CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

madsjh Nybegynder

15. februar 2009 - 18:26 Der er 28 kommentarer og
1 løsning

Hijack igen igen...

Jeg har bøvl med min computer generelt og den laver mange underlige ting. Har jeg fået noget som jeg evt ikke burde...

Jeg smider lige sidste opdateret log fra hijack her:

Logfile of HijackThis v1.99.1
Scan saved at 18:20:22, on 15-02-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\NCLAUNCH.EXe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\DAEMON Tools Lite\daemon.exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmer\Fælles filer\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Ejer\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jmf-support.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp731C.tmp (file missing)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ACROMOUSE] C:\Programmer\Tech\Office Program Selector\2.0\ACROMAPP.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Spillebutiksgenvejen] C:\Programmer\Danske Spil\Spillebutiksgenvejen\spillebutiksgenvejen.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmer\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MSN Optimized;DK; MSN Optimized;DK)" -"http://www.miniclip.com/games/karate-king/en/"
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Programmer\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?c6496bc69bd64a488b154b9a21a384a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?c6496bc69bd64a488b154b9a21a384a
O9 - Extra button: Expekt.com Poker - {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programmer\expektMPP\MPPoker.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopularScreenSaversFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168163782453
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231784548_44811ae992f3ba5bb9bd59ecceb59b6f&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmer\Java\jre6\bin\jqs.exe" -service -config "C:\Programmer\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

Synes godt om

f-arn Guru

15. februar 2009 - 18:57 #1

Hent og installér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Den bør du sige nej til.
Lad programmer foretage en oprydning.

Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe
Installer og start programmet, opdater, lav "fuld systemskanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://www.techsupportforum.com/sectools/sUBs/dds

eller her: http://download.bleepingcomputer.com/sUBs/dds.scr

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind.

OBS - DDS skal gemmes på på computeren og ikke køres fra nettet

Synes godt om

madsjh Nybegynder

15. februar 2009 - 22:28 #2

Jeps, så er jeg her igen... Det tager jo lang tid med alle de scanninger osv.. Men her er både den fra Malware og den DDS...

Malwarebytes' Anti-Malware 1.34
Database version: 1764
Windows 5.1.2600 Service Pack 3

15-02-2009 22:20:51
mbam-log-2009-02-15 (22-20-51).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 221616
Tid tilbagelagt: 46 minute(s), 25 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 25
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 2
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{70f17c8c-1744-41b6-9d07-575db448dcc5} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db893839-10f0-4af9-92fa-b23528f530af} (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MalwareWipe.EXE (Rogue.MalwareWiped) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{8cdddfbb-0c80-1030-0427-04121703002d} (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Programmer\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Programmer\FunWebProducts\Shared\001FE2E7.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

-----------------------------DDS.txt------------------------------------

DDS (Ver_09-02-01.01) - NTFSx86
Run by Ejer at 22:22:45,76 on 15-02-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.277 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090215-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Tech\Office Program Selector\2.0\ACROMAPP.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Danske Spil\Spillebutiksgenvejen\spillebutiksgenvejen.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\DAEMON Tools Lite\daemon.exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmer\Fælles filer\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ejer\Lokale indstillinger\Temporary Internet Files\Content.IE5\MZ0C0FM4\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.jmf-support.dk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\programmer\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmer\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - No File
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP-visning: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\programmer\hp\digital imaging\bin\hpdtlk02.dll
TB: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programmer\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [BackupNotify] c:\programmer\hp\digital imaging\bin\backupnotify.exe
uRun: [Acme.PCHButton] c:\progra~1\hppavi~1\pavilion\xphwwbp4\plugin\bin\PCHButton.exe
uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
uRun: [Steam] "c:\valve\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; MSN Optimized;DK; MSN Optimized;DK)" -"http://www.miniclip.com/games/karate-king/en/"
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\programmer\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Sunkist2k] c:\programmer\multimedia card reader\shwicon2k.exe
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [QuickTime Task] "c:\programmer\quicktime\qttask.exe" -atboottime
mRun: [Microsoft Works Update Detection] c:\programmer\fælles filer\microsoft shared\works shared\WkUFind.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ACROMOUSE] c:\programmer\tech\office program selector\2.0\ACROMAPP.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Spillebutiksgenvejen] c:\programmer\danske spil\spillebutiksgenvejen\spillebutiksgenvejen.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Nokia.PCSync] c:\programmer\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\ejer\menuen~1\progra~1\start\pictur~1.lnk - c:\programmer\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adobeg~1.lnk - c:\programmer\fælles filer\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpdigi~1.lnk - c:\programmer\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
IE: &MSN Search - c:\programmer\msn toolbar suite\tb\02.05.0000.1105\da-dk\msntb.dll/search.htm
IE: &Translate English Word - c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Windows Live Search - c:\programmer\windows live toolbar\msntb.dll/search.htm
IE: Backward Links - c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\programmer\google\GoogleToolbar1.dll/cmcache.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
IE: Åbn på ny baggrundsfane - c:\programmer\msn toolbar suite\tab\02.05.0000.1105\da-dk\msntabres.dll/229?c6496bc69bd64a488b154b9a21a384a
IE: Åbn på ny forgrundsfane - c:\programmer\msn toolbar suite\tab\02.05.0000.1105\da-dk\msntabres.dll/230?c6496bc69bd64a488b154b9a21a384a
IE: {3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - c:\programmer\expektmpp\MPPoker.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: tvsyd.dk\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {11818680-FCF6-11D0-9808-0800092A4865} - hxxp://www.kps.dk/Codebase/FormCtl.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168163782453
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231784548_44811ae992f3ba5bb9bd59ecceb59b6f&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} - hxxp://www.kps.dk/codebase/scriptobject.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} - hxxp://www.kps.dk/codebase/fontinstaller.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - No File

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-3 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-3 20560]
R2 avast! Antivirus;avast! Antivirus;c:\programmer\alwil software\avast4\ashServ.exe [2006-4-19 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\programmer\alwil software\avast4\ashMaiSv.exe [2006-4-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\programmer\alwil software\avast4\ashWebSv.exe [2006-4-19 352920]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-2-15 38496]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\ejer\lokale~1\temp\cusbohcn.sys --> c:\docume~1\ejer\lokale~1\temp\cusbohcn.sys [?]

=============== Created Last 30 ================

2009-02-15 21:32 <DIR> --d----- c:\docume~1\ejer\applic~1\Malwarebytes
2009-02-15 21:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-15 21:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-15 21:32 <DIR> --d----- c:\programmer\Malwarebytes' Anti-Malware
2009-02-15 21:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-15 15:47 14,048 -------- c:\windows\system32\spmsg2.dll
2009-02-15 15:36 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-15 15:35 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-15 15:35 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-15 15:35 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-15 15:35 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-15 15:35 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-15 15:35 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-15 15:35 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-15 15:35 <DIR> --d----- C:\e10cd930e8177a2db4f8
2009-02-01 09:44 <DIR> --d----- c:\programmer\CCleaner
2009-01-31 11:46 <DIR> --d----- c:\docume~1\ejer\applic~1\Ubisoft
2009-01-28 20:57 0 a------- c:\documents and settings\ejer\temp.dat

==================== Find3M ====================

2009-02-15 15:43 460,394 a------- c:\windows\system32\perfh006.dat
2009-02-15 15:43 84,034 a------- c:\windows\system32\perfc006.dat
2009-02-05 22:05 26,944 a------- c:\windows\system32\drivers\aavmker4.sys
2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll
2008-12-21 00:03 826,368 a------- c:\windows\system32\wininet.dll
2008-12-20 18:29 410,984 a------- c:\windows\system32\deploytk.dll
2008-04-29 07:53 981,194 a------- c:\programmer\deknop.zip
2008-03-21 16:25 22,328 a------- c:\docume~1\ejer\applic~1\PnkBstrK.sys
2007-07-30 22:10 557,085,285 a------- c:\programmer\UrbanTerror40_full_Installer.exe
2007-07-30 21:16 1,013,733 a------- c:\programmer\ioUrbanTerror_Installer_1.0.zip
2007-07-29 10:15 2,010,624 a------- c:\programmer\ventrilo-2.3.0-Windows-i386.exe
2004-10-05 21:47 32 ac-sh--- c:\windows\{A8D47713-DCB6-4AF6-8E00-DACFFC97C0BE}.dat
2008-11-08 13:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008110820081109\index.dat

============= FINISH: 22:23:28,76 ===============

Synes godt om

f-arn Guru

16. februar 2009 - 13:38 #3

Hent og GEM Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Start notesblok og kopier indholdet mellem de stiplede linier ind, og gem filen i samme mappe som Combofix ligger i med navnet CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt
--------------

Killall::

Snapshot::

File::
c:\docume~1\ejer\lokale~1\temp\cusbohcn.sys

Driver::
cusbohcn

DDS::
BHO: {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - No File
BHO: NoExplorer - No File
TB: {736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} - No File
STS: {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - No File

-------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.malwarecheck.dk/billeder/CFScriptB-4_da.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

madsjh Nybegynder

17. februar 2009 - 07:07 #4

Jeg er lidt i tvivl om hvad du mener med det tekst imellem de stiplede linier...

Kan det evt være dette her ?

- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-RecordNow! - (no file)
HKCU-RunOnce-Shockwave Updater - C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; .NET CLR 1.1.4322; InfoPath.1; .NET
HKU-Default-Run-Nokia.PCSync - C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
SharedTaskScheduler-{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)

Eller er det evt disse her ting ?

.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.jmf-support.dk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
IE: &MSN Search - C:\Programmer\MSN Toolbar Suite\TB\02.05.

Osv osv...

Synes godt om

madsjh Nybegynder

17. februar 2009 - 07:09 #5

Nå okay... Nu er jeg med... Jeg skal kopiere det imellem de linier.. Som du har skrevet... Ok.

Synes godt om

f-arn Guru

17. februar 2009 - 16:18 #6

Da du jo har kørt combofix vil jeg gerne se loggen.

Synes godt om

madsjh Nybegynder

19. februar 2009 - 22:47 #7

Altså nu har jeg prøvet over et par dage, at slå min awast fra... eller om ikke andet, så deaktivere den.. Men jeg ved ikke hvordan man kan gøre det...

Men her får du lige min combofix log... Altså det regner jeg med at det er den...

Så håber jeg at du kan fortælle mere efter den.

Sry, det sene svar.

ComboFix 09-02-18.01 - Ejer 2009-02-19 22:21:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.1023.557 [GMT 1:00]
Kører fra: C:\Documents and Settings\Ejer\Skrivebord\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090218-0] *On-access scanning enabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\d3d8caps.dat
.
---- Forrige Kørsel -------
.
C:\Programmer\Fælles filer\{8CDDD~1
C:\Programmer\security toolbar
C:\Programmer\toolbar888
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-01-19 til 2009-02-19 )))))))))))))))))))))))))))))))))))
.

2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Programmer\Malwarebytes' Anti-Malware
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Malwarebytes
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-15 21:32 . 2009-02-11 10:19 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-15 21:32 . 2009-02-11 10:19 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-02-15 20:38 . 2009-02-15 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-02-15 15:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2009-02-15 15:36 . 2009-02-15 15:46 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2009-02-15 15:36 . 2009-02-15 15:36 <DIR> d-------- C:\Programmer\Reference Assemblies
2009-02-15 15:36 . 2009-02-15 15:36 <DIR> d-------- C:\Programmer\MSBuild
2009-02-15 15:35 . 2009-02-15 15:36 <DIR> d-------- C:\e10cd930e8177a2db4f8
2009-02-15 15:35 . 2008-07-06 13:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2009-02-15 15:35 . 2008-07-06 13:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2009-02-15 15:35 . 2008-07-06 11:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2009-02-15 15:35 . 2008-07-06 13:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2009-02-15 15:35 . 2008-07-06 13:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2009-02-15 15:35 . 2008-07-06 13:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2009-02-15 15:35 . 2008-07-06 13:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2009-02-01 09:44 . 2009-02-01 09:44 <DIR> d-------- C:\Programmer\CCleaner
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Ubisoft
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\InstallShield
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-01-28 20:57 . 2009-01-28 20:57 0 --a------ C:\Documents and Settings\Ejer\temp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 10:46 --------- d--h--w C:\Programmer\InstallShield Installation Information
2009-01-31 10:46 --------- d-----w C:\Programmer\RADVideo
2009-01-31 10:45 --------- d-----w C:\Programmer\Adobe Media Player
2009-01-31 10:44 --------- d-----w C:\Programmer\Danske Spil
2009-01-24 08:08 --------- d-----w C:\Programmer\Ubisoft
2009-01-12 18:10 --------- d-----w C:\Programmer\Fælles filer\Adobe AIR
2009-01-05 19:20 --------- d-----w C:\Documents and Settings\Ejer\Application Data\Sony Corporation
2009-01-02 14:52 --------- d-----w C:\Programmer\Sony
2008-12-31 16:04 691,560 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-12-28 16:56 --------- d-----w C:\Programmer\2K Games
2008-12-20 23:03 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-12-20 17:29 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
2008-12-20 17:29 --------- d-----w C:\Programmer\Java
2008-04-29 06:53 981,194 ----a-w C:\Programmer\deknop.zip
2008-03-21 15:25 22,328 ----a-w C:\Documents and Settings\Ejer\Application Data\PnkBstrK.sys
2007-07-30 21:10 557,085,285 ----a-w C:\Programmer\UrbanTerror40_full_Installer.exe
2007-07-30 20:16 1,013,733 ----a-w C:\Programmer\ioUrbanTerror_Installer_1.0.zip
2007-07-29 09:15 2,010,624 ----a-w C:\Programmer\ventrilo-2.3.0-Windows-i386.exe
2004-10-05 20:47 32 -csha-w C:\WINDOWS\{A8D47713-DCB6-4AF6-8E00-DACFFC97C0BE}.dat
2008-11-08 12:01 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008110820081109\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-17_ 6.40.16,96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-19 14:28:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3b8.dat
+ 2009-02-19 14:28:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_500.dat
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 01:34 32768]
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [2004-01-01 18:27 155648]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2006-03-20 19:58 40960]
"Steam"="c:\valve\steam\steam.exe" [2008-10-08 05:19 1410296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 17:05 15360]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"RecordNow!"="" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; .NET CLR 1.1.4322; InfoPath.1; .NET" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre6\bin\jusched.exe" [2008-12-20 18:29 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HPHUPD05"="c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:14 483328]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Sunkist2k"="C:\Programmer\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 10:17 135168]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-17 23:31 118784]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2005-01-16 16:01 77824]
"Microsoft Works Update Detection"="C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe" [2002-11-14 13:39 28672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 22:08 81000]
"ACROMOUSE"="C:\Programmer\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 03:31 554496]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Spillebutiksgenvejen"="C:\Programmer\Danske Spil\Spillebutiksgenvejen\spillebutiksgenvejen.exe" [2009-01-08 13:42 259177]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]

C:\Documents and Settings\Ejer\Menuen Start\Programmer\Start\
Picture Motion Browser Media Check Tool.lnk - C:\Programmer\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-01-02 15:52:26 385024]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-21 14:00:57 110592]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2003-01-21 15:19 40960 C:\WINDOWS\Vm_sti.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 C:\Programmer\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Programmer\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-10-02 07:00 1124352 C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 08:01 110592 C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Valve\\Steam\\SteamApps\\madsjh\\counter-strike\\hl.exe"=
"C:\\program files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\UrbanTerror\\ioUrbanTerror.exe"=
"C:\\Programmer\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Programmer\\WebWriter4\\WebWrite.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Valve\\Steam\\steam.exe"=
"C:\\Programmer\\UrbanTerror\\ioUrTded.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmer\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
"C:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Valve\\Steam\\SteamApps\\common\\flatout demo\\FlatOutDemo.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-04-03 15:50:09 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2008-04-03 15:50:09 20560]
S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys --> C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys [?]
.
Indhold af mappen 'Planlagte Opgaver'

2009-02-19 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - TOMME GENVEJE FJERNET - - - -

SharedTaskScheduler-{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)

.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.jmf-support.dk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
IE: &MSN Search - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
IE: &Translate English Word - c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Windows Live Search - C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: Backward Links - c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\programmer\google\GoogleToolbar1.dll/cmcache.html
IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
IE: Åbn på ny baggrundsfane - C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?c6496bc69bd64a488b154b9a21a384a
IE: Åbn på ny forgrundsfane - C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?c6496bc69bd64a488b154b9a21a384a
IE: {{3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programmer\expektMPP\MPPoker.exe
Trusted Zone: tvsyd.dk\www
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 22:24:20
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-02-19 22:26:00
ComboFix-quarantined-files.txt 2009-02-19 21:25:57
ComboFix2.txt 2009-02-17 05:41:12

Pre-Kørsel: 136,109,563,904 byte ledig
Post-Kørsel: 136,244,596,736 byte ledig

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=,1,2,3,4
205 --- E O F --- 2009-02-11 23:49:28

Synes godt om

f-arn Guru

20. februar 2009 - 18:06 #8

Jeg vil gerne ha' dig til at hente en ny udgave af combofix

Derefter deaktiverer du avast ved at højreklikke på avast ikonet nede i højre hjørne og vælge deaktiver.

Start notesblok og kopier indholdet mellem de stiplede linier ind, og gem filen i samme mappe som Combofix ligger i med navnet CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::

Snapshot::

File::
c:\docume~1\ejer\lokale~1\temp\cusbohcn.sys

Driver::
cusbohcn

-------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.malwarecheck.dk/billeder/CFScriptB-4_da.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

madsjh Nybegynder

20. februar 2009 - 19:05 #9

Nu har jeg så prøvet at gøre som du skrev... Håber at det er det rigtigt at jeg har gjort....

ComboFix 09-02-19.01 - Ejer 2009-02-20 18:56:46.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.1023.569 [GMT 1:00]
Kører fra: C:\Documents and Settings\Ejer\Skrivebord\ComboFix.exe
Kommandoer benyttet :: C:\ComboFix\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090219-0] *On-access scanning disabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
C:\Programmer\Fælles filer\{8CDDD~1
C:\Programmer\security toolbar
C:\Programmer\toolbar888
C:\WINDOWS\system32\d3d8caps.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-01-20 til 2009-02-20 )))))))))))))))))))))))))))))))))))
.

2009-02-20 18:23 . 2009-02-20 18:23 391,680 --a------ C:\WINDOWS\system32\CF3601.exe
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Programmer\Malwarebytes' Anti-Malware
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Malwarebytes
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-15 21:32 . 2009-02-11 10:19 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-15 21:32 . 2009-02-11 10:19 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-02-15 20:38 . 2009-02-15 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-02-15 15:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2009-02-15 15:36 . 2009-02-15 15:46 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2009-02-15 15:36 . 2009-02-15 15:36 <DIR> d-------- C:\Programmer\Reference Assemblies
2009-02-15 15:36 . 2009-02-15 15:36 <DIR> d-------- C:\Programmer\MSBuild
2009-02-15 15:35 . 2009-02-15 15:36 <DIR> d-------- C:\e10cd930e8177a2db4f8
2009-02-15 15:35 . 2008-07-06 13:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2009-02-15 15:35 . 2008-07-06 13:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2009-02-15 15:35 . 2008-07-06 11:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2009-02-15 15:35 . 2008-07-06 13:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2009-02-15 15:35 . 2008-07-06 13:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2009-02-15 15:35 . 2008-07-06 13:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2009-02-15 15:35 . 2008-07-06 13:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2009-02-01 09:44 . 2009-02-01 09:44 <DIR> d-------- C:\Programmer\CCleaner
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Ubisoft
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\InstallShield
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-01-28 20:57 . 2009-01-28 20:57 0 --a------ C:\Documents and Settings\Ejer\temp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 10:46 --------- d--h--w C:\Programmer\InstallShield Installation Information
2009-01-31 10:46 --------- d-----w C:\Programmer\RADVideo
2009-01-31 10:45 --------- d-----w C:\Programmer\Adobe Media Player
2009-01-31 10:44 --------- d-----w C:\Programmer\Danske Spil
2009-01-24 08:08 --------- d-----w C:\Programmer\Ubisoft
2009-01-12 18:10 --------- d-----w C:\Programmer\Fælles filer\Adobe AIR
2009-01-05 19:20 --------- d-----w C:\Documents and Settings\Ejer\Application Data\Sony Corporation
2009-01-02 14:52 --------- d-----w C:\Programmer\Sony
2008-12-31 16:04 691,560 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-12-28 16:56 --------- d-----w C:\Programmer\2K Games
2008-12-20 23:03 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-12-20 17:29 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
2008-12-20 17:29 --------- d-----w C:\Programmer\Java
2008-04-29 06:53 981,194 ----a-w C:\Programmer\deknop.zip
2008-03-21 15:25 22,328 ----a-w C:\Documents and Settings\Ejer\Application Data\PnkBstrK.sys
2007-07-30 21:10 557,085,285 ----a-w C:\Programmer\UrbanTerror40_full_Installer.exe
2007-07-30 20:16 1,013,733 ----a-w C:\Programmer\ioUrbanTerror_Installer_1.0.zip
2007-07-29 09:15 2,010,624 ----a-w C:\Programmer\ventrilo-2.3.0-Windows-i386.exe
2004-10-05 20:47 32 -csha-w C:\WINDOWS\{A8D47713-DCB6-4AF6-8E00-DACFFC97C0BE}.dat
2008-11-08 12:01 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008110820081109\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-17_ 6.40.16,96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-20 15:51:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_53c.dat
+ 2009-02-20 15:51:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_790.dat
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 01:34 32768]
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [2004-01-01 18:27 155648]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2006-03-20 19:58 40960]
"Steam"="c:\valve\steam\steam.exe" [2008-10-08 05:19 1410296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 17:05 15360]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"RecordNow!"="" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; .NET CLR 1.1.4322; InfoPath.1; .NET" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre6\bin\jusched.exe" [2008-12-20 18:29 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HPHUPD05"="c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:14 483328]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Sunkist2k"="C:\Programmer\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 10:17 135168]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-17 23:31 118784]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2005-01-16 16:01 77824]
"Microsoft Works Update Detection"="C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe" [2002-11-14 13:39 28672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 22:08 81000]
"ACROMOUSE"="C:\Programmer\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 03:31 554496]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Spillebutiksgenvejen"="C:\Programmer\Danske Spil\Spillebutiksgenvejen\spillebutiksgenvejen.exe" [2009-01-08 13:42 259177]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]

C:\Documents and Settings\Ejer\Menuen Start\Programmer\Start\
Picture Motion Browser Media Check Tool.lnk - C:\Programmer\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-01-02 15:52:26 385024]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-21 14:00:57 110592]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2003-01-21 15:19 40960 C:\WINDOWS\Vm_sti.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 C:\Programmer\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Programmer\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-10-02 07:00 1124352 C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 08:01 110592 C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Valve\\Steam\\SteamApps\\madsjh\\counter-strike\\hl.exe"=
"C:\\program files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\UrbanTerror\\ioUrbanTerror.exe"=
"C:\\Programmer\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Programmer\\WebWriter4\\WebWrite.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Valve\\Steam\\steam.exe"=
"C:\\Programmer\\UrbanTerror\\ioUrTded.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmer\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
"C:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Valve\\Steam\\SteamApps\\common\\flatout demo\\FlatOutDemo.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-04-03 15:50:09 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2008-04-03 15:50:09 20560]
S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys --> C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys [?]
.
Indhold af mappen 'Planlagte Opgaver'

2009-02-20 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - TOMME GENVEJE FJERNET - - - -

SharedTaskScheduler-{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)

.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.jmf-support.dk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
IE: &MSN Search - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
IE: &Translate English Word - c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Windows Live Search - C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: Backward Links - c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\programmer\google\GoogleToolbar1.dll/cmcache.html
IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
IE: Åbn på ny baggrundsfane - C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?c6496bc69bd64a488b154b9a21a384a
IE: Åbn på ny forgrundsfane - C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?c6496bc69bd64a488b154b9a21a384a
IE: {{3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programmer\expektMPP\MPPoker.exe
Trusted Zone: tvsyd.dk\www
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 18:58:00
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-02-20 18:59:37
ComboFix-quarantined-files.txt 2009-02-20 17:59:35
ComboFix2.txt 2009-02-20 17:30:38
ComboFix3.txt 2009-02-19 21:26:01
ComboFix4.txt 2009-02-17 05:41:12

Pre-Kørsel: 136,185,311,232 byte ledig
Post-Kørsel: 136,172,560,384 byte ledig

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=,1,2,3,4
209 --- E O F --- 2009-02-11 23:49:28

Synes godt om

f-arn Guru

20. februar 2009 - 21:38 #10

Ja - men den er stædig. Så jeg vil gerne ha' at du erstatter indholdet af CFScript.txt med følgende:

--------------

Killall::

Snapshot::

File::
C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys

RootKit::
C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys

Driver::
cusbohcn

-------------

Og gør så bare som før

Husk CFScript.txt skal ligge i samme mappe som combofix

Synes godt om

madsjh Nybegynder

21. februar 2009 - 20:28 #11

Så har jeg prøvet som du skrev.

Her kommer den nye log så...

ComboFix 09-02-19.01 - Ejer 2009-02-21 19:33:36.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.1023.611 [GMT 1:00]
Kører fra: C:\Documents and Settings\Ejer\Skrivebord\ComboFix.exe
Kommandoer benyttet :: C:\ComboFix\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090220-0] *On-access scanning disabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
C:\Programmer\Fælles filer\{8CDDD~1
C:\Programmer\security toolbar
C:\Programmer\toolbar888
C:\WINDOWS\system32\d3d8caps.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-01-21 til 2009-02-21 )))))))))))))))))))))))))))))))))))
.

2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Programmer\Malwarebytes' Anti-Malware
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Malwarebytes
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-15 21:32 . 2009-02-11 10:19 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-15 21:32 . 2009-02-11 10:19 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-02-15 20:38 . 2009-02-15 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-02-15 15:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2009-02-15 15:36 . 2009-02-15 15:46 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2009-02-15 15:36 . 2009-02-15 15:36 <DIR> d-------- C:\Programmer\Reference Assemblies
2009-02-15 15:36 . 2009-02-15 15:36 <DIR> d-------- C:\Programmer\MSBuild
2009-02-15 15:35 . 2009-02-15 15:36 <DIR> d-------- C:\e10cd930e8177a2db4f8
2009-02-15 15:35 . 2008-07-06 13:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2009-02-15 15:35 . 2008-07-06 13:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2009-02-15 15:35 . 2008-07-06 11:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2009-02-15 15:35 . 2008-07-06 13:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2009-02-15 15:35 . 2008-07-06 13:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2009-02-15 15:35 . 2008-07-06 13:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2009-02-15 15:35 . 2008-07-06 13:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2009-02-01 09:44 . 2009-02-01 09:44 <DIR> d-------- C:\Programmer\CCleaner
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Ubisoft
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\InstallShield
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-01-28 20:57 . 2009-01-28 20:57 0 --a------ C:\Documents and Settings\Ejer\temp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 10:46 --------- d--h--w C:\Programmer\InstallShield Installation Information
2009-01-31 10:46 --------- d-----w C:\Programmer\RADVideo
2009-01-31 10:45 --------- d-----w C:\Programmer\Adobe Media Player
2009-01-31 10:44 --------- d-----w C:\Programmer\Danske Spil
2009-01-24 08:08 --------- d-----w C:\Programmer\Ubisoft
2009-01-12 18:10 --------- d-----w C:\Programmer\Fælles filer\Adobe AIR
2009-01-05 19:20 --------- d-----w C:\Documents and Settings\Ejer\Application Data\Sony Corporation
2009-01-02 14:52 --------- d-----w C:\Programmer\Sony
2008-12-31 16:04 691,560 ----a-w C:\WINDOWS\system32\OGACheckControl.dll
2008-12-31 16:04 528,744 ----a-w C:\WINDOWS\system32\OGAVerify.exe
2008-12-31 16:04 502,120 ----a-w C:\WINDOWS\system32\OGAAddin.dll
2008-12-28 16:56 --------- d-----w C:\Programmer\2K Games
2008-12-20 23:03 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-12-20 17:29 410,984 ----a-w C:\WINDOWS\system32\deploytk.dll
2008-04-29 06:53 981,194 ----a-w C:\Programmer\deknop.zip
2008-03-21 15:25 22,328 ----a-w C:\Documents and Settings\Ejer\Application Data\PnkBstrK.sys
2007-07-30 21:10 557,085,285 ----a-w C:\Programmer\UrbanTerror40_full_Installer.exe
2007-07-30 20:16 1,013,733 ----a-w C:\Programmer\ioUrbanTerror_Installer_1.0.zip
2007-07-29 09:15 2,010,624 ----a-w C:\Programmer\ventrilo-2.3.0-Windows-i386.exe
2004-10-05 20:47 32 -csha-w C:\WINDOWS\{A8D47713-DCB6-4AF6-8E00-DACFFC97C0BE}.dat
2008-11-08 12:01 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008110820081109\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-17_ 6.40.16,96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-21 16:44:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat
+ 2009-02-21 16:45:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 01:34 32768]
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [2004-01-01 18:27 155648]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2006-03-20 19:58 40960]
"Steam"="c:\valve\steam\steam.exe" [2008-10-08 05:19 1410296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 17:05 15360]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"RecordNow!"="" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; .NET CLR 1.1.4322; InfoPath.1; .NET" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre6\bin\jusched.exe" [2008-12-20 18:29 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HPHUPD05"="c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:14 483328]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Sunkist2k"="C:\Programmer\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 10:17 135168]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-17 23:31 118784]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2005-01-16 16:01 77824]
"Microsoft Works Update Detection"="C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe" [2002-11-14 13:39 28672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 22:08 81000]
"ACROMOUSE"="C:\Programmer\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 03:31 554496]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Spillebutiksgenvejen"="C:\Programmer\Danske Spil\Spillebutiksgenvejen\spillebutiksgenvejen.exe" [2009-01-08 13:42 259177]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]

C:\Documents and Settings\Ejer\Menuen Start\Programmer\Start\
Picture Motion Browser Media Check Tool.lnk - C:\Programmer\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-01-02 15:52:26 385024]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-21 14:00:57 110592]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2003-01-21 15:19 40960 C:\WINDOWS\Vm_sti.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 C:\Programmer\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Programmer\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-10-02 07:00 1124352 C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 08:01 110592 C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Valve\\Steam\\SteamApps\\madsjh\\counter-strike\\hl.exe"=
"C:\\program files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\UrbanTerror\\ioUrbanTerror.exe"=
"C:\\Programmer\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Programmer\\WebWriter4\\WebWrite.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Valve\\Steam\\steam.exe"=
"C:\\Programmer\\UrbanTerror\\ioUrTded.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmer\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
"C:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Valve\\Steam\\SteamApps\\common\\flatout demo\\FlatOutDemo.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-04-03 15:50:09 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2008-04-03 15:50:09 20560]
S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys --> C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys [?]
.
Indhold af mappen 'Planlagte Opgaver'

2009-02-21 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - TOMME GENVEJE FJERNET - - - -

SharedTaskScheduler-{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)

.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.jmf-support.dk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
IE: &MSN Search - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
IE: &Translate English Word - c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Windows Live Search - C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: Backward Links - c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\programmer\google\GoogleToolbar1.dll/cmcache.html
IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
IE: Åbn på ny baggrundsfane - C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?c6496bc69bd64a488b154b9a21a384a
IE: Åbn på ny forgrundsfane - C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?c6496bc69bd64a488b154b9a21a384a
IE: {{3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programmer\expektMPP\MPPoker.exe
Trusted Zone: tvsyd.dk\www
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 19:36:57
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-02-21 19:38:39
ComboFix-quarantined-files.txt 2009-02-21 18:38:36
ComboFix2.txt 2009-02-20 17:59:39
ComboFix3.txt 2009-02-20 17:30:38
ComboFix4.txt 2009-02-19 21:26:01
ComboFix5.txt 2009-02-21 18:32:57

Pre-Kørsel: 136,021,032,960 byte ledig
Post-Kørsel: 136,129,130,496 byte ledig

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=,1,2,3,4
208 --- E O F --- 2009-02-11 23:49:28

Synes godt om

f-arn Guru

22. februar 2009 - 19:09 #12

Det virker ikke. Når jeg ser på begyndelsen af combologgen ser det ikke ud til at cfscript og combofix er i samme mappe. Conbofix.exe ligger på dit skrivebord så der skal cfscript.txt også ligge.

Synes godt om

madsjh Nybegynder

22. februar 2009 - 19:24 #13

Jamen så prøver jeg da lige at smide den der også... Jeg gør det straks.

Synes godt om

madsjh Nybegynder

22. februar 2009 - 19:40 #14

Så har den lige gjort noget igen....

ComboFix 09-02-21.01 - Ejer 2009-02-22 19:29:04.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1030.18.1023.483 [GMT 1:00]
Kører fra: C:\Documents and Settings\Ejer\Skrivebord\ComboFix.exe
Kommandoer benyttet :: C:\Documents and Settings\Ejer\Skrivebord\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning disabled* (Updated)
* Dannede nyt systemgendannelsespunkt

FILE ::
C:\DOCUME~1\Ejer\LOKALE~1\Temp\cusbohcn.sys
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
C:\Programmer\Fælles filer\{8CDDD~1
C:\Programmer\security toolbar
C:\Programmer\toolbar888
C:\WINDOWS\system32\d3d8caps.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CUSBOHCN
-------\Service_cusbohcn

((((((((((((((((((((((((((((( Filer skabt fra 2009-01-22 til 2009-02-22 )))))))))))))))))))))))))))))))))))
.

2009-02-22 10:13 . 2009-02-22 10:16 <DIR> d-------- C:\Programmer\Play65
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Programmer\Malwarebytes' Anti-Malware
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Malwarebytes
2009-02-15 21:32 . 2009-02-15 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-15 21:32 . 2009-02-11 10:19 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-15 21:32 . 2009-02-11 10:19 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-02-15 20:38 . 2009-02-15 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-02-15 15:47 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2009-02-15 15:36 . 2009-02-15 15:46 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2009-02-15 15:36 . 2009-02-15 15:36 <DIR> d-------- C:\Programmer\Reference Assemblies
2009-02-15 15:36 . 2009-02-15 15:36 <DIR> d-------- C:\Programmer\MSBuild
2009-02-15 15:35 . 2009-02-15 15:36 <DIR> d-------- C:\e10cd930e8177a2db4f8
2009-02-15 15:35 . 2008-07-06 13:06 1,676,288 --------- C:\WINDOWS\system32\xpssvcs.dll
2009-02-15 15:35 . 2008-07-06 13:06 1,676,288 -----c--- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2009-02-15 15:35 . 2008-07-06 11:50 597,504 -----c--- C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2009-02-15 15:35 . 2008-07-06 13:06 575,488 --------- C:\WINDOWS\system32\xpsshhdr.dll
2009-02-15 15:35 . 2008-07-06 13:06 575,488 -----c--- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2009-02-15 15:35 . 2008-07-06 13:06 117,760 --------- C:\WINDOWS\system32\prntvpt.dll
2009-02-15 15:35 . 2008-07-06 13:06 89,088 -----c--- C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2009-02-01 09:44 . 2009-02-01 09:44 <DIR> d-------- C:\Programmer\CCleaner
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\Ubisoft
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\Ejer\Application Data\InstallShield
2009-01-31 11:46 . 2009-01-31 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-01-28 20:57 . 2009-01-28 20:57 0 --a------ C:\Documents and Settings\Ejer\temp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 10:46 --------- d--h--w C:\Programmer\InstallShield Installation Information
2009-01-31 10:46 --------- d-----w C:\Programmer\RADVideo
2009-01-31 10:45 --------- d-----w C:\Programmer\Adobe Media Player
2009-01-31 10:44 --------- d-----w C:\Programmer\Danske Spil
2009-01-24 08:08 --------- d-----w C:\Programmer\Ubisoft
2009-01-12 18:10 --------- d-----w C:\Programmer\Fælles filer\Adobe AIR
2009-01-05 19:20 --------- d-----w C:\Documents and Settings\Ejer\Application Data\Sony Corporation
2009-01-02 14:52 --------- d-----w C:\Programmer\Sony
2008-12-28 16:56 --------- d-----w C:\Programmer\2K Games
2008-04-29 06:53 981,194 ----a-w C:\Programmer\deknop.zip
2008-03-21 15:25 22,328 ----a-w C:\Documents and Settings\Ejer\Application Data\PnkBstrK.sys
2007-07-30 21:10 557,085,285 ----a-w C:\Programmer\UrbanTerror40_full_Installer.exe
2007-07-30 20:16 1,013,733 ----a-w C:\Programmer\ioUrbanTerror_Installer_1.0.zip
2007-07-29 09:15 2,010,624 ----a-w C:\Programmer\ventrilo-2.3.0-Windows-i386.exe
2004-10-05 20:47 32 -csha-w C:\WINDOWS\{A8D47713-DCB6-4AF6-8E00-DACFFC97C0BE}.dat
2008-11-08 12:01 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008110820081109\index.dat
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 01:34 32768]
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [2004-01-01 18:27 155648]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2006-03-20 19:58 40960]
"Steam"="c:\valve\steam\steam.exe" [2008-10-08 05:19 1410296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 17:05 15360]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"RecordNow!"="" [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR Enabled; .NET CLR 1.1.4322; InfoPath.1; .NET" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre6\bin\jusched.exe" [2008-12-20 18:29 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HPHUPD05"="c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 03:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 03:14 483328]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 16:50 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"Sunkist2k"="C:\Programmer\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 10:17 135168]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-17 23:31 118784]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2005-01-16 16:01 77824]
"Microsoft Works Update Detection"="C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe" [2002-11-14 13:39 28672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 22:08 81000]
"ACROMOUSE"="C:\Programmer\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 03:31 554496]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Spillebutiksgenvejen"="C:\Programmer\Danske Spil\Spillebutiksgenvejen\spillebutiksgenvejen.exe" [2009-01-08 13:42 259177]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [BU]

C:\Documents and Settings\Ejer\Menuen Start\Programmer\Start\
Picture Motion Browser Media Check Tool.lnk - C:\Programmer\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-01-02 15:52:26 385024]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-21 14:00:57 110592]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2003-01-21 15:19 40960 C:\WINDOWS\Vm_sti.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 C:\Programmer\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Programmer\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Programmer\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-10-02 07:00 1124352 C:\Programmer\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 08:01 110592 C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Valve\\Steam\\SteamApps\\madsjh\\counter-strike\\hl.exe"=
"C:\\program files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\UrbanTerror\\ioUrbanTerror.exe"=
"C:\\Programmer\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Programmer\\WebWriter4\\WebWrite.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Valve\\Steam\\steam.exe"=
"C:\\Programmer\\UrbanTerror\\ioUrTded.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Programmer\\Empire Interactive\\FlatOut2\\FlatOut2.exe"=
"C:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Valve\\Steam\\SteamApps\\common\\flatout demo\\FlatOutDemo.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-04-03 15:50:09 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [2008-04-03 15:50:09 20560]
.
Indhold af mappen 'Planlagte Opgaver'

2009-02-22 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - TOMME GENVEJE FJERNET - - - -

SharedTaskScheduler-{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file)

.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.jmf-support.dk/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
IE: &MSN Search - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
IE: &Translate English Word - c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Windows Live Search - C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
IE: Backward Links - c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\programmer\google\GoogleToolbar1.dll/cmcache.html
IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
IE: Åbn på ny baggrundsfane - C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?c6496bc69bd64a488b154b9a21a384a
IE: Åbn på ny forgrundsfane - C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?c6496bc69bd64a488b154b9a21a384a
IE: {{3852AC86-965F-4abe-A75F-3DCB7E81A4B2} - C:\Programmer\expektMPP\MPPoker.exe
Trusted Zone: tvsyd.dk\www
DPF: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 19:34:31
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Gennemført tid: 2009-02-22 19:38:19 - maskinen blev genstartet [Ejer]
ComboFix-quarantined-files.txt 2009-02-22 18:38:16
ComboFix2.txt 2009-02-21 18:38:40
ComboFix3.txt 2009-02-20 17:59:39
ComboFix4.txt 2009-02-20 17:30:38
ComboFix5.txt 2009-02-22 18:27:55

Pre-Kørsel: 136,139,538,432 byte ledig
Post-Kørsel: 136,123,768,832 byte ledig

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=,1,2,3,4
219 --- E O F --- 2009-02-11 23:49:28

Synes godt om

f-arn Guru

23. februar 2009 - 17:49 #15

Det var bedre :o) Hvordan kører computeren så nu?

Synes godt om

madsjh Nybegynder

24. februar 2009 - 23:50 #16

Jamen den virker meget bedre nu..

Dog er der stadig en masse som der ikke virker... Men det gjorde de hellere ikke før.

Jeg siger mange tak for hjælpen.

Synes godt om

madsjh Nybegynder

24. februar 2009 - 23:51 #17

Jamen den virker meget bedre nu..

Dog er der stadig en masse som der ikke virker... Men det gjorde de hellere ikke før.

Jeg siger mange tak for hjælpen

Synes godt om

f-arn Guru

25. februar 2009 - 18:04 #18

Hvad er det der ikke virker?

Synes godt om

madsjh Nybegynder

26. februar 2009 - 06:53 #19

Det er typisk, når at jeg vil gemme et eller andet, så går den kold. Altså hele computeren.

Jeg kan kun gemme noget som "gem", som f.eks i et word doc eller andet. Men hvis jeg vil gemme et billede i "gem som", så står den fuldstændig ag nemlig.

Det er jeg meget træt af skam.

Men derfor skal du da lige have dine point.

Så hit med et svar.. hehe og jeg siger mange tak for hjælpen.

Synes godt om

f-arn Guru

26. februar 2009 - 11:26 #20

Har du en extern harddisk?

Synes godt om

f-arn Guru

26. februar 2009 - 15:46 #21

Eller bruger du netværksdrev?

Synes godt om

Computer Hjælp (Gratis) Mester

26. februar 2009 - 21:24 #22

... eller der HAR været 'mappet' til et netværkssted som der ikke findes mere ?

Synes godt om

f-arn Guru

27. februar 2009 - 12:58 #23

karise_larry -> Det var også hvad jeg tænkte på!

Synes godt om

madsjh Nybegynder

28. februar 2009 - 14:21 #24

Overhovedet ikke... Eller ikke hvad jeg ved af da.

Synes godt om

Computer Hjælp (Gratis) Mester

28. februar 2009 - 14:57 #25

... se i Stifinder / Denne Computer -> [Funktioner][Afbryd forbindelse til et netværksdrev...] ???

Synes godt om

madsjh Nybegynder

28. februar 2009 - 15:45 #26

Den skriver: Der er ingen netværksforbindelser, der kan afbrydes.

Synes godt om

madsjh Nybegynder

03. marts 2009 - 12:23 #27

Hey... Er der nogle der kan hjælpe mig yderligere, eller så kan du lige så godt få dine point f-arn...

Mvh Mads

Synes godt om

f-arn Guru

03. marts 2009 - 16:42 #28

Et svar!

Synes godt om

madsjh Nybegynder

03. marts 2009 - 17:04 #29

Værsgo... :)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Password sikkerhed Af jhjorsal i Andet sikkerhed	2	13/07/202413:12	13/07/202422:46
Automatisering af certifikat proces - Danske virksomheder Af Søren i Andet sikkerhed	1	29/05/202414:23	30/05/202409:03
VPN i forhold til facebook? Af Novice-1 i Andet sikkerhed	2	26/05/202412:09	26/05/202420:54
Fjerne adgangskode Af Geo" søster i Andet sikkerhed	4	25/04/202418:19	26/04/202422:46
Krypetring af USB -stick Af FinBalance i Andet sikkerhed	16	04/03/202412:39	08/03/202415:52

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

26/07

Test: Endelig kan man få en soundbar der lyder godt - og som ikke behøver nogen klodset subwoofer

26/07

Analyse: ”Det største it-nedbrud i historien” viser hvor sårbare dine it-løsninger er - og det vil ske igen

26/07

Nørgaard: Jeg har jo sagt det gang på gang på gang! VMS er det bedste styresystem EVER! Men lytter folk?! Nej, nej og atter nej!

26/07

Kæmpeleverandør til Pentagon hacket: Interne undersøgelser lækket

26/07

Stor aftale gør Microsofts datacentre hurtigere - investerer i netværksudstyr

26/07

Nordjyske MapsPeople ruster op til opkøb af konkurrenter: "Vi vil vinde det her kapløb"

26/07

Mød den unge version af den mest elskede seriemorder nogensinde

26/07

AMD opdager cpu-fejl i 11. time: Storstilet lancering udskydes

26/07

Microsoft tager til genmæle: Vores licenspraksis skaber ikke unfair konkurrence

26/07

Med SearchGPT har verden fået en spritny søgemaskine: Kan den true Googles dominans?

26/07

Færre unge studerende på landets it-uddannelser: "Vi afviser dem der, hvor de har lyst til at læse"

Vis flere artikler

IT-JOB

Digitaliseringsstyrelsen

Skarpe it compliance-managers søges til Digitaliseringsstyrelsen

AK Techotel A/S

Alsidig integrationsmedarbejder til innovativt IT-firma med godt arbejdsmiljø

Capgemini Danmark A/S

Erfaren full-stack Java-udvikler til Healthcare

Sydbank

Infrastruktur Specialist

Udviklings- og Forenklingsstyrelsen

Rådgivende enterprisearkitekter med stærke samarbejdsevner

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 11:41	Windows 10 : Ikke kopiere tekst med Firefox. Men gerne med Opera. Af Ikke-ekspert i Browsere
I går 18:09	Kan ikke fildele fra PC til PC Af gertLundberg i LAN/WAN
I går 17:33	Facebook kopier en tråd Af clausito i Sociale medier
I går 09:49	Indtogs sejlads : OL i Paris : Hvornår kom Danmark ? Af Ikke-ekspert i Fri debat
I går 03:28	Inkasso som privat? Af lekor adams i Fri debat