CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede RasmusS Praktikant
26. juli 2009 - 04:36 Der er 20 kommentarer og
1 løsning

rens min PC

HEj kan en eller anden venlig sjæl ikke smide mig guiden til hvordan jeg renser min XP Pro for alt mallware spyware etc. etc.
Takker :-)
Avatar billede f-arn Guru
26. juli 2009 - 04:40 #1
Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds


Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet
Avatar billede kdjweb Nybegynder
26. juli 2009 - 04:56 #2
http://www.eksperten.dk/guide/1232

Godt nok ikke mig der har lavet den :P men man hører kun godt om ham fromsej :)
Avatar billede mrgumble Nybegynder
26. juli 2009 - 11:13 #3
Man skal heller ikke holde sig tilbage fra at formatere harddisken og geninstallere styresystemet. Så får man også ryddet op i de programmer man ikke bruger længere og man kan være mere sikker på, at man får opdateret andet software.
Avatar billede f-arn Guru
26. juli 2009 - 12:40 #4
Fint - så kan i vel også lave logløsning?
Avatar billede RasmusS Praktikant
26. juli 2009 - 17:52 #5
Er ved at scanne nu
Avatar billede RasmusS Praktikant
26. juli 2009 - 18:07 #6
Malwarebytes' Anti-Malware 1.39
Database version: 2505
Windows 5.1.2600 Service Pack 3

7/26/2009 17:58:31
mbam-log-2009-07-26 (17-58-31).txt

Scan type: Quick Scan
Objects scanned: 97194
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TDSSdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\TDSS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\LocalService\Application Data\twain_32 (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\twain_32 (Spyware.Zbot) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot.
c:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot.
c:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\twain_32\user.ds (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\twain_32\user.ds (Spyware.Zbot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Delete on reboot.


[DDS.txt]


DDS (Ver_09-06-26.01) - NTFSx86 
Run by Gobbo at 18:02:29.28 on Sun 07/26/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.991.688 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)  {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gobbo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 127.0.0.1:4001
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {140BD8E3-C167-11D4-B4A3-080000180323} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\office 2007\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: gFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\progra~1\flashget\getflash.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Resume copy] copyfstq.exe /startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-explorer: NoFind = 00000000
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&ksporter til Microsoft Excel - d:\office 2007\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\office 2007\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\office 2007\expres~1\office12\REFIEBAR.DLL
DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162232751714
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
TCP: {0100DF2F-9A8F-41E4-883E-68D2A0D1F70E} = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\office 2007\office12\GR99D3~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\office 2007\office12\GRA8E1~1.DLL

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-26 55640]
R2 CLEVOIO;CLEVOIO;c:\windows\system32\drivers\CLEVOIO.sys [2002-8-29 13104]
S0 cdburner;cdburner;c:\windows\system32\drivers\cdburner.sys [2008-9-17 15872]
S0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\RamDsk.sys [2004-9-28 26240]
S0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys --> c:\windows\system32\drivers\tclondrv.sys [?]
S2 AntiVirUpgradeService;Avira Upgrade Service;"c:\docume~1\gobbo\locals~1\temp\avsetup_4a6c6407\basic\avupgsvc.exe" /tempstart:""c:\docume~1\gobbo\locals~1\temp\avsetup_4a6c6407\basic\setup.exe" /notempcleanup /crossupgrade" --> c:\docume~1\gobbo\locals~1\temp\avsetup_4a6c6407\basic\avupgsvc.exe [?]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-9-17 3768]

=============== Created Last 30 ================

2009-07-26 17:49    <DIR>    --d-----    c:\docume~1\gobbo\applic~1\Malwarebytes
2009-07-26 17:49    38,160    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 17:49    19,096    a-------    c:\windows\system32\drivers\mbam.sys
2009-07-26 17:49    <DIR>    --d-----    c:\program files\Malwarebytes' Anti-Malware
2009-07-26 17:49    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-26 16:16    55,640    a-------    c:\windows\system32\drivers\avgntflt.sys
2009-07-26 16:16    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Avira
2009-07-25 02:24    <DIR>    --d-----    c:\program files\vSoft
2009-07-21 22:55    <DIR>    --d-----    c:\docume~1\gobbo\applic~1\JonDo
2009-07-14 18:57    155,648    a-------    c:\windows\system32\igfxres.dll
2009-07-13 22:36    221,184    a-------    c:\windows\system32\igfxeud.dll
2009-07-13 22:36    151,552    a-------    c:\windows\system32\igfxdiag.exe
2009-07-13 22:36    118,784    a-------    c:\windows\system32\igfxhk.dll
2009-07-13 22:36    45,056    a-------    c:\windows\system32\igfxdgps.dll
2009-07-13 21:25    <DIR>    --d-----    c:\program files\SystemRequirementsLab
2009-07-13 20:52    <DIR>    --d-----    c:\docume~1\gobbo\applic~1\Mchid
2009-07-13 20:52    <DIR>    --d-----    c:\docume~1\gobbo\applic~1\Livestation
2009-07-13 20:52    <DIR>    --d-----    c:\documents and settings\gobbo\Livestation

==================== Find3M  ====================

2009-06-16 16:36    119,808    a-------    c:\windows\system32\t2embed.dll
2009-06-16 16:36    81,920    a-------    c:\windows\system32\fontsub.dll
2009-06-03 21:09    1,291,264    a-------    c:\windows\system32\quartz.dll
2009-05-07 17:32    345,600    a-------    c:\windows\system32\localspl.dll
2009-04-29 06:46    666,624    a-------    c:\windows\system32\wininet.dll
2009-04-29 06:46    81,920    --------    c:\windows\system32\ieencode.dll
2007-01-10 17:23    17,144    a-------    c:\docume~1\gobbo\applic~1\GDIPFONTCACHEV1.DAT
2004-09-28 05:00    26,240    a-------    c:\windows\inf\RAMDSK.SYS

============= FINISH: 18:04:18.59 ===============
Avatar billede RasmusS Praktikant
26. juli 2009 - 18:08 #7
jeg afventer svar fra f-arn
Avatar billede f-arn Guru
27. juli 2009 - 17:40 #8
Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Højreklik på skrivebordet og vælg ny->tekstdokument og kopier  indholdet mellem  linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt


--------------

Killall::
Snapshot::
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
uPolicies-explorer: NoFind = 00000000
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)

-------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede RasmusS Praktikant
27. juli 2009 - 20:23 #9
ComboFix 09-07-26.03 - Gobbo 07/27/2009 20:10.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.991.685 [GMT 2:00]
Running from: c:\documents and settings\Gobbo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gobbo\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1a6d96.msi
c:\windows\Installer\1a6d97.msp
c:\windows\Installer\1a6d98.msp
c:\windows\Installer\1a6d99.msp
c:\windows\Installer\1a6d9a.msp
c:\windows\Installer\1a6d9b.msp
c:\windows\Installer\1a6d9c.msp
c:\windows\Installer\1a6d9d.msp
c:\windows\Installer\1a6d9e.msp
c:\windows\Installer\1a6d9f.msp
c:\windows\Installer\c29f9.msp
c:\windows\Installer\c29fa.msp
c:\windows\Installer\c29fb.msp
c:\windows\Installer\c29fc.msp
c:\windows\Installer\c29fd.msp
c:\windows\Installer\c29fe.msp
c:\windows\Installer\c29ff.msp
c:\windows\Installer\c2a00.msp
c:\windows\Installer\c2a01.msp

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


(((((((((((((((((((((((((  Files Created from 2009-06-27 to 2009-07-27  )))))))))))))))))))))))))))))))
.

2009-07-26 14:16 . 2009-03-30 08:33    96104    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2009-07-26 14:16 . 2009-03-24 14:08    55640    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2009-07-26 14:16 . 2009-02-13 10:29    22360    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2009-07-26 14:16 . 2009-02-13 10:17    45416    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2009-07-26 14:16 . 2009-07-26 14:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Avira
2009-07-25 11:36 . 2009-07-25 11:36    --------    d-----w-    c:\documents and settings\Gobbo\Local Settings\Application Data\MyDownloader
2009-07-25 00:24 . 2009-07-25 00:46    --------    d-----w-    c:\program files\vSoft
2009-07-21 20:55 . 2009-07-21 20:55    --------    d-----w-    c:\documents and settings\Gobbo\Application Data\JonDo
2009-07-18 14:43 . 2009-07-18 14:43    --------    d-----w-    c:\documents and settings\Gobbo\Local Settings\Application Data\Temp
2009-07-14 16:57 . 2003-04-06 17:05    155648    ----a-w-    c:\windows\system32\igfxres.dll
2009-07-13 20:36 . 2003-04-06 17:17    221184    ----a-w-    c:\windows\system32\igfxeud.dll
2009-07-13 20:36 . 2003-04-06 17:15    45056    ----a-w-    c:\windows\system32\igfxdgps.dll
2009-07-13 20:36 . 2003-04-06 17:15    151552    ----a-w-    c:\windows\system32\igfxdiag.exe
2009-07-13 20:36 . 2003-04-06 17:07    118784    ----a-w-    c:\windows\system32\igfxhk.dll
2009-07-13 19:25 . 2009-07-13 19:25    --------    d-----w-    c:\program files\SystemRequirementsLab
2009-07-13 18:52 . 2009-07-13 18:52    --------    d-----w-    c:\documents and settings\Gobbo\Application Data\Mchid
2009-07-13 18:52 . 2009-07-13 18:52    --------    d-----w-    c:\documents and settings\Gobbo\Application Data\Livestation
2009-07-13 18:52 . 2009-07-13 19:37    --------    d-----w-    c:\documents and settings\Gobbo\Livestation
2009-07-13 18:30 . 2009-07-13 18:30    --------    d-----w-    c:\documents and settings\Gobbo\Local Settings\Application Data\ZattooPlayer
2009-07-13 18:30 . 2009-07-13 18:39    --------    d-----w-    c:\documents and settings\Gobbo\Local Settings\Application Data\Zattoo
2009-07-10 21:20 . 2009-07-10 21:20    --------    d-----w-    c:\program files\FileZilla FTP Client
2009-07-10 14:58 . 2009-07-27 17:57    --------    d-----w-    c:\documents and settings\Gobbo\Application Data\vlc

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 18:04 . 2008-09-19 14:42    --------    d-----w-    c:\documents and settings\Gobbo\Application Data\uTorrent
2009-07-26 16:41 . 2009-03-22 15:42    --------    d-----w-    c:\documents and settings\Gobbo\Application Data\FileZilla
2009-07-26 15:49 . 2009-07-26 15:49    --------    d-----w-    c:\documents and settings\Gobbo\Application Data\Malwarebytes
2009-07-26 15:49 . 2009-07-26 15:49    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-07-26 15:49 . 2009-07-26 15:49    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-26 14:20 . 2008-11-17 09:29    --------    d-----w-    c:\program files\Avira
2009-07-26 05:06 . 2006-11-24 13:04    --------    d-----w-    c:\program files\FlashGet
2009-07-26 00:32 . 2006-11-16 23:21    --------    d-----w-    c:\documents and settings\Gobbo\Application Data\dvdcss
2009-07-25 12:47 . 2006-10-31 19:01    --------    d-----w-    c:\program files\Opera
2009-07-25 00:11 . 2006-11-03 21:32    --------    d-----w-    c:\program files\BPFTP Server
2009-07-19 15:47 . 2008-10-09 12:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-13 11:36 . 2009-07-26 15:49    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-07-26 15:49    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2001-08-23 12:00    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2001-08-23 12:00    1291264    ----a-w-    c:\windows\system32\quartz.dll
2009-05-30 01:54 . 2009-05-30 01:54    --------    d--h--w-    c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-05-24 18:56 . 2009-05-24 18:56    390664    ----a-w-    c:\documents and settings\Gobbo\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-09 23:40 . 2009-05-09 23:40    103872    ----a-w-    c:\windows\system32\drivers\AnyDVD.sys
2009-05-07 15:32 . 2001-08-23 12:00    345600    ----a-w-    c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2004-01-08 14:23    666624    ----a-w-    c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2004-08-04 07:56    81920    ------w-    c:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-12-06 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-12-06 569344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-03-28 53248]
"Resume copy"="copyfstq.exe" - c:\windows\copyfstq.exe [2006-10-31 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCurrentUserRunOnce"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0oodbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gobbo^Start Menu^Programs^Startup^CheckMail.LNK]
backup=c:\windows\pss\CheckMail.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Gobbo^Start Menu^Programs^Startup^Screen Clipper and Launcher til OneNote 2007.lnk]
path=c:\documents and settings\Gobbo\Start Menu\Programs\Startup\Screen Clipper and Launcher til OneNote 2007.lnk
backup=c:\windows\pss\Screen Clipper and Launcher til OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BPFTP Server\\G6FTPSrv.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"d:\\Games\\Diablo II\\Game_crk.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Office 2007\\Office12\\OUTLOOK.EXE"=
"d:\\Office 2007\\Office12\\GROOVE.EXE"=
"d:\\Office 2007\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\WLM Lite 8.5.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"d:\\Program Files\\WASTE\\WASTE.exe"=
"c:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"d:\\Program Files\\ProxyWay\\proxyway.exe"=

R0 cdburner;cdburner;c:\windows\system32\drivers\cdburner.sys [9/17/2008 21:46 15872]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/26/2009 16:16 108289]
R2 CLEVOIO;CLEVOIO;c:\windows\system32\drivers\CLEVOIO.sys [8/29/2002 18:30 13104]
S0 Ramdisk;Ramdisk Driver;c:\windows\system32\drivers\RamDsk.sys [9/28/2004 05:00 26240]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 AntiVirUpgradeService;Avira Upgrade Service;"c:\docume~1\Gobbo\LOCALS~1\Temp\AVSETUP_4a6c6407\basic\avupgsvc.exe" /TEMPSTART:""c:\docume~1\Gobbo\LOCALS~1\Temp\AVSETUP_4a6c6407\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\docume~1\Gobbo\LOCALS~1\Temp\AVSETUP_4a6c6407\basic\avupgsvc.exe [?]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [9/17/2008 18:43 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-07-17 c:\windows\Tasks\Shut Down.job
- d:\appz\Shut Down.bat [2008-03-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 127.0.0.1:4001
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&ksporter til Microsoft Excel - d:\office 2007\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {0100DF2F-9A8F-41E4-883E-68D2A0D1F70E} = 208.67.222.222,208.67.220.220
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.

**************************************************************************

creating catchme.sys error: The process cannot access the file because it is being used by another process.
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-27 20:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-842925246-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{73DDA0CF-B141-5588-4684-2CCC0263C684}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iacjpkodjiobofhjnh"=hex:6b,61,6c,6f,69,69,6f,64,63,62,68,70,6d,63,61,68,6a,65,
  6f,6c,6c,6c,00,00
"haakbheaijmdonln"=hex:6b,61,6c,6f,69,69,6f,64,63,62,68,70,6d,63,61,68,6a,65,
  6f,6c,6c,6c,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="C38E5D0B7D91C6792BA9D7ECB92FFB9314B4BBBB447517280BE5C80AF04AB00F39AFDC20BBB0602A007063B2AB9B37FB9EF1CCEBC399C71DF4BE2837854CB8F1C23AB7EA0331EDB70D9726BE82B93E65039B408AB335BA5578A447606B8703BEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667C038D530D6EB3452A2D97226D213B5555C855DE6B661B21835AD6948B5D6E7FEB2ED3B8896773DEBF41D0CAF307EAC69F02C23AA6C0D542CEA329E6B03DEC810FC4B5BC450587D66334FD925B3D9B811B9CB411689EC1FEE92D9F013A538479AE1BA972FEA4ADEF2C8496706EBB5637BCDBB52049C70E6065EB3D8789615E7314C9EEA7BEBE7B833F663D0A2852EF377EAE82F029B5A810C21619385B3FDB35A4A6D9194371CE4B92609F3800E373544EE5378D35E414D8BD61720DB3E50368F0EAF0D1497283F0B5FB9F15A7B957595DD8E10EE208F2807199E42CB5CB981BD6B06234CBBA12B255407B21C24628813E1C49DFD830576F3AB5404E0163DA8495E22DBC236700EF5D59ADF69C20C43D8C3308CDF8BB31FB9F1ABAED2D8B5C58684C9042EFDD050E05AAD661576D401F7F5218B27A0038E3674A7D593F74C74BF9E56AD7BEBD5DF3C7E90F8AA4452A0738AFD8D1A10ADB3BB6161C9C5260256B39438AE4B3FE1AF5380A60EE6926D85C3BABDCAB40942030C0988A6C07EAA8F936EEF1F729BAEB4E543E5603CAC6515D362EB3E23A0A27364605D4611FE6DC8855B155C798448E7254D5CEC4FC24ABA067F2926494F8681ED00B348F408C6AE242B51881C671148BAC9A6F6796803E42DB82B86BCF0F8AC4C25769260DD8571FC5661074B913C563F08F8834813490610D4B8A54946587793B122CCFA2C4EC612F59A812CB4541843F99ADD7E9F2B946C3F2E8FECF357EA4C28C862217F98E5D847626597E6B418C8386693904D090C7108FC125A837C91F4338E84E149308CBCACB0E418240D62477B4D762740996AC2632842F65E23FBFC9F2E267F5E35FA1BAB9673EF4A65882A24509C22FDE6B2F9A84875DED779BCC95DF300F2F89B7646EFB44B131B14225035086291F3CE6B22D58A49602283ECB502C08F67B5A947824442E8AABD46C70C5420E13AEF0320BB872D997C5717A78CC60B92BC16FBB98C9C880E91BCFC9626CDD68197A6895CB883070CEAF1DD0C0F095B0E8400831F918F66405A858DB1571080E3562F3AB605B27E0796D4D8BD7347CECA88BC824BB2544F47C86A1FBDCFAC82F5D604C4C3F81E90359D435AE4612996D4447A119706CBC73055A2B0E333DCD964B085AA9EE6F8CD0752E408ADF6F5F8FB65489BDF167569CD2CC911D1187A95212BF5C16510145AAE3B475C47459BCE54519E610660"
"OODEFRAG10.00.00.01WORKSTATION"="FE4E18F54E46A88209A34465B812640B5B93526BC03B854777B914A1DE79EA702DD63C9585AA5D1BF1410BB94666BC21D3A60BAAFBECCBC3E99B654918D6052E667DB79568A702BFAA9E0BEC081DF0A677CC4D8446DD9AD2279E62482CEFFB29F191BE77948068994F011B1E47FDC274DDDEB0D3AC7DC498DD4D84D796F753743A74CB6F0CCFE4C9A53DD69EACA7F95544C80F26270F22AFE44A8762B5F714144C9D1BE5B580526392BF99F2CA0B6009088B083F8AA70FA4B24A6B88C74ACB825A95AEF65BD48D6B2287885592EF45452EB9FE941634E977E617759B739F8AADBBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3D8EDD5E5BE2F6E667C7322FDAA10A809ED217BEE47854B6409F049F4C8E66D37C0DE10B8EF4786D5C824FA8AE352CE8583F2FDFBD47A43394FDC7FE685AB1CFC66272301B6E7B37173CD63BB33DD581A3133D1DC8720D5E840DE9E873B0506A671D8D01BAED2AC5BFFE4316FD1E0182F58E9D8280A2B3DEBC65C7E5731F3ED5E8C7B3A29C866C77D4EC539B860C28196788F0CE4955C64E11AE8331D308F6B8F202A36E541E3321FC390A622A934AE635E81A75E6D7753BF627013DE11E7CAED47FE7F159EDEF8AFE2D30B4A793EC0140AD411E02D075A78724E82DCFEAD4C68287476F070498EF46234F9024BC95700EE6D3252AB47E0A810AA95935CB89831275D0DB9DC12A01630E3628281952B0473C81194FD14ECBC6D1F4CF0C71285CBF3757E0BEDD206189EF79642101AFB4B7E43FBE47C5244A5C0C3ECE32DF43BC68D2F05C73E07FAA1162EE5DDD24C46151AF428C4B07C658EDD9BFCD6AEF6F038FDCF6DEA529CEE7F61133629305278DA97C8AAD785B7D3CC671F5725BCFC602DD8108AEA6E79818D8BBA476DAFAF10978405502D0DE942FDA1DA21B0F7E66021D8006C5A7A46AB1FBB866CFAE2F46941A86A81E3902DDE040BB4A57F35170BC3A2C97D04237D69AC86EDF587122C762116B4BC87C88AC70AEBF38EB5DF00AE14BECA631704E76B0C9593B2F66261D9E021FC97D4688DA7685AE7652805BDD94063E617D12EB6241308AE8273662F264B36875EAA7F044FBC72257B5775F99EA442E3A7D6A65B9134EA51C466DD0F7C6169F60F5987EC9001A4A71F642236DF0855FE63121E41F5C1E62CAC7FBC060C838B2E4366F46D0F245E79BABC11F90A46D8BE0C7416739CABA8F3099B65464E3CF229D756CB0C0BB3953F41BBDA0BB7A42FB68A8B93F327D630A4C5E5503BE053583EAB42E7787B487F3DD42DF47AC587012FDEBDE123987FA48E2EB75172E8E65807128BC2D14AB65C87AD13509A41A84BE675FE75A01F20C51F8CD963078D382D699350033DCE1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2372)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\oodag.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-27 20:20 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-27 18:20

Pre-Run: 1,691,803,648 bytes free
Post-Run: 1,658,417,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

219    --- E O F ---    2009-07-19 15:48
Avatar billede RasmusS Praktikant
27. juli 2009 - 20:23 #10
sådan der... afventer svar fra f-arn
Avatar billede f-arn Guru
28. juli 2009 - 19:11 #11
Hent http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Kør HijackThis, klik på "Do a systemscan scan and save a logfile"  kopier loggens tekst og send den herind.

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet
Avatar billede RasmusS Praktikant
28. juli 2009 - 20:56 #12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:53 , on 7/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Office 2007\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\vSoft\Rapidshare Auto Downloader 3.6.1\RapidshareAutoDownloader.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gobbo\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office 2007\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Office 2007\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\Office 2007\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office 2007\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office 2007\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office 2007\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162232751714
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0100DF2F-9A8F-41E4-883E-68D2A0D1F70E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0100DF2F-9A8F-41E4-883E-68D2A0D1F70E}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{0100DF2F-9A8F-41E4-883E-68D2A0D1F70E}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Office 2007\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\Gobbo\LOCALS~1\Temp\AVSETUP_4a6c6407\basic\avupgsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8162 bytes
Avatar billede RasmusS Praktikant
28. juli 2009 - 20:56 #13
således... afventer svar fra f-arn
Avatar billede f-arn Guru
29. juli 2009 - 13:41 #14
Ved du hvad det her er?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001

hent http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
Start superantispyware, klik på Check for updates.
Klik på Scan your Computer, sæt flueben i de drev der skal scannes. (Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.


Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, og gemmer den på skrivebordet.

Den log må du gerne lgge herin
Avatar billede f-arn Guru
29. juli 2009 - 13:44 #15
Du må også godt fortælle lidt mere om hvordan din pc kører
Avatar billede RasmusS Praktikant
30. juli 2009 - 16:11 #16
her er loggen:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/29/2009 at 10:40 PM

Application Version : 4.27.1000

Core Rules Database Version : 4026
Trace Rules Database Version: 1966

Scan type      : Complete Scan
Total Scan Time : 01:17:51

Memory items scanned      : 472
Memory threats detected  : 0
Registry items scanned    : 6128
Registry threats detected : 6
File items scanned        : 19801
File threats detected    : 23

Adware.Tracking Cookie
    C:\Documents and Settings\Gobbo\Cookies\gobbo@atdmt[2].txt
    C:\Documents and Settings\Gobbo\Cookies\gobbo@bluestreak[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tripod[2].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@bs.serving-sys[1].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@doubleclick[3].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@adtech[1].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@advertising[2].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@mediaplex[3].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@apmebf[1].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@tradedoubler[1].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@msnportal.112.2o7[1].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@2o7[1].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@atdmt[3].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@bluestreak[3].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@hornymatches[1].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@serving-sys[2].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@track.adform[2].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@track.adform[3].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@track.adform[4].txt
    C:\Program Files\Messenger\WLM Lite\%Profile%\Cookies\gobbo@track.adform[5].txt

Adware.MyWebSearch/FunWebProducts
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32

Trojan.SVCHost/Fake
    C:\PROGRAM FILES\MESSENGER\WLM LITE\1000000600002I\SVCHOST.EXE
Avatar billede RasmusS Praktikant
30. juli 2009 - 16:14 #17
min pc kører godt efter denne omgang indtil nu, min opstart er blevet hurtigere. Og det er rart at vide den er totalt clean.
  ..og nej jeg ved ikke hvad det her er:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
Avatar billede RasmusS Praktikant
30. juli 2009 - 16:20 #18
måske du kan hjælpe mig med at frigøre plads på mit C drev, hvad kender du af temp foldere som kan tømmes. Kørte ex. lige en windows diskclean og det gav over 1 GB, skal også lige nævnes at denne installation er fra ca. 2002. Min PC er en Notebook, ser ikke noget behov for at skifte, da jeg nu kun bruger den til surf og film.
Avatar billede RasmusS Praktikant
30. juli 2009 - 18:20 #19
nåh ja, det sidste kan jeg bare give 200 mere for forresten, hvis du kan hjælpe. Opretter bare en ny tråd.
Avatar billede Computer Hjælp (Gratis) Mester
30. juli 2009 - 19:51 #20
Fra min 'samling' ->

Mht til af få plads på C:\ ->

Du bør rense temp med denne fil, det tager kun få sek. Hent den lille batfil, dobbeltklik på filen, og der går et split sek. Så er temp renset.
www.spywareinfo.dk/download/cleantempxp2k.bat

--------------------------------------------------------------------------------
[Start][Programmer][Tilbehør][Systemværktøjer][Diskoprydning] C:
Makér alle elementer UNDTAGEN 'komprimer gamle filer'
OK
--------------------------------------------------------------------------------
[Start][Indstillinger][Kontrolpanel][Strømstyring] - Fanen [Dvale]
[  ] Deaktiver Dvale
OK
--------------------------------------------------------------------------------
[Start][Indstillinger][Kontrolpanel][System] - Fanen [Systemgendannelse]
[  ] Deaktivér Systemgendannelse
Normal Genstart
[Start][Indstillinger][Kontrolpanel][System] - Fanen [Systemgendannelse]
[ x ] Aktivér Systemgendannelse.
--------------------------------------------------------------------------------
[Start][Indstillinger][Kontrolpanel][Mappe indstillinger] - Fanen [Vis]
[  ] Skjul beskyttede operativsystemfiler
[ x ] Vis skjulte filer og mapper

Stifinder/Denne Computer
Navigér til
C:\WINDOWS
Find mapper med navnet
$Nt*
typisk med BLÅ farve.
Slet disse mapper med indhold.
(Jeg har ~1.5Gb der lige til at slette...)
--------------------------------------------------------------------------------
Ta' en oprydning med CCleaner som du sansynligvis allerede har. Også/især punktet [Register/Problemer]
Avatar billede f-arn Guru
03. august 2009 - 20:54 #21
Efter anmodning sender jeg her et svar.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Password sikkerhed Af jhjorsal i Andet sikkerhed 2 13/07/202413:12 13/07/202422:46
Automatisering af certifikat proces - Danske virksomheder Af Søren i Andet sikkerhed 1 29/05/202414:23 30/05/202409:03
VPN i forhold til facebook? Af Novice-1 i Andet sikkerhed 2 26/05/202412:09 26/05/202420:54
Fjerne adgangskode Af Geo" søster i Andet sikkerhed 4 25/04/202418:19 26/04/202422:46
Krypetring af USB -stick Af FinBalance i Andet sikkerhed 16 04/03/202412:39 08/03/202415:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 16:51 UNILOGIN i GOOGLE Af lao i Browsere
I går 10:07 Kan det gøres lettere Af densortehingst i Excel
01/0821:49 En app vækker mig om morgenen og giver en vejrudsigt - hvordan stoppe det? Af Philip Kuhlmann i Apps til Android
01/0821:28 visning af heltal som resultat efter beregning Af Brian_Skovgaard i Excel
01/0814:48 Microsoft Business - kan ikke logge ind Af Lasse i Office & Kontorpakker
White papers
Flere white papers »


Premium
Teaser billede
Nvidia efterforskes for brud på konkurrencelov
Læs mere »
Den store cloud-krig raser stadigvæk - og Amazon ser lige nu ud til at have overhånden
Apple præsenter første regnskab siden AI-udmelding: Her er tre bemærkelsesværdige pointer derfra
Sårbarhed kan let give administratorrettigheder til alle: Udnyttes allerede af ransomware-grupper
Se alle »
Computerworld
Teaser billede
Første test: Denne helt nye wunder-CPU vil du have i din næste laptop
Læs mere »
Alvorlig fejl i Intel-chips breder sig: Listen over ramte processor vokser og vokser – og de kan blive permanent beskadigede
’Apple Intelligence’ slippes løs: Her kommer første mulighed for at afprøve Apples kunstige intelligens
Flere statslige it-løsninger ramt af netværksproblemer - ansatte kunne ikke få mail-adgang
Se alle »
CIO
Teaser billede
Stor aftale gør Microsofts datacentre hurtigere - investerer i netværksudstyr
Læs mere »
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
NIS2 i Danmark udskydes med flere måneder: Her er den nye dato, hvor loven træder i kraft
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
SASE: Træf det rette valg – første gang
Læs mere »
Det behøver ikke at gøre ondt: Sådan gør du livet lettere for kunder med multicloud
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »