.0.130\\Stylus_Photo_RX420\" /M \"Stylus Photo RX420\""
.
Completion time: 2007-09-30 19:34:20
C:\ComboFix-quarantined-files.txt ... 2007-09-30 19:34
C:\ComboFix2.txt ... 2007-09-30 18:14
.
    --- E O F ---


og en ny hijackthis-log:

Logfile of HijackThis v1.99.1
Scan saved at 19:55:48, on 30-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
D:\programmer\iPod\bin\iPodService.exe
D:\programmer\Phone\Skype.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
Avatar billede arlet Juniormester
30. september 2007 - 20:12 #14
Gør det samme som du gjorde her:30/09-2007 19:22:22 med dem her:

------------
File::
C:\WINDOWS\system32\avpo0.dll
C:\WINDOWS\system32\avpo1.dll
------------


Derefter gør du følgende:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe

Genstart og ny hijackthis log og combo log
Avatar billede mohandas Nybegynder
30. september 2007 - 21:30 #15
her er de to nye logs:

Logfile of HijackThis v1.99.1
Scan saved at 21:26:15, on 30-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\iTunes\iTunesHelper.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe

OG:

ComboFix 07-09-21.2 - "Gandhi" 2007-09-30 21:27:17.4 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.136 [GMT 2:00]
.

(((((((((((((((((((((((((  Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-30 18:10    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-30 18:04    <DIR>    d--hs----    C:\FOUND.002
2007-09-29 18:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\SUPERAntiSpyware.com
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-26 19:31    <DIR>    d--------    C:\Programmer\Polob32
2007-09-20 17:30    <DIR>    d--------    C:\Programmer\iTunes
2007-09-16 14:00    27,308    -r-hs----    C:\WINDOWS\system32\avpo0.dll
2007-09-10 21:07    <DIR>    d--------    C:\Programmer\Gyldendal
2007-09-05 10:28    <DIR>    d--------    C:\Programmer\Gads Bogskab
2007-09-03 22:27    <DIR>    d--------    C:\DOCUME~1\Gandhi\OngameNetwork
2007-09-03 14:21    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\InstallShield
2007-08-25 17:45    <DIR>    d--------    C:\Programmer\mIRC
2007-08-25 17:45    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\mIRC
2007-08-24 23:38    27,308    -r-hs----    C:\WINDOWS\system32\avpo1.dll
2007-08-18 17:02    <DIR>    d--------    C:\Programmer\Mediatwins software
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\CDCARDS
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\.oces
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\TDC
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-08-12 17:09    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\Cryptomathic

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
.

(((((((((((((((((((((((((((((  snapshot_2007-09-30_181343,90  )))))))))))))))))))))))))))))))))))))))))
.
----a-w          163,328 2007-03-13 08:57:12  C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-05-26 21:44]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-05-20 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-05-20 12:46 C:\WINDOWS\SOUNDMAN.EXE]
"BisonCom"="C:\WINDOWS\VdCap03C\BisonCom" []
"ASUS Live Update"="C:\Programmer\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 16:33]
"PRONoMgr.exe"="c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 16:33]
"\\jens\Stylus_Photo_RX420"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00]
"RemoteControl"="C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="D:\programmer\quickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"Utopia Angel"="D:\programmer\Angel.exe" [2007-09-03 01:44]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

C:\DOCUME~1\GANDHI\MENUEN~1\PROGRA~1\START\
OpenOffice.org 1.1.4.lnk - C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe [2004-12-13 01:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-03-03 16:48 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys
R1 ewido security suite driver;ewido security suite driver;\??\D:\programmer\security suite\guard.sys
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 15:03:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 21:28:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\jens\\Stylus_Photo_RX420"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9CE.EXE /P25 \"\\\\jens\\Stylus_Photo_RX420\" /O34 \"\\\\192.168.0.130\\Stylus_Photo_RX420\" /M \"Stylus Photo RX420\""
.
Completion time: 2007-09-30 21:29:30
C:\ComboFix-quarantined-files.txt ... 2007-09-30 21:29
C:\ComboFix3.txt ... 2007-09-30 19:34
C:\ComboFix2.txt ... 2007-09-30 21:20
.
    --- E O F ---
Avatar billede arlet Juniormester
01. oktober 2007 - 21:46 #16
Så prøver vi noget andet..

Hent Avenger ned til skrivebordet her fra:
http://swandog46.geekstogo.com/avenger.exe

1. Dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\WINDOWS\system32\avpo0.dll
C:\WINDOWS\system32\avpo1.dll
-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.
Avatar billede mohandas Nybegynder
01. oktober 2007 - 23:32 #17
Her er loggen, skal jeg også lave en hijackthis-scanning og kopiere log herind?


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xfyvbodq

*******************

Script file located at: \??\C:\Documents and Settings\ccvtrkhj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\avpo0.dll deleted successfully.
File C:\WINDOWS\system32\avpo1.dll deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Avatar billede Computer Hjælp (Gratis) Mester
02. oktober 2007 - 07:35 #18
BINGO!
Ja
Avatar billede arlet Juniormester
02. oktober 2007 - 17:11 #19
Det var godt.. Jeg vil gerne se en ny combofix log
Avatar billede mohandas Nybegynder
03. oktober 2007 - 00:15 #20
ComboFix 07-10-02.2 - Gandhi 2007-10-03  0:04:55.5 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.159 [GMT 2:00]
Running from: D:\Prison Break\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Skrivebord\internet.lnk

.
(((((((((((((((((((((((((  Files Created from 2007-09-02 to 2007-10-02  )))))))))))))))))))))))))))))))
.

2007-09-30 18:10    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-30 18:04    <DIR>    d--hs----    C:\FOUND.002
2007-09-29 18:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-29 18:33    <DIR>    d--------    C:\Documents and Settings\Gandhi\Application Data\SUPERAntiSpyware.com
2007-09-29 18:33    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-26 19:31    <DIR>    d--------    C:\Programmer\Polob32
2007-09-20 17:30    <DIR>    d--------    C:\Programmer\iTunes
2007-09-10 21:07    <DIR>    d--------    C:\Programmer\Gyldendal
2007-09-05 10:28    <DIR>    d--------    C:\Programmer\Gads Bogskab
2007-09-03 22:27    <DIR>    d--------    C:\Documents and Settings\Gandhi\OngameNetwork
2007-09-03 14:21    <DIR>    d--------    C:\Documents and Settings\Gandhi\Application Data\InstallShield

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-25 17:45    ---------    d--------    C:\Programmer\mIRC
2007-08-25 17:45    ---------    d--------    C:\Documents and Settings\Gandhi\Application Data\mIRC
2007-08-18 17:02    ---------    d--------    C:\Programmer\Mediatwins software
2007-08-12 17:09    ---------    d--------    C:\Programmer\TDC
2007-08-12 17:09    ---------    d--------    C:\Documents and Settings\Gandhi\Application Data\Cryptomathic
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
.

(((((((((((((((((((((((((((((  snapshot_2007-09-30_181343,90  )))))))))))))))))))))))))))))))))))))))))
.
----a-w          135,168 2007-09-28 07:06:10  C:\WINDOWS\catchme.exe
----a-w          135,168 2007-09-24 20:30:28  C:\WINDOWS\system32\java.exe
----a-w          135,168 2007-09-24 20:30:30  C:\WINDOWS\system32\javaw.exe
----a-w          139,264 2007-09-24 21:31:42  C:\WINDOWS\system32\javaws.exe
----a-w          844,800 2007-07-22 16:39:28  C:\WINDOWS\system32\swreg.exe
.
----a-w          109,056 2007-07-19 22:47:24  C:\WINDOWS\catchme.exe
----a-w          135,168 2007-03-13 22:31:24  C:\WINDOWS\system32\java.exe
----a-w          135,168 2007-03-13 22:31:28  C:\WINDOWS\system32\javaw.exe
----a-w          139,264 2007-03-14 00:04:46  C:\WINDOWS\system32\javaws.exe
----a-w          279,552 2007-07-22 16:39:28  C:\WINDOWS\system32\swreg.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-05-26 21:44]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-05-20 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-05-20 12:46 C:\WINDOWS\SOUNDMAN.EXE]
"BisonCom"="C:\WINDOWS\VdCap03C\BisonCom" []
"ASUS Live Update"="C:\Programmer\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 16:33]
"PRONoMgr.exe"="c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 16:33]
"\\jens\Stylus_Photo_RX420"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00]
"RemoteControl"="C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="D:\programmer\quickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"Utopia Angel"="D:\programmer\Angel.exe" [2007-10-01 14:44]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

C:\Documents and Settings\Gandhi\Menuen Start\Programmer\Start\
OpenOffice.org 1.1.4.lnk - C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe [2004-12-13 01:10:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-03-03 16:48 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys
R1 ewido security suite driver;ewido security suite driver;\??\D:\programmer\security suite\guard.sys
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 15:03:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 00:06:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\jens\\Stylus_Photo_RX420"="C:\\WINDOWS\\System32\\spoo
Avatar billede arlet Juniormester
03. oktober 2007 - 07:21 #21
Så lykkes det..

Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Her kan du læse om vores skudsikre sikkerhedspakke: http://www.malwarecheck.dk/forum/viewtopic.php?t=156 . Hvis du har nogle spørgsmål, så spørger du bare..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
23 min siden wifi og kablet samtidig Af Jb2000 i LAN/WAN
54 min siden query calculated field ? Af fimo i Access
I dag 08:47 Mest forekomne tal. Af Budwar i Excel
I går 11:49 Jeg kan ikke længere få adgang til min NAS Af eliot i NAS & storage
I går 00:51 Begrænset Wifi ???? Hjælp 🤔 Af Lone “Mikkeline” Mikkelsen i PC
White papers
Flere white papers »


Premium
Teaser billede
Delegate-ejer køber dansk Microsoft-hus med 60 ansatte: Skal styrke koncernen på ERP-fronten
Læs mere »
Danske Widex ramt af ransomware-angreb: Trues med lækage af helbredsoplysninger
Bliv CISO for 45.000 medarbejdere: Se hvad det indebærer
Fyrings-rygterne svirrer om Styrelsen for It og Læring: Direktør Stine Hegelund Bertelsen vil intet sige
Se alle »
Computerworld
Teaser billede
Nærmest selvkørende: Jeg kørte fra Roskilde til København uden at røre rattet
Læs mere »
Næste måned skifter din iPhones Apple-id til et nyt navn
Test af Tesla Model 3 Performance: Aldrig har man fået så meget sportsvogn til så få penge
Vil erstatte halvdelen af sine ansatte med AI: De tilbageværende kan se frem til lønforhøjelser
Se alle »
CIO
Teaser billede
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
Læs mere »
Selskab med 40.000 ansatte dropper VMware efter ballade - vælger anden løsning
Topchef: Public cloud er alt for dyrt og besværligt - fremtiden for virksomhederne er et helt andet sted
Norlys ramt af to nedbrud på et døgn: "Vi løber så stærkt, vi kan"
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
Til åbningsfest i det nye NNIT-hovedkontor: ”Som at flytte til New York sammenlignet med der hvor vi kommer fra” - se billederne
Se alle »
White paper
Teaser billede
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
Læs mere »
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Guide: Sådan udvikler du en moderne netværksstrategi
Sådan får du overblik og beskytter dine cloudapplikationer
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »