CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede mohandas Nybegynder
26. september 2007 - 23:31 Der er 20 kommentarer og
1 løsning

Hijackthis-log - er der noget galt?

Vil gerne have undersøgt min computer for spyware, virus e.l. Jeg synes tit programmer går ned, at den ikke kan åbne mapper eller andre lidt irriterende ting...

Her er loggen:

Logfile of HijackThis v1.99.1
Scan saved at 23:29:37, on 26-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\temp1.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
D:\programmer\Phone\Skype.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
D:\programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\Gandhi\LOKALE~1\Temp\woso.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [Skype] "D:\programmer\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe

Håber på hurtigt svar!
Avatar billede arlet Juniormester
27. september 2007 - 07:03 #1
Ja, der er noget snavs i loggen..

Kør trin 1 og 2 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11
Genstart og hijackthis log(vejledning http://www.malwarecheck.dk/forum/viewtopic.php?t=9) samt log´ne fra SuperAntiSpyware scanneren og Avg/Ewido
Avatar billede Computer Hjælp (Gratis) Mester
27. september 2007 - 07:06 #2
Jeg ka' godt se hvad der er galt ...

Gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede Computer Hjælp (Gratis) Mester
27. september 2007 - 07:06 #3
(Fik ikke opdateret *S* - ta' den bare...)
Avatar billede mohandas Nybegynder
29. september 2007 - 21:46 #4
Jeg kørte de to scannere, ewido og superspyware, og så har jeg lavet en ny log med hijackthis... har derudover kopieret resultatet af Rootchk ind i hijackthis-loggen:

(håber det var det jeg sku? Skal jeg ikke ind og slette noget af det i hijackthis-scanningen?)

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
29-09-2007 21:43:56,75

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 21:43:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede mohandas Nybegynder
29. september 2007 - 21:46 #5
WHOOPS... glemte at kopiere det hele... here ya go.

Logfile of HijackThis v1.99.1
Scan saved at 21:45:05, on 29-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
D:\programmer\Phone\Skype.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\avpo.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
D:\programmer\iPod\bin\iPodService.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\Gandhi\LOKALE~1\Temp\woso.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [Skype] "D:\programmer\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
29-09-2007 21:43:56,75

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 21:43:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede arlet Juniormester
29. september 2007 - 23:06 #6
-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.
Avatar billede mohandas Nybegynder
30. september 2007 - 18:15 #7
Har kørt combofix.exe, men den genstartede nu ikke computeren??

Her er loggen:

ComboFix 07-09-21.2 - "Gandhi" 2007-09-30 18:11:36.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.172 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\autorun.inf
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-30 18:10    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-30 18:04    <DIR>    d--hs----    C:\FOUND.002
2007-09-29 18:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\SUPERAntiSpyware.com
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-26 19:31    <DIR>    d--------    C:\Programmer\Polob32
2007-09-20 17:30    <DIR>    d--------    C:\Programmer\iTunes
2007-09-16 14:00    27,308    -r-hs----    C:\WINDOWS\system32\avpo0.dll
2007-09-10 21:07    <DIR>    d--------    C:\Programmer\Gyldendal
2007-09-05 10:28    <DIR>    d--------    C:\Programmer\Gads Bogskab
2007-09-03 22:27    <DIR>    d--------    C:\DOCUME~1\Gandhi\OngameNetwork
2007-09-03 14:21    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\InstallShield
2007-08-25 17:45    <DIR>    d--------    C:\Programmer\mIRC
2007-08-25 17:45    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\mIRC
2007-08-24 23:38    27,308    -r-hs----    C:\WINDOWS\system32\avpo1.dll
2007-08-20 09:06    86,851    -r-hs----    C:\WINDOWS\system32\avpo.exe
2007-08-20 09:06    86,851    -r-hs----    C:\ntde1ect.com
2007-08-18 17:02    <DIR>    d--------    C:\Programmer\Mediatwins software
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\CDCARDS
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\.oces
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\TDC
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-08-12 17:09    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\Cryptomathic

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-05-26 21:44]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-05-20 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-05-20 12:46 C:\WINDOWS\SOUNDMAN.EXE]
"BisonCom"="C:\WINDOWS\VdCap03C\BisonCom" []
"ASUS Live Update"="C:\Programmer\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 16:33]
"PRONoMgr.exe"="c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 16:33]
"\\jens\Stylus_Photo_RX420"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00]
"RemoteControl"="C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="D:\programmer\quickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"Utopia Angel"="D:\programmer\Angel.exe" [2007-09-03 01:44]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"avpa"="C:\WINDOWS\system32\avpo.exe" [2007-09-23 23:33]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

C:\DOCUME~1\GANDHI\MENUEN~1\PROGRA~1\START\
OpenOffice.org 1.1.4.lnk - C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe [2004-12-13 01:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-03-03 16:48 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys
R1 ewido security suite driver;ewido security suite driver;\??\D:\programmer\security suite\guard.sys
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 15:03:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 18:13:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\jens\\Stylus_Photo_RX420"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9CE.EXE /P25 \"\\\\jens\\Stylus_Photo_RX420\" /O34 \"\\\\192.168.0.130\\Stylus_Photo_RX420\" /M \"Stylus Photo RX420\""
.
Completion time: 2007-09-30 18:13:58
C:\ComboFix-quarantined-files.txt ... 2007-09-30 18:13
.
    --- E O F ---
Avatar billede arlet Juniormester
30. september 2007 - 18:27 #8
Ser godt ud. Genstart og lad mig se en ny hijackthis log
Avatar billede Computer Hjælp (Gratis) Mester
30. september 2007 - 18:28 #9
C:\ntde1ect.com ???
Avatar billede arlet Juniormester
30. september 2007 - 18:54 #10
dr1 larry-> Ja, den skal væk, men ville lige se om jeg skulle have en f3 med fra hijackthis loggen
Avatar billede mohandas Nybegynder
30. september 2007 - 18:58 #11
Logfile of HijackThis v1.99.1
Scan saved at 18:58:36, on 30-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programmer\iPod\bin\iPodService.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
Avatar billede arlet Juniormester
30. september 2007 - 19:22 #12
Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\WINDOWS\system32\avpo.exe
C:\ntde1ect.com
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis log
Avatar billede mohandas Nybegynder
30. september 2007 - 19:55 #13
ComboFix 07-09-21.2 - "Gandhi" 2007-09-30 19:32:13.2 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.175 [GMT 2:00]
Command switches used ::  D:\Prison Break\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\avpo.exe
C:\ntde1ect.com
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\ntde1ect.com
C:\WINDOWS\system32\avpo.exe
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-30 18:10    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-30 18:04    <DIR>    d--hs----    C:\FOUND.002
2007-09-29 18:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\SUPERAntiSpyware.com
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-26 19:31    <DIR>    d--------    C:\Programmer\Polob32
2007-09-20 17:30    <DIR>    d--------    C:\Programmer\iTunes
2007-09-16 14:00    27,308    -r-hs----    C:\WINDOWS\system32\avpo0.dll
2007-09-10 21:07    <DIR>    d--------    C:\Programmer\Gyldendal
2007-09-05 10:28    <DIR>    d--------    C:\Programmer\Gads Bogskab
2007-09-03 22:27    <DIR>    d--------    C:\DOCUME~1\Gandhi\OngameNetwork
2007-09-03 14:21    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\InstallShield
2007-08-25 17:45    <DIR>    d--------    C:\Programmer\mIRC
2007-08-25 17:45    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\mIRC
2007-08-24 23:38    27,308    -r-hs----    C:\WINDOWS\system32\avpo1.dll
2007-08-18 17:02    <DIR>    d--------    C:\Programmer\Mediatwins software
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\CDCARDS
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\.oces
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\TDC
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-08-12 17:09    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\Cryptomathic

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-05-26 21:44]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-05-20 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-05-20 12:46 C:\WINDOWS\SOUNDMAN.EXE]
"BisonCom"="C:\WINDOWS\VdCap03C\BisonCom" []
"ASUS Live Update"="C:\Programmer\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 16:33]
"PRONoMgr.exe"="c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 16:33]
"\\jens\Stylus_Photo_RX420"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00]
"RemoteControl"="C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="D:\programmer\quickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"Utopia Angel"="D:\programmer\Angel.exe" [2007-09-03 01:44]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"avpa"="C:\WINDOWS\system32\avpo.exe" []
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

C:\DOCUME~1\GANDHI\MENUEN~1\PROGRA~1\START\
OpenOffice.org 1.1.4.lnk - C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe [2004-12-13 01:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-03-03 16:48 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys
R1 ewido security suite driver;ewido security suite driver;\??\D:\programmer\security suite\guard.sys
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 15:03:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 19:33:51
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\jens\\Stylus_Photo_RX420"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9CE.EXE /P25 \"\\\\jens\\Stylus_Photo_RX420\" /O34 \"\\\\192.168.0.130\\Stylus_Photo_RX420\" /M \"Stylus Photo RX420\""
.
Completion time: 2007-09-30 19:34:20
C:\ComboFix-quarantined-files.txt ... 2007-09-30 19:34
C:\ComboFix2.txt ... 2007-09-30 18:14
.
    --- E O F ---


og en ny hijackthis-log:

Logfile of HijackThis v1.99.1
Scan saved at 19:55:48, on 30-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
D:\programmer\iPod\bin\iPodService.exe
D:\programmer\Phone\Skype.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
Avatar billede arlet Juniormester
30. september 2007 - 20:12 #14
Gør det samme som du gjorde her:30/09-2007 19:22:22 med dem her:

------------
File::
C:\WINDOWS\system32\avpo0.dll
C:\WINDOWS\system32\avpo1.dll
------------


Derefter gør du følgende:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe

Genstart og ny hijackthis log og combo log
Avatar billede mohandas Nybegynder
30. september 2007 - 21:30 #15
her er de to nye logs:

Logfile of HijackThis v1.99.1
Scan saved at 21:26:15, on 30-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VdCap03C\BisonCom.exe
C:\Programmer\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\iTunes\iTunesHelper.exe
c:\WINDOWS\ASUSKBService.exe
D:\programmer\security suite\ewidoctrl.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programmer\Angel.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\Google Talk\googletalk.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
C:\Programmer\OpenOffice.org1.1.4\program\soffice.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Gandhi\Skrivebord\hijackthis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BisonCom] C:\WINDOWS\VdCap03C\BisonCom
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmer\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [\\jens\Stylus_Photo_RX420] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P25 "\\jens\Stylus_Photo_RX420" /O34 "\\192.168.0.130\Stylus_Photo_RX420" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\programmer\quickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Utopia Angel] "D:\programmer\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programmer\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmer\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\programmer\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe (file missing)
O9 - Extra button: NordicBet Poker - {E6073F93-9541-4be4-9800-109D378EB99B} - C:\Programmer\nordicbetMPP\MPPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE28E6-1034-433D-94B4-8DD8DD439863}: NameServer = 130.225.9.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - c:\WINDOWS\ASUSKBService.exe
O23 - Service: ewido security suite control - ewido networks - D:\programmer\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - D:\programmer\iPod\bin\iPodService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe

OG:

ComboFix 07-09-21.2 - "Gandhi" 2007-09-30 21:27:17.4 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.136 [GMT 2:00]
.

(((((((((((((((((((((((((  Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-30 18:10    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-30 18:04    <DIR>    d--hs----    C:\FOUND.002
2007-09-29 18:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\SUPERAntiSpyware.com
2007-09-29 18:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-26 19:31    <DIR>    d--------    C:\Programmer\Polob32
2007-09-20 17:30    <DIR>    d--------    C:\Programmer\iTunes
2007-09-16 14:00    27,308    -r-hs----    C:\WINDOWS\system32\avpo0.dll
2007-09-10 21:07    <DIR>    d--------    C:\Programmer\Gyldendal
2007-09-05 10:28    <DIR>    d--------    C:\Programmer\Gads Bogskab
2007-09-03 22:27    <DIR>    d--------    C:\DOCUME~1\Gandhi\OngameNetwork
2007-09-03 14:21    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\InstallShield
2007-08-25 17:45    <DIR>    d--------    C:\Programmer\mIRC
2007-08-25 17:45    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\mIRC
2007-08-24 23:38    27,308    -r-hs----    C:\WINDOWS\system32\avpo1.dll
2007-08-18 17:02    <DIR>    d--------    C:\Programmer\Mediatwins software
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\CDCARDS
2007-08-12 17:13    <DIR>    d--------    C:\DOCUME~1\Gandhi\.oces
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\TDC
2007-08-12 17:09    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-08-12 17:09    <DIR>    d--------    C:\DOCUME~1\Gandhi\APPLIC~1\Cryptomathic

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
.

(((((((((((((((((((((((((((((  snapshot_2007-09-30_181343,90  )))))))))))))))))))))))))))))))))))))))))
.
----a-w          163,328 2007-03-13 08:57:12  C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-05-26 21:44]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-05-20 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-05-20 12:46 C:\WINDOWS\SOUNDMAN.EXE]
"BisonCom"="C:\WINDOWS\VdCap03C\BisonCom" []
"ASUS Live Update"="C:\Programmer\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 16:33]
"PRONoMgr.exe"="c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 16:33]
"\\jens\Stylus_Photo_RX420"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00]
"RemoteControl"="C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="D:\programmer\quickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"Utopia Angel"="D:\programmer\Angel.exe" [2007-09-03 01:44]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

C:\DOCUME~1\GANDHI\MENUEN~1\PROGRA~1\START\
OpenOffice.org 1.1.4.lnk - C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe [2004-12-13 01:10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-03-03 16:48 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys
R1 ewido security suite driver;ewido security suite driver;\??\D:\programmer\security suite\guard.sys
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 15:03:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 21:28:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\jens\\Stylus_Photo_RX420"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9CE.EXE /P25 \"\\\\jens\\Stylus_Photo_RX420\" /O34 \"\\\\192.168.0.130\\Stylus_Photo_RX420\" /M \"Stylus Photo RX420\""
.
Completion time: 2007-09-30 21:29:30
C:\ComboFix-quarantined-files.txt ... 2007-09-30 21:29
C:\ComboFix3.txt ... 2007-09-30 19:34
C:\ComboFix2.txt ... 2007-09-30 21:20
.
    --- E O F ---
Avatar billede arlet Juniormester
01. oktober 2007 - 21:46 #16
Så prøver vi noget andet..

Hent Avenger ned til skrivebordet her fra:
http://swandog46.geekstogo.com/avenger.exe

1. Dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
C:\WINDOWS\system32\avpo0.dll
C:\WINDOWS\system32\avpo1.dll
-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.
Avatar billede mohandas Nybegynder
01. oktober 2007 - 23:32 #17
Her er loggen, skal jeg også lave en hijackthis-scanning og kopiere log herind?


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xfyvbodq

*******************

Script file located at: \??\C:\Documents and Settings\ccvtrkhj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\avpo0.dll deleted successfully.
File C:\WINDOWS\system32\avpo1.dll deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Avatar billede Computer Hjælp (Gratis) Mester
02. oktober 2007 - 07:35 #18
BINGO!
Ja
Avatar billede arlet Juniormester
02. oktober 2007 - 17:11 #19
Det var godt.. Jeg vil gerne se en ny combofix log
Avatar billede mohandas Nybegynder
03. oktober 2007 - 00:15 #20
ComboFix 07-10-02.2 - Gandhi 2007-10-03  0:04:55.5 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.159 [GMT 2:00]
Running from: D:\Prison Break\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Skrivebord\internet.lnk

.
(((((((((((((((((((((((((  Files Created from 2007-09-02 to 2007-10-02  )))))))))))))))))))))))))))))))
.

2007-09-30 18:10    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-30 18:04    <DIR>    d--hs----    C:\FOUND.002
2007-09-29 18:33    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-29 18:33    <DIR>    d--------    C:\Documents and Settings\Gandhi\Application Data\SUPERAntiSpyware.com
2007-09-29 18:33    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-26 19:31    <DIR>    d--------    C:\Programmer\Polob32
2007-09-20 17:30    <DIR>    d--------    C:\Programmer\iTunes
2007-09-10 21:07    <DIR>    d--------    C:\Programmer\Gyldendal
2007-09-05 10:28    <DIR>    d--------    C:\Programmer\Gads Bogskab
2007-09-03 22:27    <DIR>    d--------    C:\Documents and Settings\Gandhi\OngameNetwork
2007-09-03 14:21    <DIR>    d--------    C:\Documents and Settings\Gandhi\Application Data\InstallShield

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-25 17:45    ---------    d--------    C:\Programmer\mIRC
2007-08-25 17:45    ---------    d--------    C:\Documents and Settings\Gandhi\Application Data\mIRC
2007-08-18 17:02    ---------    d--------    C:\Programmer\Mediatwins software
2007-08-12 17:09    ---------    d--------    C:\Programmer\TDC
2007-08-12 17:09    ---------    d--------    C:\Documents and Settings\Gandhi\Application Data\Cryptomathic
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
.

(((((((((((((((((((((((((((((  snapshot_2007-09-30_181343,90  )))))))))))))))))))))))))))))))))))))))))
.
----a-w          135,168 2007-09-28 07:06:10  C:\WINDOWS\catchme.exe
----a-w          135,168 2007-09-24 20:30:28  C:\WINDOWS\system32\java.exe
----a-w          135,168 2007-09-24 20:30:30  C:\WINDOWS\system32\javaw.exe
----a-w          139,264 2007-09-24 21:31:42  C:\WINDOWS\system32\javaws.exe
----a-w          844,800 2007-07-22 16:39:28  C:\WINDOWS\system32\swreg.exe
.
----a-w          109,056 2007-07-19 22:47:24  C:\WINDOWS\catchme.exe
----a-w          135,168 2007-03-13 22:31:24  C:\WINDOWS\system32\java.exe
----a-w          135,168 2007-03-13 22:31:28  C:\WINDOWS\system32\javaw.exe
----a-w          139,264 2007-03-14 00:04:46  C:\WINDOWS\system32\javaws.exe
----a-w          279,552 2007-07-22 16:39:28  C:\WINDOWS\system32\swreg.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-05-26 21:44]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-05-20 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004-05-20 12:46 C:\WINDOWS\SOUNDMAN.EXE]
"BisonCom"="C:\WINDOWS\VdCap03C\BisonCom" []
"ASUS Live Update"="C:\Programmer\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54]
"Power_Gear"="C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 16:33]
"PRONoMgr.exe"="c:\Programmer\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 16:33]
"\\jens\Stylus_Photo_RX420"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00]
"RemoteControl"="C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 19:42]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="D:\programmer\quickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"Utopia Angel"="D:\programmer\Angel.exe" [2007-10-01 14:44]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"googletalk"="C:\Programmer\Google\Google Talk\googletalk.exe" [2007-01-01 22:22]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

C:\Documents and Settings\Gandhi\Menuen Start\Programmer\Start\
OpenOffice.org 1.1.4.lnk - C:\Programmer\OpenOffice.org1.1.4\program\quickstart.exe [2004-12-13 01:10:00]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
ASUS ChkMail.lnk - C:\Programmer\Asus\Asus ChkMail\ChkMail.exe [2004-10-01 19:37:10]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2004-03-03 16:48 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys
R1 ewido security suite driver;ewido security suite driver;\??\D:\programmer\security suite\guard.sys
R3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 Cam5603C;BisonCam, USB2.0;C:\WINDOWS\system32\Drivers\Bs350u2.sys
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 15:03:42 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 00:06:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\jens\\Stylus_Photo_RX420"="C:\\WINDOWS\\System32\\spoo
Avatar billede arlet Juniormester
03. oktober 2007 - 07:21 #21
Så lykkes det..

Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Her kan du læse om vores skudsikre sikkerhedspakke: http://www.malwarecheck.dk/forum/viewtopic.php?t=156 . Hvis du har nogle spørgsmål, så spørger du bare..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
32 min siden Adgang til BT Af Carl i Mobiltelefoner
I dag 09:48 Video HI8 bånd Af Carl i Foto & video
I går 17:16 PHP-funktion til at søge i pdf-filer Af KurtG i PHP
I går 16:20 Går i stå ved W11 opdatering Af barth i Andet software
I går 15:47 Ingen adgang til Google mail på Android Af arnel i Søgemaskiner
White papers
Flere white papers »


Premium
Teaser billede
Her er de største overraskelser i den danske implementering af NIS2
Læs mere »
Ny opgørelse: Så meget koster det for kunderne at forlade VMware
Microsoft på vej med stor ændring i login: Sådan kommer det til at ramme dig
Er tiden løbet fra RPA? Nej siger en af pionererne - for AI har gjort mulighederne enorme
Se alle »
Computerworld
Teaser billede
Anmeldes til datatilsyn: Disse kinesiske selskaber overfører data til Kina, når du anvender deres løsninger
Læs mere »
Finanskæmpen Goldman Sachs tæt på at købe nordjysk it-firma: Prisen ryger over syv milliarder kroner
Disse vilde sci-fi-visioner er overraskende tæt på at blive til virkelighed: Kan være på vej
Test: Hurra - den billigste Mac er nu faktisk også den bedste
Se alle »
CIO
Teaser billede
Region Midtjylland dropper LibreOffice: Flytter 36.000 medarbejdere over på Microsoft 365
Læs mere »
Se deres løn: Så meget får it-cheferne i Danmarks 10 største kommuner i løn
Konkurs: Kendt dansk hostingselskab er nu endeligt lukket efter ransomware-angreb
Traf afgørende beslutning i 00'erne: Nu høster Salling Group frugterne af sin ERP-strategi
Se alle »
Job & Karriere
Teaser billede
Merete Søby klar med nyt top-job efter pludselig exit fra Schultz: Her er hendes nye job
Læs mere »
40 år gammelt dansk it-selskab fusionerer med hollandsk firma og skifter navn
Her er deres månedsløn: Så meget tjener CIO'erne i de danske regioner - den bedst lønnede får mere end digitaliseringsministeren
Dansk headhunter: Dette spørgsmål bliver jeg næsten altid stillet, når jeg forsøger at rekruttere it-folk
Se alle »
White paper
Teaser billede
SAP: Skab værdi og minimér omkostninger med effektiv dokumenthåndtering
Læs mere »
Sådan: Én løsning til compliance, sikkerhed og overblik
Sæt professionel døgnvagt på din it-infrastruktur
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »