Oprettet tor. d. 22. oktober 2009 kl. 18:53:29

crasser83
crasser83 (15.495 point. Point ude: 0)


Hjælp til fjernelse af "Antivirus Pro - 2010"

Har fået intalleret noget malware med navnet Antivirus Pro 2010 på en arbejdscomputer. Hvordan får jeg den renset?

Jeg har været inde på www.pcthreat.com, mere præcist "http://dk.pcthreat.com/parasitebyid-8239dk.html" som skriver dette:
"
Sådan renser du Antivirus Pro 2010 dig selv
 
For at spare tid og undgå at risikere at ødelægge din computer, anbefaler vi kraftigt at bruge en spyware-scanner Såsom SpyHunter, for at opdage Antivirus Pro 2010 Og andet spyware, adware, trojaner, virusser, keyloggers og andet, der kan blive gemt på din PC.
Fjerne registry entries (Antivirus Pro 2010):
Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010
Microsoft\Windows\CurrentVersion\Run\Antivirus Pro 2010
AntivirusPro_2010
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Antivirus Pro 2010
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN Antivirus Pro 2010
RUNNING PROGRAM\AntivirusPro_2010.exe
"
De henviser ydermere til et anti spyware program der hedder spyhunter 3, som da også genkender malware programmet. Man skal dog købe den fulde version for at den vil fjerne den for mig. Mit spørgsmål er så om den kan løse mit problem hvis jeg punger ud eller om man kan og skal gøre det manuelt. Har nemlig tit oplevet at antispyware programmer ikke kan klare ærterne når den først er gal.

MVH Christian Ibsen-Bjerget

Skrevet tor. d. 22. oktober 2009 kl. 18:56:09| #1

f-arn
f-arn (24.175 point)
Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista - Højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på opdater til den skriver at der ikke er flere opdateringer.

Skrevet tor. d. 22. oktober 2009 kl. 19:31:27| #2

crasser83
crasser83 (15.495 point)
Her er de så. Og tak fir hjælpen og din tid.

Malwarebytes' Anti-Malware 1.41
Database version: 3012
Windows 5.1.2600 Service Pack 3

22-10-2009 19:22:22
mbam-log-2009-10-22 (19-22-22).txt

Skan type: Hurtig skanning
Objekter skannet: 106336
Tid tilbagelagt: 7 minute(s), 13 second(s)

Inficerede Hukommelses Processer: 7
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 2
Inficerede Registeringsdatabase Værdier: 12
Inficerede Registeringsdatabase Filer: 4
Inficerede Mapper: 4
Inficerede Filer: 49

Inficerede Hukommelses Processer:
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Reception1\Application Data\seres.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\Reception1\Application Data\svcst.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Unloaded process successfully.
C:\WINDOWS\Temp\wpv651255703227.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Reception1\restorer64_a.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\restorer64_a.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\cpcp.cpo (Trojan.Agent) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer64_a (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer64_a (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe cpcp.cpo bef0regiiav) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Programmer\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\data (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\Microsoft.VC80.CRT (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Menuen Start\Programmer\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Application Data\seres.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Application Data\svcst.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv581255562528.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN10.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN11.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN12.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN13.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN14.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN15.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN16.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN185.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BN9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BNA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BNB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BNC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BND.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BNE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Lokale indstillinger\Temp\BNF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\AntivirusPro_2010.exe (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\wscui.cpl (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\data\daily.cvd (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Programmer\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Menuen Start\Programmer\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Menuen Start\Programmer\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpcp.cpo (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Reception1\Application Data\lizkavd.exe (Rogue.AntiVirusPro) -> Delete on reboot.
C:\WINDOWS\Temp\wpv651255703227.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtplugin.exe (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\wpv881255137485.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Skrivebord\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reception1\restorer64_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\restorer64_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

------------------------------------------------------------

DDS (Ver_09-10-13.01) - NTFSx86 
Run by Reception1 at 19:23:01,64 on 22-10-2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1015.392 [GMT 2:00]

AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning enabled* (Updated)  {9562DEF8-B4C4-4848-946E-F4F43834FB9F}
AV: avast! antivirus 4.8.1356 [VPS 091021-0] *On-access scanning enabled* (Updated)  {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Trend Micro Client-Server Security Agent Firewall *disabled*  {9562DEF8-B4C4-4848-946E-F4F43834FB9F}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programmer\SetWeb\SetWeb.exe
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\OpenOffice.org 3\program\soffice.bin
svchost
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Programmer\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\TEMP\OECA52.EXE
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmer\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Reception1\Skrivebord\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = dk.msn.com//
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\programmer\canon\easy-webprint\Toolband.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\programmer\windows live\messenger\msnmsgr.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [OfficeScanNT Monitor] "c:\programmer\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Easy-PrintToolBox] c:\programmer\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "c:\programmer\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SpyHunter Security Suite] c:\programmer\enigma software group\spyhunter\SpyHunter3.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\recept~1\menuen~1\progra~1\start\openof~1.lnk - c:\programmer\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\documents and settings\reception1\menuen start\programmer\start\zavupd32.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~1.lnk - c:\programmer\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~2.lnk - c:\programmer\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\setweb.lnk - c:\programmer\setweb\SetWeb.exe
IE: Easy-WebPrint Add To Print List - c:\programmer\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
Trusted Zone: danid.dk
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://192.168.18.11:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://192.168.18.11:4343/officescan/console/ClientInstall/setup.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://192.168.18.11:4343/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://192.168.18.11:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} - hxxps://activex.dataloen.dk/controls/Dataloen3341.CAB
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-22 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-22 20560]
R2 TmFilter;Trend Micro Filter;c:\programmer\trend micro\client server security agent\tmxpflt.sys [2008-8-16 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\programmer\trend micro\client server security agent\tmpreflt.sys [2008-8-16 36368]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l251x86.sys [2008-6-18 30720]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [2008-11-5 52026]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-22 38224]

=============== Created Last 30 ================

2009-10-22 19:13    <DIR>    --d-----    c:\docume~1\recept~1\applic~1\Malwarebytes
2009-10-22 19:13    38,224    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 19:13    19,160    a-------    c:\windows\system32\drivers\mbam.sys
2009-10-22 19:13    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 19:13    <DIR>    --d-----    c:\programmer\Malwarebytes' Anti-Malware
2009-10-22 18:23    <DIR>    --d-----    c:\programmer\Enigma Software Group
2009-10-22 16:54    27,408    a-------    c:\windows\system32\drivers\aavmker4.sys
2009-10-21 15:59    19,168    a-------    c:\windows\system32\ruco.dll
2009-10-21 15:59    18,006    a-------    c:\windows\system32\vykeneh.com
2009-10-21 15:59    17,084    a-------    c:\windows\system32\ulubafe.ban
2009-10-21 15:59    14,574    a-------    c:\windows\sidyqyboc.ban
2009-10-21 15:59    11,706    a-------    c:\windows\system32\iryxojufu.com
2009-10-21 15:59    11,148    a-------    c:\windows\system32\otaqokihe.vbs
2009-10-21 15:59    10,007    a-------    c:\windows\ejovasadyd.vbs
2009-10-21 15:59    16,290    a-------    c:\windows\socegaji.sys
2009-10-21 15:59    14,573    a-------    c:\windows\genygy.lib
2009-10-21 15:59    14,421    a-------    c:\docume~1\recept~1\applic~1\iqefut.vbs
2009-10-21 15:59    14,308    a-------    c:\programmer\fælles filer\ipig.dll
2009-10-21 15:59    14,185    a-------    c:\docume~1\recept~1\applic~1\habadyt.com
2009-10-21 15:59    14,136    a-------    c:\windows\emutosaru.bin
2009-10-21 15:59    12,771    a-------    c:\docume~1\recept~1\applic~1\apuhiqud.bat
2009-10-21 15:55    42,368    ac------    c:\windows\system32\dllcache\agp440.sys
2009-10-21 15:55    27,136    --------    c:\windows\system32\cpcp.cpo
2009-10-15 09:08    208,744    a-------    c:\windows\system32\muweb.dll
2009-10-15 09:08    268,648    a-------    c:\windows\system32\mucltui.dll
2009-10-15 09:08    27,496    a-------    c:\windows\system32\mucltui.dll.mui
2009-10-14 10:24    <DIR>    --d-----    c:\documents and settings\reception1\Tracing
2009-10-14 10:24    <DIR>    --d-----    c:\programmer\Microsoft
2009-10-14 10:24    <DIR>    --d-----    c:\programmer\Windows Live SkyDrive
2009-10-14 10:16    <DIR>    --d-----    c:\programmer\fælles filer\Windows Live
2009-10-01 13:36    2,674,149    a-------    C:\Kontoudtog til Revisor.pdf
2009-09-30 14:43    278,528    a-------    c:\windows\system32\DSJPG.dll
2009-09-30 14:43    260,096    a-------    c:\windows\system32\TMDGUI20.dll
2009-09-30 14:42    279,552    a-------    c:\windows\system32\DSJPG_12Bit.dll

==================== Find3M  ====================

2009-10-22 19:14    324,960    a-------    c:\windows\system32\perfh006.dat
2009-10-22 19:14    47,276    a-------    c:\windows\system32\perfc006.dat
2009-10-21 15:59    18,879    a-------    c:\programmer\fælles filer\ryrewut.db
2009-10-21 15:59    16,487    a-------    c:\programmer\fælles filer\dogyzip.ban
2009-10-21 15:59    16,445    a-------    c:\programmer\fælles filer\zobawot.db
2009-10-20 14:39    0    a-------    c:\documents and settings\reception1\temp.dat
2009-09-30 14:45    282,112    a-------    c:\windows\MiniWeb.exe
2009-09-30 14:43    144,896    a-------    c:\windows\system32\dsxml.dll
2009-09-30 14:43    155,648    a-------    c:\windows\system32\dsibapi.dll
2009-09-30 14:42    287,232    a-------    c:\windows\system32\DSPNG.dll
2009-09-30 14:42    109,568    a-------    c:\windows\system32\dszlib.dll
2009-09-30 14:42    101,888    a-------    c:\windows\system32\ToolBox20.dll
2009-09-11 16:19    136,192    a-------    c:\windows\system32\msv1_0.dll
2009-09-04 23:04    58,880    a-------    c:\windows\system32\msasn1.dll
2009-08-29 09:28    832,512    a-------    c:\windows\system32\wininet.dll
2009-08-29 09:28    78,336    a-------    c:\windows\system32\ieencode.dll
2009-08-29 09:28    17,408    --------    c:\windows\system32\corpol.dll
2009-08-26 10:02    247,326    a-------    c:\windows\system32\strmdll.dll
2009-08-05 11:00    204,800    a-------    c:\windows\system32\mswebdvd.dll
2009-08-04 19:29    2,147,840    a-------    c:\windows\system32\ntoskrnl.exe
2009-08-04 19:29    2,026,496    a-------    c:\windows\system32\ntkrnlpa.exe
2009-08-04 11:45    86,327    a-------    c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-26 16:44    48,448    a-------    c:\windows\system32\sirenacm.dll

============= FINISH: 19:23:32,82 ===============

Skrevet tor. d. 22. oktober 2009 kl. 20:09:52| #3

crasser83
crasser83 (15.495 point)
I forbindelse med fjernelsen med malwarebits, er alle skrivebordsikoner blevet slettet, computeren er meget langsom og baggrunden er som standard. Næsten som om at min bruger er blevet slettet... Alle filer ser dog stadig ud til at være der, men er utrolig langsomme om at åbne...

Skrevet tor. d. 22. oktober 2009 kl. 21:19:23| #4

f-arn
f-arn (24.175 point)
Du bør aldrig køre med to antivirus. Afinstaller enten Avast eller Trend Micro!

----------

Find og upload disse filer hos Jotti eller Virustotal:

c:\documents and settings\reception1\menuen start\programmer\start\zavupd32.exe
c:\windows\system32\drivers\cxbu0wdm.sys


http://virusscan.jotti.org/ - http://www.virustotal.com/en/indexf.html

Du skal måske slå vis skjulte filer og mapper til.
Hvis du ikke ved hvordan så se her:

http://www.it-artikler.dk/2008/03/05/vis-skjulte-filer-og-mapper/

Kopier resultatet herind

----------

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier  indholdet mellem  linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt


--------------

Killall::
Snapshot::
DDS::
mRun: [Regedit32] c:\windows\system32\regedit.exe


--------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Skrevet tor. d. 22. oktober 2009 kl. 21:37:04| #5

crasser83
crasser83 (15.495 point)
ok. jeg er ikke på arbejdet længere. Gør det i morgen ved en ti-tiden. Vender stærk tilbage. Skal jeg gøre det et skridt af gangen eller kan jeg kopiere begge ind samtidigt?

Skrevet tor. d. 22. oktober 2009 kl. 21:47:06| #6

f-arn
f-arn (24.175 point)
Har i ikke en IT ansvarlig du kan spørge til råds?

Skrevet tor. d. 22. oktober 2009 kl. 21:51:37| #7

f-arn
f-arn (24.175 point)
Du kan godt, i første omgang, nøjes med at uploade de to filer og kopiere resultatet herind. Så kan det jo være at jeg skal justere CFScript.txt

Skrevet tor. d. 22. oktober 2009 kl. 22:06:38| #8

crasser83
crasser83 (15.495 point)
ok. Det gør jeg i morgen. Vi er kun en lille tandklinik, så jeg har påtaget mig ansvaret for IT'en. Har lidt forstand på det meste men virus er lige ud over min kompetance. Havde ikke lige regnet med at en af klinikassistenterne hoppede på den gamle, "du har virus, skynd dig at downloade dette her program"-trick...

Skrevet fre. d. 23. oktober 2009 kl. 06:05:30| #9

f-arn
f-arn (24.175 point)
Det gør du bare  :)

Skrevet fre. d. 23. oktober 2009 kl. 12:52:15| #10

crasser83
crasser83 (15.495 point)
Så er jeg tilbage på arbejdet...

File cxbu0wdm.sys received on 2009.10.23 10:48:15 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results 
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email: 
 

Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.23 -
AhnLab-V3 5.0.0.2 2009.10.22 -
AntiVir 7.9.1.44 2009.10.23 -
Antiy-AVL 2.0.3.7 2009.10.23 -
Authentium 5.1.2.4 2009.10.23 -
Avast 4.8.1351.0 2009.10.22 -
AVG 8.5.0.423 2009.10.23 -
BitDefender 7.2 2009.10.23 -
CAT-QuickHeal 10.00 2009.10.23 -
ClamAV 0.94.1 2009.10.23 -
Comodo 2701 2009.10.23 -
DrWeb 5.0.0.12182 2009.10.23 -
eSafe 7.0.17.0 2009.10.22 -
eTrust-Vet 35.1.7081 2009.10.23 -
F-Prot 4.5.1.85 2009.10.22 -
F-Secure 9.0.15370.0 2009.10.22 -
Fortinet 3.120.0.0 2009.10.23 -
GData 19 2009.10.23 -
Ikarus T3.1.1.72.0 2009.10.23 -
Jiangmin 11.0.800 2009.10.23 -
K7AntiVirus 7.10.877 2009.10.22 -
Kaspersky 7.0.0.125 2009.10.23 -
McAfee 5779 2009.10.22 -
McAfee+Artemis 5779 2009.10.22 -
McAfee-GW-Edition 6.8.5 2009.10.23 -
Microsoft 1.5202 2009.10.23 -
NOD32 4536 2009.10.23 -
Norman 6.03.02 2009.10.22 -
nProtect 2009.1.8.0 2009.10.23 -
Panda 10.0.2.2 2009.10.22 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.23 -
Rising 21.52.42.00 2009.10.23 -
Sophos 4.46.0 2009.10.23 -
Sunbelt 3.2.1858.2 2009.10.23 -
Symantec 1.4.4.12 2009.10.23 -
TheHacker 6.5.0.2.051 2009.10.22 -
TrendMicro 8.950.0.1094 2009.10.23 -
VBA32 3.12.10.11 2009.10.22 -
ViRobot 2009.10.23.2003 2009.10.23 -
VirusBuster 4.6.5.0 2009.10.22 -
Additional information
File size: 52026 bytes
MD5...: 008a09fa9c431d36bc3fa922f0cf3e55
SHA1..: 99df11a50e102b6dba8b723a46dd840e806bd5b6
SHA256: 906999420fe95d02c70ab1ece6811c0d1435b417bf8b1f43bc2218758a46741f
ssdeep: 768:KxCxkd5PLMTFQMTTqJmewhaVrwltVl7zuPgryC9siWRqaVOkNTCr:khd9LC3
TTlaAdzuorW1/bNo

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21ec
timedatestamp.....: 0x400b917e (Mon Jan 19 08:12:46 2004)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x8b38 0x8b40 6.33 9aefa89a342c8143e7c3b0aaee3d6468
.rdata 0x8e40 0x10c8 0x10e0 5.15 cdc95019cac1c3406204e26f70e95e6a
.data 0x9f20 0x590 0x5a0 4.57 a812d1441c71414f2aa511b3610b1b91
PAGE 0xa4c0 0x2de 0x2e0 5.85 40d2a317ed6a891c012b33eff2865448
INIT 0xa7a0 0x83a 0x840 5.15 829e6d912139b105739d068769b9c4c1
.rsrc 0xafe0 0x6b8 0x6c0 3.36 1144c77f5d66b3548f408471b9dc6855
.reloc 0xb6a0 0x90a 0x920 6.06 4735a93ddf02f56d0e4c7046c2f69808

( 5 imports )
> NTOSKRNL.EXE: KeSetEvent, IofCallDriver, IofCompleteRequest, PsTerminateSystemThread, KeWaitForSingleObject, KeClearEvent, ZwClose, KeReleaseMutex, ObReferenceObjectByHandle, ExAllocatePoolWithTag, wcslen, RtlInitUnicodeString, RtlCopyUnicodeString, IoRegisterDeviceInterface, KeInitializeSpinLock, IoCreateDevice, IoDeleteDevice, PsCreateSystemThread, ExFreePool, IoDeleteSymbolicLink, IoSetDeviceInterfaceState, InterlockedIncrement, InterlockedDecrement, KeInitializeEvent, RtlQueryRegistryValues, IoDetachDevice, InterlockedExchange, IoAcquireCancelSpinLock, IoAttachDeviceToDeviceStack, IoFreeIrp, PoCallDriver, PoSetPowerState, PoStartNextPowerIrp, PoSetSystemState, PoRequestPowerIrp, IoBuildDeviceIoControlRequest, IoWMIRegistrationControl, IoAllocateIrp, KeDelayExecutionThread, RtlFreeUnicodeString, IoReleaseCancelSpinLock, KeInitializeMutex, RtlUnicodeStringToInteger, IoIsWdmVersionAvailable, RtlFreeAnsiString, RtlCompareMemory, RtlUnicodeStringToAnsiString, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, RtlUnwind, IoCancelIrp
> HAL.DLL: KfAcquireSpinLock, KfReleaseSpinLock, KeStallExecutionProcessor, KeGetCurrentIrql
> SMCLIB.SYS: SmartcardT1Reply, SmartcardAcquireRemoveLock, SmartcardCreateLink, SmartcardExit, SmartcardReleaseRemoveLockAndWait, SmartcardReleaseRemoveLock, SmartcardDeviceControl, SmartcardInitialize, SmartcardT0Request, SmartcardT1Request, SmartcardUpdateCardCapabilities
> USBD.SYS: _USBD_CreateConfigurationRequestEx@8, _USBD_ParseConfigurationDescriptorEx@28, _USBD_ParseDescriptors@16
> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: OMNIKEY AG
copyright....: Copyright (c) 2000 - 2004 OMNIKEY AG
product......: PC/SC IFD handler for CCID compliant CardMan
description..: PC/SC IFD handler for CCID compliant CardMan
original name: CXBU0WDM.SYS
internal name: CXBU0WDM
file version.: 1.1.0.13
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

File File.ex received on 2009.10.22 17:06:05 (UTC)
Current status: finished

Result: 4/41 (9.76%)
Compact Print results 
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.22 -
AhnLab-V3 5.0.0.2 2009.10.22 -
AntiVir 7.9.1.44 2009.10.22 -
Antiy-AVL 2.0.3.7 2009.10.22 -
Authentium 5.1.2.4 2009.10.22 -
Avast 4.8.1351.0 2009.10.21 -
AVG 8.5.0.423 2009.10.22 -
BitDefender 7.2 2009.10.22 -
CAT-QuickHeal 10.00 2009.10.22 Win32.TrojanDownloader.Tibs.4
ClamAV 0.94.1 2009.10.22 -
Comodo 2692 2009.10.22 -
DrWeb 5.0.0.12182 2009.10.22 Trojan.Botnetlog.11
eSafe 7.0.17.0 2009.10.22 -
eTrust-Vet 35.1.7079 2009.10.22 -
F-Prot 4.5.1.85 2009.10.22 -
F-Secure 9.0.15370.0 2009.10.22 -
Fortinet 3.120.0.0 2009.10.22 -
GData 19 2009.10.22 -
Ikarus T3.1.1.72.0 2009.10.22 -
Jiangmin 11.0.800 2009.10.22 -
K7AntiVirus 7.10.877 2009.10.22 -
Kaspersky 7.0.0.125 2009.10.22 -
McAfee 5779 2009.10.22 -
McAfee+Artemis 5779 2009.10.22 -
McAfee-GW-Edition 6.8.5 2009.10.22 -
Microsoft 1.5202 2009.10.22 -
NOD32 4533 2009.10.22 -
Norman 6.03.02 2009.10.22 -
nProtect 2009.1.8.0 2009.10.22 -
Panda 10.0.2.2 2009.10.21 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.22 Medium Risk Malware
Rising 21.52.34.00 2009.10.22 -
Sophos 4.46.0 2009.10.22 -
Sunbelt 3.2.1858.2 2009.10.22 -
Symantec 1.4.4.12 2009.10.22 -
TheHacker 6.5.0.2.051 2009.10.22 -
TrendMicro 8.950.0.1094 2009.10.22 -
VBA32 3.12.10.11 2009.10.22 -
ViRobot 2009.10.22.2001 2009.10.22 Adware.AntivirusPro2010.R.17409
VirusBuster 4.6.5.0 2009.10.22 -
Additional information
File size: 17408 bytes
MD5  : 55ce22db7f491500db143bc1dcf821ed
SHA1  : ad6bf8ec413ffbebeb2c786662ad62a56ac196be
SHA256: 85185079d0f62c95eaf48615cfbe6791cc5e0ab7ada0adf2725c7862e83a75ce
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4ADCDE48 (Mon Oct 19 23:46:48 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2C0 0x400 4.63 077af3b8aa039f9296f0248b7dc52a5b
.rdata 0x2000 0xF2 0x200 2.15 58cb2c7d082c5cece5509f425453d83f
.data 0x3000 0xF8 0x200 2.86 59a6579d2d1b13e176d04ae801d22b3a
.rsrc 0x4000 0x36B8 0x3800 7.83 28dc6f758ca2d514ed68558c1e33a3b7

( 2 imports )

> crypt32.dll: CertFreeCRLContext
> kernel32.dll: LoadLibraryA, ReadFile, ExitProcess, CreateFileA, CloseHandle

( 0 exports )

TrID  : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:rIkyaucJ9Y++XMhSVCCtj3tsqwU2/VwrCETPH9:LX/hkNZTwD/qCKPH
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=6B8EA49F00F12423449A0098B0EED900534CDBC8
PEiD  : -
RDS  : NSRL Reference Data Set
-

Her er de første to logs fra de oploadede filer.
er det gjort rigtigt?

Skrevet fre. d. 23. oktober 2009 kl. 13:13:50| #11

f-arn
f-arn (24.175 point)
Prøv lige c:\documents and settings\reception1\menuen start\programmer\start\zavupd32.exe igen.

Skrevet fre. d. 23. oktober 2009 kl. 13:18:32| #12

crasser83
crasser83 (15.495 point)
File File.ex received on 2009.10.22 17:06:05 (UTC)
Current status: finished

Result: 4/41 (9.76%)
Compact Print results 
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.10.22 -
AhnLab-V3 5.0.0.2 2009.10.22 -
AntiVir 7.9.1.44 2009.10.22 -
Antiy-AVL 2.0.3.7 2009.10.22 -
Authentium 5.1.2.4 2009.10.22 -
Avast 4.8.1351.0 2009.10.21 -
AVG 8.5.0.423 2009.10.22 -
BitDefender 7.2 2009.10.22 -
CAT-QuickHeal 10.00 2009.10.22 Win32.TrojanDownloader.Tibs.4
ClamAV 0.94.1 2009.10.22 -
Comodo 2692 2009.10.22 -
DrWeb 5.0.0.12182 2009.10.22 Trojan.Botnetlog.11
eSafe 7.0.17.0 2009.10.22 -
eTrust-Vet 35.1.7079 2009.10.22 -
F-Prot 4.5.1.85 2009.10.22 -
F-Secure 9.0.15370.0 2009.10.22 -
Fortinet 3.120.0.0 2009.10.22 -
GData 19 2009.10.22 -
Ikarus T3.1.1.72.0 2009.10.22 -
Jiangmin 11.0.800 2009.10.22 -
K7AntiVirus 7.10.877 2009.10.22 -
Kaspersky 7.0.0.125 2009.10.22 -
McAfee 5779 2009.10.22 -
McAfee+Artemis 5779 2009.10.22 -
McAfee-GW-Edition 6.8.5 2009.10.22 -
Microsoft 1.5202 2009.10.22 -
NOD32 4533 2009.10.22 -
Norman 6.03.02 2009.10.22 -
nProtect 2009.1.8.0 2009.10.22 -
Panda 10.0.2.2 2009.10.21 -
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.22 Medium Risk Malware
Rising 21.52.34.00 2009.10.22 -
Sophos 4.46.0 2009.10.22 -
Sunbelt 3.2.1858.2 2009.10.22 -
Symantec 1.4.4.12 2009.10.22 -
TheHacker 6.5.0.2.051 2009.10.22 -
TrendMicro 8.950.0.1094 2009.10.22 -
VBA32 3.12.10.11 2009.10.22 -
ViRobot 2009.10.22.2001 2009.10.22 Adware.AntivirusPro2010.R.17409
VirusBuster 4.6.5.0 2009.10.22 -
Additional information
File size: 17408 bytes
MD5  : 55ce22db7f491500db143bc1dcf821ed
SHA1  : ad6bf8ec413ffbebeb2c786662ad62a56ac196be
SHA256: 85185079d0f62c95eaf48615cfbe6791cc5e0ab7ada0adf2725c7862e83a75ce
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4ADCDE48 (Mon Oct 19 23:46:48 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2C0 0x400 4.63 077af3b8aa039f9296f0248b7dc52a5b
.rdata 0x2000 0xF2 0x200 2.15 58cb2c7d082c5cece5509f425453d83f
.data 0x3000 0xF8 0x200 2.86 59a6579d2d1b13e176d04ae801d22b3a
.rsrc 0x4000 0x36B8 0x3800 7.83 28dc6f758ca2d514ed68558c1e33a3b7

( 2 imports )

> crypt32.dll: CertFreeCRLContext
> kernel32.dll: LoadLibraryA, ReadFile, ExitProcess, CreateFileA, CloseHandle

( 0 exports )

TrID  : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:rIkyaucJ9Y++XMhSVCCtj3tsqwU2/VwrCETPH9:LX/hkNZTwD/qCKPH
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=6B8EA49F00F12423449A0098B0EED900534CDBC8
PEiD  : -
RDS  : NSRL Reference Data Set
-

Skrevet fre. d. 23. oktober 2009 kl. 13:34:46| #13

f-arn
f-arn (24.175 point)
Prøv lige begge filer hos den anden!

Skrevet fre. d. 23. oktober 2009 kl. 13:50:23| #14

crasser83
crasser83 (15.495 point)
Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.

   



--------------------------------------------------------------------------------

Filename:  zavupd32.exe 
Status:  Scan finished. 0 out of 21 scanners reported malware.
Scan taken on:  Thu 22 Oct 2009 06:39:22 (CET) Permalink
   


--------------------------------------------------------------------------------
Additional info
File size:  17408 bytes 
Filetype:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit 
MD5:  55ce22db7f491500db143bc1dcf821ed 
SHA1:  ad6bf8ec413ffbebeb2c786662ad62a56ac196be 







Scanners
  2009-10-20 Found nothing  2009-10-22 Found nothing
  2009-10-22 Found nothing  2009-10-22 Found nothing
  2009-10-21 Found nothing  2009-10-22 Found nothing
  2009-10-21 Found nothing  2009-10-21 Found nothing
  2009-10-21 Found nothing  2009-10-21 Found nothing
  2009-10-22 Found nothing  2009-10-21 Found nothing
  2009-10-22 Found nothing  2009-10-21 Found nothing
  2009-10-22 Found nothing  2009-10-22 Found nothing
  2009-10-22 Found nothing  2009-10-21 Found nothing
  2009-10-21 Found nothing  2009-10-21 Found nothing
  2009-10-22 Found nothing   



Jotti's malware scan
Filename:  cxbu0wdm.sys 
Status:  Scan finished. 0 out of 21 scanners reported malware.
Scan taken on:  Fri 23 Oct 2009 13:45:37 (CET) Permalink
   


--------------------------------------------------------------------------------
Additional info
File size:  52026 bytes 
Filetype:  PE32 executable for MS Windows (native) Intel 80386 32-bit 
MD5:  008a09fa9c431d36bc3fa922f0cf3e55 
SHA1:  99df11a50e102b6dba8b723a46dd840e806bd5b6 







Scanners
  2009-10-23 Found nothing  2009-10-23 Found nothing
  2009-10-23 Found nothing  2009-10-23 Found nothing
  2009-10-22 Found nothing  2009-10-23 Found nothing
  2009-10-23 Found nothing  2009-10-23 Found nothing
  2009-10-23 Found nothing  2009-10-22 Found nothing
  2009-10-23 Found nothing  2009-10-22 Found nothing
  2009-10-23 Found nothing  2009-10-22 Found nothing
  2009-10-23 Found nothing  2009-10-23 Found nothing
  2009-10-23 Found nothing  2009-10-22 Found nothing
  2009-10-22 Found nothing  2009-10-22 Found nothing
  2009-10-23 Found nothing   



--------------------------------------------------------------------------------
Den siger generelt at den ikke finder noget...

Skrevet fre. d. 23. oktober 2009 kl. 14:01:12| #15

f-arn
f-arn (24.175 point)
Ok

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier  indholdet mellem  linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

-------------

Killall::
Snapshot::
DDS::
mRun: [Regedit32] c:\windows\system32\regedit.exe


--------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Skrevet fre. d. 23. oktober 2009 kl. 14:17:27| #16

crasser83
crasser83 (15.495 point)
der er noget der hedder "Trend Micro client-sever security" som Combo brokker sig over. Det kan jeg ikke slå fra...

Skrevet fre. d. 23. oktober 2009 kl. 14:37:10| #17

crasser83
crasser83 (15.495 point)
ComboFix 09-10-22.01 - Reception1 23-10-2009 14:25.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1015.501 [GMT 2:00]
Kører fra: C:\ComboFix.exe
Kommandoer benyttet :: C:\CFScript.txt.txt
AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning enabled* (Updated) {9562DEF8-B4C4-4848-946E-F4F43834FB9F}
FW: Trend Micro Client-Server Security Agent Firewall *disabled* {9562DEF8-B4C4-4848-946E-F4F43834FB9F}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\23930421
c:\documents and settings\All Users\Application Data\23930421\23930421.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\yviwawod.scr
c:\documents and settings\All Users\Dokumenter\hyxihojim.dl
c:\documents and settings\All Users\Dokumenter\odymebas.bin
c:\documents and settings\All Users\Dokumenter\uvuq.reg
c:\documents and settings\All Users\Dokumenter\xevusud.dll
c:\documents and settings\All Users\Dokumenter\ynyke.sys
c:\documents and settings\Reception1\Application Data\apuhiqud.bat
c:\documents and settings\Reception1\Application Data\ecizaj.sys
c:\documents and settings\Reception1\Application Data\gekus.ban
c:\documents and settings\Reception1\Application Data\habadyt.com
c:\documents and settings\Reception1\Application Data\iqefut.vbs
c:\documents and settings\Reception1\Application Data\lizkavd.exe
c:\documents and settings\Reception1\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Reception1\Application Data\qibulasy._dl
c:\documents and settings\Reception1\Application Data\rynotexih.vbs
c:\documents and settings\Reception1\Application Data\seres.exe
c:\documents and settings\Reception1\Application Data\sibu.pif
c:\documents and settings\Reception1\Application Data\svcst.exe
c:\documents and settings\Reception1\Application Data\uhyk.com
c:\documents and settings\Reception1\Application Data\wiaserva.log
c:\documents and settings\Reception1\Application Data\ylyx._dl
c:\documents and settings\Reception1\Cookies\esoqaxubu.exe
c:\documents and settings\Reception1\Cookies\mekygyneh.bin
c:\documents and settings\Reception1\Cookies\nycyfaq.lib
c:\documents and settings\Reception1\Cookies\obewygusy._sy
c:\documents and settings\Reception1\Cookies\ojof.lib
c:\documents and settings\Reception1\Lokale indstillinger\Application Data\apuz.scr
c:\documents and settings\Reception1\Lokale indstillinger\Application Data\evuzoti.bat
c:\documents and settings\Reception1\Lokale indstillinger\Application Data\inewavutaj.bat
c:\documents and settings\Reception1\Lokale indstillinger\Application Data\xuhavaqyw.exe
c:\documents and settings\Reception1\Lokale indstillinger\Application Data\ykydo._dl
c:\documents and settings\Reception1\Lokale indstillinger\Temporary Internet Files\aquf.bin
c:\documents and settings\Reception1\Lokale indstillinger\Temporary Internet Files\balizeqaqe.reg
c:\documents and settings\Reception1\Lokale indstillinger\Temporary Internet Files\evovec.com
c:\documents and settings\Reception1\Lokale indstillinger\Temporary Internet Files\icizeba.bin
c:\documents and settings\Reception1\Lokale indstillinger\Temporary Internet Files\iqamiqaxyh.dl
c:\documents and settings\Reception1\Lokale indstillinger\Temporary Internet Files\roxo.vbs
c:\documents and settings\Reception1\Menuen Start\Programmer\AntivirusPro_2010
c:\documents and settings\Reception1\Menuen Start\Programmer\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Reception1\Menuen Start\Programmer\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\Reception1\Menuen Start\Programmer\Security Tool.lnk
c:\documents and settings\Reception1\restorer64_a.exe
c:\documents and settings\Reception1\Skrivebord\AntivirusPro_2010.lnk
c:\documents and settings\Reception1\Skrivebord\Security Tool.lnk
c:\programmer\AntivirusPro_2010
c:\programmer\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\programmer\AntivirusPro_2010\AntivirusPro_2010.exe
c:\programmer\AntivirusPro_2010\AVEngn.dll
c:\programmer\AntivirusPro_2010\data\daily.cvd
c:\programmer\AntivirusPro_2010\htmlayout.dll
c:\programmer\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\programmer\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\programmer\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\programmer\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\programmer\AntivirusPro_2010\pthreadVC2.dll
c:\programmer\AntivirusPro_2010\Uninstall.exe
c:\programmer\AntivirusPro_2010\wscui.cpl
c:\programmer\Fælles filer\axapyvos._dl
c:\programmer\Fælles filer\dogyzip.ban
c:\programmer\Fælles filer\ifubymymo.bat
c:\programmer\Fælles filer\ipig.dll
c:\programmer\Fælles filer\neloqupata.ban
c:\programmer\Fælles filer\ytiqojuno.bin
c:\programmer\F‘lles filer\ifubymymo.bat
c:\recycler\S-1-5-21-1177238915-1078145449-839522115-500
c:\windows\ejovasadyd.vbs
c:\windows\emutosaru.bin
c:\windows\sidyqyboc.ban
c:\windows\socegaji.sys
c:\windows\system32\drivers\Pmloader.sys
c:\windows\system32\otaqokihe.vbs
c:\windows\system32\qtplugin.exe
c:\windows\system32\restorer64_a.exe
c:\windows\system32\ruco.dll
c:\windows\system32\ulubafe.ban
c:\windows\wowezej.dll

----- BITS: Mulige inficerede internetsteder -----

hxxp://j+|Cv+@J:NGD_DQ{zcxLJS@BdJrIJava Update
.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-09-23 til 2009-10-23  )))))))))))))))))))))))))))))))))))
.

2009-10-23 10:53 . 2009-10-23 10:53    3351787    ----a-r-    C:\ComboFix.exe
2009-10-22 18:05 . 2009-10-22 18:05    17625    ----a-w-    c:\windows\ugytyjydab.dat
2009-10-22 17:13 . 2009-10-22 17:13    --------    d-----w-    c:\documents and settings\Reception1\Application Data\Malwarebytes
2009-10-22 17:13 . 2009-10-22 17:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 16:23 . 2009-10-22 16:23    --------    d-----w-    c:\programmer\Enigma Software Group
2009-10-22 14:54 . 2009-10-22 14:54    --------    d-----w-    c:\programmer\Alwil Software
2009-10-21 13:59 . 2009-10-21 13:59    18006    ----a-w-    c:\windows\system32\vykeneh.com
2009-10-21 13:59 . 2009-10-21 13:59    11706    ----a-w-    c:\windows\system32\iryxojufu.com
2009-10-21 13:55 . 2009-10-22 15:38    42368    -c--a-w-    c:\windows\system32\dllcache\agp440.sys
2009-10-15 07:08 . 2008-10-16 12:06    208744    ----a-w-    c:\windows\system32\muweb.dll
2009-10-15 07:08 . 2008-10-16 12:06    268648    ----a-w-    c:\windows\system32\mucltui.dll
2009-10-14 08:24 . 2009-10-23 12:10    --------    d-----w-    c:\documents and settings\Reception1\Tracing
2009-10-14 08:24 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Microsoft
2009-10-14 08:24 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Windows Live SkyDrive
2009-10-14 08:23 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Windows Live
2009-10-14 08:16 . 2009-10-14 08:16    --------    d-----w-    c:\programmer\Fælles filer\Windows Live
2009-09-30 12:43 . 2009-09-30 12:43    278528    ----a-w-    c:\windows\system32\DSJPG.dll
2009-09-30 12:43 . 2009-09-30 12:43    260096    ----a-w-    c:\windows\system32\TMDGUI20.dll
2009-09-30 12:42 . 2009-09-30 12:42    279552    ----a-w-    c:\windows\system32\DSJPG_12Bit.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 12:31 . 2009-10-23 12:31    58729    ----a-w-    c:\windows\system32\restorer64_a.exe
2009-10-23 12:31 . 2009-10-23 12:31    58729    ----a-w-    c:\documents and settings\Reception1\restorer64_a.exe
2009-10-23 12:13 . 2008-06-18 14:33    47276    ----a-w-    c:\windows\system32\perfc006.dat
2009-10-23 12:13 . 2008-06-18 14:33    324960    ----a-w-    c:\windows\system32\perfh006.dat
2009-10-21 13:59 . 2009-10-21 13:59    18879    ----a-w-    c:\programmer\Fælles filer\ryrewut.db
2009-10-21 13:59 . 2009-10-21 13:59    16445    ----a-w-    c:\programmer\Fælles filer\zobawot.db
2009-10-21 11:02 . 2008-11-05 14:07    --------    d-----w-    c:\programmer\DYMO Label
2009-10-20 12:39 . 2009-04-16 07:05    0    ----a-w-    c:\documents and settings\Reception1\temp.dat
2009-10-14 08:24 . 2009-05-07 10:28    18632    ----a-w-    c:\documents and settings\Reception1\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-10-01 06:02 . 2008-11-05 11:34    --------    d-----w-    c:\programmer\DentalSuite
2009-09-30 12:45 . 2009-05-18 10:15    282112    ----a-w-    c:\windows\MiniWeb.exe
2009-09-30 12:43 . 2009-05-18 10:15    144896    ----a-w-    c:\windows\system32\dsxml.dll
2009-09-30 12:43 . 2009-05-18 10:15    155648    ----a-w-    c:\windows\system32\dsibapi.dll
2009-09-30 12:42 . 2009-05-18 10:15    287232    ----a-w-    c:\windows\system32\DSPNG.dll
2009-09-30 12:42 . 2009-06-22 07:22    101888    ----a-w-    c:\windows\system32\ToolBox20.dll
2009-09-30 12:42 . 2009-05-18 10:15    109568    ----a-w-    c:\windows\system32\dszlib.dll
2009-09-11 14:19 . 2008-06-18 14:33    136192    ----a-w-    c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2008-06-18 14:33    58880    ----a-w-    c:\windows\system32\msasn1.dll
2009-08-29 07:28 . 2008-06-18 14:33    832512    ----a-w-    c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2008-06-18 14:33    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2008-06-18 14:33    17408    ------w-    c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2008-06-18 14:33    247326    ----a-w-    c:\windows\system32\strmdll.dll
2009-08-05 09:00 . 2008-06-18 14:33    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2004-08-26 17:50    2026496    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2009-08-04 17:29 . 2004-08-26 17:50    2147840    ----a-w-    c:\windows\system32\ntoskrnl.exe
2009-07-26 14:44 . 2009-07-26 14:44    48448    ----a-w-    c:\windows\system32\sirenacm.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"OfficeScanNT Monitor"="c:\programmer\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Easy-PrintToolBox"="c:\programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"restorer64_a"="c:\windows\system32\restorer64_a.exe" [2009-10-23 58729]
"sysgif32"="c:\windows\Temp\wpv141255703227.exe" [2009-10-23 21504]
"77839034"="c:\docume~1\ALLUSE~1\APPLIC~1\77839034\77839034.exe" [2009-10-23 1050665]
"RegistryMonitor1"="c:\windows\system32\qtplugin.exe" [2009-10-23 292352]
"PromoReg"="c:\windows\Temp\_ex-08.exe" [2009-10-23 419840]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Reception1\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-5 393216]
zavupd32.exe [2008-4-14 17408]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
SetWeb.lnk - c:\programmer\SetWeb\SetWeb.exe [2008-11-5 847872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe rundll32.exe cpcp.cpo bef0regiiav"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\DentalSuite\\DentalSuite.exe"=
"c:\\Programmer\\DentalSuite\\VNC\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 TmFilter;Trend Micro Filter;c:\programmer\Trend Micro\Client Server Security Agent\tmxpflt.sys [16-08-2008 03:00 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\programmer\Trend Micro\Client Server Security Agent\tmpreflt.sys [16-08-2008 03:00 36368]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [05-11-2008 15:17 52026]
.
.
------- Yderligere scanning -------
.
uStart Page = dk.msn.com//
IE: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: danid.dk
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://192.168.18.11:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} - hxxps://activex.dataloen.dk/controls/Dataloen3341.CAB
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\programmer\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-23930421 - c:\docume~1\ALLUSE~1\APPLIC~1\23930421\23930421.exe
AddRemove-Mozilla Firefox (3.0.11) - c:\programmer\Mozilla Firefox\uninstall\helper.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 14:30
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\windows\system32\qtplugin.exe 292352 bytes executable
c:\windows\system32\restorer64_a.exe 58729 bytes executable

scanning gennemført med succes
skjulte filer: 2

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\programmer\SetWeb\setcsp.dll
c:\programmer\SetWeb\csputil.dll
c:\programmer\SetWeb\ssiutil.dll
c:\programmer\SetWeb\ssides.dll
c:\programmer\SetWeb\ssider.dll
c:\programmer\SetWeb\ssihash.dll
c:\programmer\SetWeb\ssirsa.dll
c:\programmer\SetWeb\SC.dll
c:\programmer\SetWeb\rsi32.dll
c:\programmer\SetWeb\ssirsakg.dll
c:\programmer\SetWeb\ssipk15.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\combofix\CF22928.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\programmer\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\docume~1\RECEPT~1\LOKALE~1\Temp\6.tmp
c:\windows\TEMP\AN981B.EXE
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Gennemført tid: 2009-10-23 14:35 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-10-23 12:35

Pre-Kørsel: 69.233.582.080 byte ledig
Post-Kørsel: 69.743.525.888 byte ledig

- - End Of File - - 06F9E56B79D94644644874FAE9179F18

Skrevet fre. d. 23. oktober 2009 kl. 14:40:25| #18

crasser83
crasser83 (15.495 point)
Det så ud som om den var væk... for en tid. Ikonerne kom tilbage på skrivebordet, der var ingen pop-ups eller ikoner i startlinien. Men efter ca. 1 minut kom det hele gradvist tilbage...

Skrevet fre. d. 23. oktober 2009 kl. 15:40:48| #19

f-arn
f-arn (24.175 point)
Højreklik der hvor combofix ligger og vælg ny->tekstdokument og kopier indholdet mellem  linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::
File::
c:\windows\system32\restorer64_a.exe
c:\windows\Temp\wpv141255703227.exe
c:\docume~1\ALLUSE~1\APPLIC~1\77839034\77839034.exe
c:\windows\Temp\_ex-08.exe
c:\windows\system32\DSJPG.dll
c:\windows\system32\TMDGUI20.dll
c:\windows\system32\DSJPG_12Bit.dll
Filelook::
c:\windows\system32\dllcache\agp440.sys
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"restorer64_a"=-
"sysgif32"=-
"77839034"=-
"PromoReg"=-


--------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Skrevet fre. d. 23. oktober 2009 kl. 16:00:11| #20

f-arn
f-arn (24.175 point)
Jeg glemtenoget så hvis du ikke har nået at køre den endnu så læg lige et indlæg.

Skrevet fre. d. 23. oktober 2009 kl. 16:25:23| #21

crasser83
crasser83 (15.495 point)
Den kører stadig...?! Skal jeg annulere?

Skrevet fre. d. 23. oktober 2009 kl. 16:26:34| #22

crasser83
crasser83 (15.495 point)
Sidder foran computeren, så jeg gør det så snart du svarer. :-)

Skrevet fre. d. 23. oktober 2009 kl. 16:27:54| #23

crasser83
crasser83 (15.495 point)
Og jeg svarer dig vha. Min iPhone. :-)

Skrevet fre. d. 23. oktober 2009 kl. 16:35:56| #24

f-arn
f-arn (24.175 point)
Nej, det kan være Combofix selv ta'r den. Jeg glemte bare et start punkt der skulle være slettet.

Skrevet fre. d. 23. oktober 2009 kl. 16:41:58| #25

crasser83
crasser83 (15.495 point)
Men nu har den scannet i snart en time. Skal den bare fortsætte? Det tog ikke en brøkdel af den tid ved 1. Scannning.

Skrevet fre. d. 23. oktober 2009 kl. 16:46:48| #26

f-arn
f-arn (24.175 point)
ja, lad den fortsætte. Det er ikke usædvanligt.

Skrevet fre. d. 23. oktober 2009 kl. 17:26:06| #27

crasser83
crasser83 (15.495 point)
Stadig ingenting sket... :-(

Skrevet fre. d. 23. oktober 2009 kl. 17:50:40| #28

crasser83
crasser83 (15.495 point)
Nå, jeg lader den stå til kl. 20, så burde den vel være færdig?

Skrevet fre. d. 23. oktober 2009 kl. 18:02:39| #29

f-arn
f-arn (24.175 point)
Hvad skriver den? Virker det som om den er gået i stå?

Skrevet fre. d. 23. oktober 2009 kl. 20:40:41| #30

crasser83
crasser83 (15.495 point)
Den står og blinker som om den stadig kører... Men det har den jo gjort i 4 timer nu...

Skrevet fre. d. 23. oktober 2009 kl. 21:15:21| #31

f-arn
f-arn (24.175 point)
Så prøv at se om du kan stoppe den. Prøv først Ctrl-alt-del. Ellers må du prøve reboot knappen.

Skrevet fre. d. 23. oktober 2009 kl. 21:35:55| #32

crasser83
crasser83 (15.495 point)
Den startes hermed på ny...

Skrevet lør. d. 24. oktober 2009 kl. 09:48:56| #33

f-arn
f-arn (24.175 point)
Tjjaaa  jeg vil da gerne høre hvordan det gik.

Skrevet lør. d. 24. oktober 2009 kl. 12:09:18| #34

crasser83
crasser83 (15.495 point)
Jeg genstartede den i går ved en 21:30 tiden da jeg skrev sidste gang og den gik i gang med at scanne igen. Har endnu ikke set om denne scanning også er gået i stå. Skriver så snart jeg har nyt. Regner med at det bliver søndag eftermiddag eller mandag morgen.

Skrevet søn. d. 25. oktober 2009 kl. 23:10:58| #35

crasser83
crasser83 (15.495 point)
Jeg er klar foran computeren fra i morgen kl. 9. FYI. :-)

Skrevet man. d. 26. oktober 2009 kl. 10:13:32| #36

crasser83
crasser83 (15.495 point)
Hej Igen.
Den er frosset igen... Nu har den stået siden fredag aften og er ikke kommet længere end "scanning for infected files". Den står og blinker i programmet, men...

Nogen forslag?

Skrevet man. d. 26. oktober 2009 kl. 12:05:22| #37

crasser83
crasser83 (15.495 point)
Jeg har kørt den oprindelige Combpfix:
-------------

Killall::
Snapshot::
DDS::
mRun: [Regedit32] c:\windows\system32\regedit.exe

--------------
Og lagt loggen herind. Venter på dit svar.

ComboFix 09-10-25.02 - Reception1 26-10-2009 11:52.2.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1015.566 [GMT 1:00]
Kører fra: C:\ComboFix.exe
Kommandoer benyttet :: C:\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091025-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning enabled* (Updated) {9562DEF8-B4C4-4848-946E-F4F43834FB9F}
FW: Trend Micro Client-Server Security Agent Firewall *disabled* {9562DEF8-B4C4-4848-946E-F4F43834FB9F}
* Dannede nyt systemgendannelsespunkt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\77839034
c:\documents and settings\All Users\Application Data\77839034\77839034.exe
c:\documents and settings\All Users\Application Data\dofa.ban
c:\documents and settings\All Users\Application Data\usuvyw.com
c:\documents and settings\All Users\Dokumenter\kanixocap.bat
c:\documents and settings\Reception1\Application Data\aqem._sy
c:\documents and settings\Reception1\Application Data\qazetu.reg
c:\documents and settings\Reception1\Application Data\qigesag.dl
c:\documents and settings\Reception1\Application Data\wiaserva.log
c:\documents and settings\Reception1\Application Data\ykosare.com
c:\documents and settings\Reception1\Cookies\huqutosohi.bat
c:\documents and settings\Reception1\Lokale indstillinger\Application Data\asijisehi.dll
c:\documents and settings\Reception1\Lokale indstillinger\Application Data\epaq.bin
c:\documents and settings\Reception1\Lokale indstillinger\Application Data\obelox._dl
c:\documents and settings\Reception1\Lokale indstillinger\Temporary Internet Files\ocugyvakev.com
c:\documents and settings\Reception1\Lokale indstillinger\Temporary Internet Files\yfytenif.com
c:\documents and settings\Reception1\Lokale indstillinger\Temporary Internet Files\yvomotuzoh.com
c:\documents and settings\Reception1\Menuen Start\Programmer\Security Tool.lnk
c:\documents and settings\Reception1\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Reception1\restorer64_a.exe
c:\documents and settings\Reception1\Skrivebord\Security Tool.lnk
c:\programmer\Fælles filer\ahix.exe
c:\windows\pavamimih.pif
c:\windows\system32\cpcp.cpo
c:\windows\system32\oqykub.reg
c:\windows\system32\qtplugin.exe
c:\windows\system32\restorer64_a.exe
c:\windows\system32\TMDGUI20.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-09-26 til 2009-10-26  )))))))))))))))))))))))))))))))))))
.

2009-10-26 10:19 . 2009-09-15 11:54    52368    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-10-26 10:19 . 2009-09-15 11:54    23152    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-10-26 10:19 . 2009-09-15 11:53    27408    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-10-26 10:19 . 2009-09-15 11:56    93424    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-10-26 10:19 . 2009-09-15 11:56    94160    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-10-26 10:19 . 2009-09-15 11:55    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-10-26 10:19 . 2009-09-15 11:55    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-10-26 10:19 . 2009-09-15 11:53    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-10-26 10:19 . 2009-09-15 11:59    1279968    ----a-w-    c:\windows\system32\aswBoot.exe
2009-10-26 10:19 . 2009-10-26 10:19    --------    d-----w-    c:\programmer\Alwil Software
2009-10-23 10:53 . 2009-10-26 10:50    3436986    ----a-r-    C:\ComboFix.exe
2009-10-22 18:05 . 2009-10-22 18:05    17625    ----a-w-    c:\windows\ugytyjydab.dat
2009-10-22 17:13 . 2009-10-22 17:13    --------    d-----w-    c:\documents and settings\Reception1\Application Data\Malwarebytes
2009-10-22 17:13 . 2009-10-22 17:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 13:59 . 2009-10-21 13:59    18006    ----a-w-    c:\windows\system32\vykeneh.com
2009-10-21 13:59 . 2009-10-21 13:59    11706    ----a-w-    c:\windows\system32\iryxojufu.com
2009-10-21 13:55 . 2009-10-22 15:38    42368    -c--a-w-    c:\windows\system32\dllcache\agp440.sys
2009-10-15 07:08 . 2008-10-16 12:06    208744    ----a-w-    c:\windows\system32\muweb.dll
2009-10-15 07:08 . 2008-10-16 12:06    268648    ----a-w-    c:\windows\system32\mucltui.dll
2009-10-14 08:24 . 2009-10-26 10:44    --------    d-----w-    c:\documents and settings\Reception1\Tracing
2009-10-14 08:24 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Microsoft
2009-10-14 08:24 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Windows Live SkyDrive
2009-10-14 08:23 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Windows Live
2009-10-14 08:16 . 2009-10-14 08:16    --------    d-----w-    c:\programmer\Fælles filer\Windows Live
2009-09-30 12:43 . 2009-09-30 12:43    278528    ----a-w-    c:\windows\system32\DSJPG.dll
2009-09-30 12:42 . 2009-09-30 12:42    279552    ----a-w-    c:\windows\system32\DSJPG_12Bit.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 10:47 . 2008-06-18 14:33    47276    ----a-w-    c:\windows\system32\perfc006.dat
2009-10-26 10:47 . 2008-06-18 14:33    324960    ----a-w-    c:\windows\system32\perfh006.dat
2009-10-23 13:12 . 2009-10-23 13:12    15050    ----a-w-    c:\programmer\Fælles filer\anawyk.db
2009-10-21 13:59 . 2009-10-21 13:59    18879    ----a-w-    c:\programmer\Fælles filer\ryrewut.db
2009-10-21 13:59 . 2009-10-21 13:59    16445    ----a-w-    c:\programmer\Fælles filer\zobawot.db
2009-10-21 11:02 . 2008-11-05 14:07    --------    d-----w-    c:\programmer\DYMO Label
2009-10-20 12:39 . 2009-04-16 07:05    0    ----a-w-    c:\documents and settings\Reception1\temp.dat
2009-10-14 08:24 . 2009-05-07 10:28    18632    ----a-w-    c:\documents and settings\Reception1\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-10-01 06:02 . 2008-11-05 11:34    --------    d-----w-    c:\programmer\DentalSuite
2009-09-30 12:45 . 2009-05-18 10:15    282112    ----a-w-    c:\windows\MiniWeb.exe
2009-09-30 12:43 . 2009-05-18 10:15    144896    ----a-w-    c:\windows\system32\dsxml.dll
2009-09-30 12:43 . 2009-05-18 10:15    155648    ----a-w-    c:\windows\system32\dsibapi.dll
2009-09-30 12:42 . 2009-05-18 10:15    287232    ----a-w-    c:\windows\system32\DSPNG.dll
2009-09-30 12:42 . 2009-06-22 07:22    101888    ----a-w-    c:\windows\system32\ToolBox20.dll
2009-09-30 12:42 . 2009-05-18 10:15    109568    ----a-w-    c:\windows\system32\dszlib.dll
2009-09-11 14:19 . 2008-06-18 14:33    136192    ----a-w-    c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2008-06-18 14:33    58880    ----a-w-    c:\windows\system32\msasn1.dll
2009-08-29 07:28 . 2008-06-18 14:33    832512    ------w-    c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2008-06-18 14:33    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2008-06-18 14:33    17408    ------w-    c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2008-06-18 14:33    247326    ----a-w-    c:\windows\system32\strmdll.dll
2009-08-05 09:00 . 2008-06-18 14:33    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2004-08-26 17:50    2026496    ------w-    c:\windows\system32\ntkrnlpa.exe
2009-08-04 17:29 . 2004-08-26 17:50    2147840    ------w-    c:\windows\system32\ntoskrnl.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"OfficeScanNT Monitor"="c:\programmer\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Easy-PrintToolBox"="c:\programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Reception1\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
SetWeb.lnk - c:\programmer\SetWeb\SetWeb.exe [2008-11-5 847872]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\DentalSuite\\DentalSuite.exe"=
"c:\\Programmer\\DentalSuite\\VNC\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26-10-2009 11:19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26-10-2009 11:19 20560]
R2 TmFilter;Trend Micro Filter;c:\programmer\Trend Micro\Client Server Security Agent\tmxpflt.sys [16-08-2008 02:00 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\programmer\Trend Micro\Client Server Security Agent\tmpreflt.sys [16-08-2008 02:00 36368]
S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [05-11-2008 14:17 52026]

--- Andre Services/Drivers i Hukommelsen ---

*Deregistered* - mbr
.
.
------- Yderligere scanning -------
.
uStart Page = dk.msn.com//
IE: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: danid.dk
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://192.168.18.11:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} - hxxps://activex.dataloen.dk/controls/Dataloen3341.CAB
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-restorer64_a - c:\windows\system32\restorer64_a.exe
HKLM-Run-77839034 - c:\docume~1\ALLUSE~1\APPLIC~1\77839034\77839034.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 11:56
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\combofix\CF8610.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Trend Micro\Client Server Security Agent\ntrtscan.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
c:\programmer\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\programmer\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
c:\programmer\OpenOffice.org 3\program\soffice.exe
c:\programmer\OpenOffice.org 3\program\soffice.bin
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
c:\windows\TEMP\DEECE0.EXE
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Gennemført tid: 2009-10-26 12:00 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-10-26 11:00
ComboFix2.txt  2009-10-23 12:35

Pre-Kørsel: 69.656.125.440 byte ledig
Post-Kørsel: 69.680.660.480 byte ledig

- - End Of File - - 7A52205E251BE30B6086830B7CBC8FF0

Skrevet man. d. 26. oktober 2009 kl. 17:41:45| #38

f-arn
f-arn (24.175 point)
Smid den combofix du har væk.

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Højreklik på skrivebordet og vælg ny->tekstdokument og kopier  indholdet mellem  linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt


--------------

[b]Killall::
Snapshot::

--------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Skrevet man. d. 26. oktober 2009 kl. 18:22:43| #39

crasser83
crasser83 (15.495 point)
Ok. Jeg prøver igen. Det er bare det problem at jeg ikke kan deaktivere det antivirusprogram der kører. Den kræver simpelthen en kode jeg ikke har.
Desuden gemte jeg Combofix under denne computer da skrivebordet var fuldstændig i kluddermor og intet der var derpå kunne se eller aktiveres. Det er dog blevet bedre nu og alle de mærkelige reklamer er også forsvundet, selvom Avast når jeg installere det stadig finder virus hist og her. Jeg gentager processen i morgen ved en 11-tiden. Den var forresten gået i stå over weekenden og stod og blinkede med det blå vindue hvor der står scanner efter osv. Den nåede aldrig til "1. runde, 1. osv.

Skrevet man. d. 26. oktober 2009 kl. 18:58:02| #40


Skrevet man. d. 26. oktober 2009 kl. 20:22:49| #41

f-arn
f-arn (24.175 point)
Vi prøver på en lidt anden måde, Smid den combofix du har væk:

Hent og gem Combofix på dit skrivebord som alg.exe:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Start alg.exe og følg anvisningerne.

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke

på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her: C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Skrevet ons. d. 28. oktober 2009 kl. 11:28:47| #42

crasser83
crasser83 (15.495 point)
Så er jeg tilbage på arbejdet og jeg har gjort som du bad om.

ComboFix 09-10-27.07 - Reception1 28-10-2009 11:22.3.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1015.477 [GMT 1:00]
Kører fra: c:\documents and settings\Reception1\Skrivebord\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091027-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro Client-Server Security Agent AntiVirus *On-access scanning enabled* (Updated) {9562DEF8-B4C4-4848-946E-F4F43834FB9F}
FW: Trend Micro Client-Server Security Agent Firewall *disabled* {9562DEF8-B4C4-4848-946E-F4F43834FB9F}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-09-28 til 2009-10-28  )))))))))))))))))))))))))))))))))))
.

2009-10-26 14:40 . 2009-09-15 11:54    52368    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-10-26 14:40 . 2009-09-15 11:54    23152    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-10-26 14:40 . 2009-09-15 11:53    27408    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-10-26 14:40 . 2009-09-15 11:56    93424    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-10-26 14:40 . 2009-09-15 11:56    94160    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-10-26 14:40 . 2009-09-15 11:55    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-10-26 14:40 . 2009-09-15 11:55    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-10-26 14:40 . 2009-09-15 11:53    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-10-26 14:40 . 2009-09-15 11:59    1279968    ----a-w-    c:\windows\system32\aswBoot.exe
2009-10-26 14:26 . 2009-10-26 14:26    --------    d-----w-    c:\programmer\DYMO Label
2009-10-26 10:19 . 2009-10-26 10:19    --------    d-----w-    c:\programmer\Alwil Software
2009-10-22 18:05 . 2009-10-22 18:05    17625    ----a-w-    c:\windows\ugytyjydab.dat
2009-10-22 17:13 . 2009-10-22 17:13    --------    d-----w-    c:\documents and settings\Reception1\Application Data\Malwarebytes
2009-10-22 17:13 . 2009-10-22 17:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 13:59 . 2009-10-21 13:59    18006    ----a-w-    c:\windows\system32\vykeneh.com
2009-10-21 13:59 . 2009-10-21 13:59    11706    ----a-w-    c:\windows\system32\iryxojufu.com
2009-10-21 13:55 . 2009-10-22 15:38    42368    -c--a-w-    c:\windows\system32\dllcache\agp440.sys
2009-10-15 07:08 . 2008-10-16 12:06    208744    ----a-w-    c:\windows\system32\muweb.dll
2009-10-15 07:08 . 2008-10-16 12:06    268648    ----a-w-    c:\windows\system32\mucltui.dll
2009-10-14 08:24 . 2009-10-26 15:07    --------    d-----w-    c:\documents and settings\Reception1\Tracing
2009-10-14 08:24 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Microsoft
2009-10-14 08:24 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Windows Live SkyDrive
2009-10-14 08:23 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Windows Live
2009-10-14 08:16 . 2009-10-14 08:16    --------    d-----w-    c:\programmer\Fælles filer\Windows Live
2009-09-30 12:43 . 2009-09-30 12:43    278528    ----a-w-    c:\windows\system32\DSJPG.dll
2009-09-30 12:42 . 2009-09-30 12:42    279552    ----a-w-    c:\windows\system32\DSJPG_12Bit.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 15:10 . 2008-06-18 14:33    47276    ----a-w-    c:\windows\system32\perfc006.dat
2009-10-26 15:10 . 2008-06-18 14:33    324960    ----a-w-    c:\windows\system32\perfh006.dat
2009-10-23 13:12 . 2009-10-23 13:12    15050    ----a-w-    c:\programmer\Fælles filer\anawyk.db
2009-10-21 13:59 . 2009-10-21 13:59    18879    ----a-w-    c:\programmer\Fælles filer\ryrewut.db
2009-10-21 13:59 . 2009-10-21 13:59    16445    ----a-w-    c:\programmer\Fælles filer\zobawot.db
2009-10-20 12:39 . 2009-04-16 07:05    0    ----a-w-    c:\documents and settings\Reception1\temp.dat
2009-10-14 08:24 . 2009-05-07 10:28    18632    ----a-w-    c:\documents and settings\Reception1\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-10-01 06:02 . 2008-11-05 11:34    --------    d-----w-    c:\programmer\DentalSuite
2009-09-30 12:45 . 2009-05-18 10:15    282112    ----a-w-    c:\windows\MiniWeb.exe
2009-09-30 12:43 . 2009-05-18 10:15    144896    ----a-w-    c:\windows\system32\dsxml.dll
2009-09-30 12:43 . 2009-05-18 10:15    155648    ----a-w-    c:\windows\system32\dsibapi.dll
2009-09-30 12:42 . 2009-05-18 10:15    287232    ----a-w-    c:\windows\system32\DSPNG.dll
2009-09-30 12:42 . 2009-06-22 07:22    101888    ----a-w-    c:\windows\system32\ToolBox20.dll
2009-09-30 12:42 . 2009-05-18 10:15    109568    ----a-w-    c:\windows\system32\dszlib.dll
2009-09-11 14:19 . 2008-06-18 14:33    136192    ----a-w-    c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2008-06-18 14:33    58880    ----a-w-    c:\windows\system32\msasn1.dll
2009-08-29 07:28 . 2008-06-18 14:33    832512    ------w-    c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2008-06-18 14:33    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2008-06-18 14:33    17408    ------w-    c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2008-06-18 14:33    247326    ----a-w-    c:\windows\system32\strmdll.dll
2009-08-05 09:00 . 2008-06-18 14:33    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2004-08-26 17:50    2026496    ------w-    c:\windows\system32\ntkrnlpa.exe
2009-08-04 17:29 . 2004-08-26 17:50    2147840    ------w-    c:\windows\system32\ntoskrnl.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"OfficeScanNT Monitor"="c:\programmer\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-03-29 394952]
"Easy-PrintToolBox"="c:\programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Reception1\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
SetWeb.lnk - c:\programmer\SetWeb\SetWeb.exe [2008-11-5 847872]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\DentalSuite\\DentalSuite.exe"=
"c:\\Programmer\\DentalSuite\\VNC\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26-10-2009 15:40 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26-10-2009 15:40 20560]
R2 TmFilter;Trend Micro Filter;c:\programmer\Trend Micro\Client Server Security Agent\tmxpflt.sys [16-08-2008 02:00 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\programmer\Trend Micro\Client Server Security Agent\tmpreflt.sys [16-08-2008 02:00 36368]
S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [05-11-2008 14:17 52026]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
*Deregistered* - mbr
.
.
------- Yderligere scanning -------
.
uStart Page = dk.msn.com//
IE: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: danid.dk
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://192.168.18.11:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} - hxxps://activex.dataloen.dk/controls/Dataloen3341.CAB
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 11:25
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-10-28 11:26
ComboFix-quarantined-files.txt  2009-10-28 10:26

Pre-Kørsel: 69.776.109.568 byte ledig
Post-Kørsel: 69.790.457.856 byte ledig

- - End Of File - - 13DF058F6288090E086ED514BA8892D4

Skrevet tor. d. 29. oktober 2009 kl. 00:12:56| #43

crasser83
crasser83 (15.495 point)
Desuden vil jeg lige høre om du kender en god, billig og effektiv antivirusprogram som jeg efterfølgende på computerne?

Skrevet fre. d. 13. november 2009 kl. 18:31:19| #44

f-arn
f-arn (24.175 point)
Beklager, du er da blevet glemt. Hvordan kører computeren? Der er lidt rester, men da der er gået så lang tid vil jeg gerne se en ny combolog lavet som her!

http://www.eksperten.dk/spm/890327#reply_7476130

Skrevet man. d. 16. november 2009 kl. 01:18:59| #45

crasser83
crasser83 (15.495 point)
ok. :-)
Sender den på Torsdag når jeg er tilbage på arbejdet. Computeren kører fint og der er ikke nogen pop up af nogen slags.
Tak for din hjælp.

Skrevet tor. d. 19. november 2009 kl. 15:43:19| #46

crasser83
crasser83 (15.495 point)
Så lykkes det. Ogsp at få luket vores antivirusprogram midlkertidigt fra.

Her kommer den så:

ComboFix 09-11-18.07 - Reception1 19-11-2009 15:34.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1015.602 [GMT 1:00]
Kører fra: c:\documents and settings\Reception1\Skrivebord\alg.exe
AV: Trend Micro Client/Server Security Agent Antivirus *On-access scanning disabled* (Outdated) {9562DEF8-B4C4-4848-946E-F4F43834FB9F}
FW: Trend Micro Client-Server Security Agent Firewall *disabled* {9562DEF8-B4C4-4848-946E-F4F43834FB9F}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-10-19 til 2009-11-19  )))))))))))))))))))))))))))))))))))
.

2009-11-17 10:31 . 2009-11-17 10:31    --------    d-----w-    c:\documents and settings\Reception1\Lokale indstillinger\Application Data\Help
2009-10-29 17:29 . 2009-07-06 14:11    59920    ----a-w-    c:\windows\system32\drivers\tmactmon.sys
2009-10-29 17:29 . 2009-07-06 14:11    50704    ----a-w-    c:\windows\system32\drivers\tmevtmgr.sys
2009-10-29 17:29 . 2009-10-29 17:29    --------    d-----w-    C:\temp
2009-10-29 17:29 . 2009-10-29 17:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\Trend Micro
2009-10-29 17:25 . 2009-11-02 07:04    50758    ----a-w-    c:\windows\system32\prfc0406.dat
2009-10-29 17:25 . 2009-11-02 07:04    335956    ----a-w-    c:\windows\system32\prfh0406.dat
2009-10-29 17:25 . 2009-10-29 17:25    --------    d-----w-    c:\windows\system32\log
2009-10-29 17:25 . 2009-07-15 17:37    89872    ----a-w-    c:\windows\system32\drivers\tmtdi.sys
2009-10-29 17:16 . 2009-10-29 17:16    152576    ----a-w-    c:\documents and settings\Reception1\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-26 14:26 . 2009-11-17 10:24    --------    d-----w-    c:\programmer\DYMO Label
2009-10-26 10:19 . 2009-10-26 10:19    --------    d-----w-    c:\programmer\Alwil Software
2009-10-22 18:05 . 2009-10-22 18:05    17625    ----a-w-    c:\windows\ugytyjydab.dat
2009-10-22 17:13 . 2009-10-22 17:13    --------    d-----w-    c:\documents and settings\Reception1\Application Data\Malwarebytes
2009-10-22 17:13 . 2009-10-22 17:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-21 13:59 . 2009-10-21 13:59    18006    ----a-w-    c:\windows\system32\vykeneh.com
2009-10-21 13:59 . 2009-10-21 13:59    11706    ----a-w-    c:\windows\system32\iryxojufu.com
2009-10-21 13:55 . 2009-10-22 15:38    42368    -c--a-w-    c:\windows\system32\dllcache\agp440.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 14:30 . 2008-06-18 14:33    57722    ----a-w-    c:\windows\system32\perfc006.dat
2009-11-19 14:30 . 2008-06-18 14:33    357942    ----a-w-    c:\windows\system32\perfh006.dat
2009-11-19 09:24 . 2008-12-04 16:52    1    ----a-w-    c:\documents and settings\Reception1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-17 08:30 . 2009-04-16 07:05    0    ----a-w-    c:\documents and settings\Reception1\temp.dat
2009-10-30 08:00 . 2008-11-05 11:34    --------    d-----w-    c:\programmer\DentalSuite
2009-10-29 17:29 . 2008-11-05 11:37    --------    d-----w-    c:\programmer\Trend Micro
2009-10-29 17:17 . 2008-11-05 13:18    --------    d-----w-    c:\programmer\Java
2009-10-28 13:17 . 2008-11-05 11:34    737280    ----a-w-    c:\windows\iun6002.exe
2009-10-28 13:17 . 2008-11-05 11:34    --------    d-----w-    c:\programmer\Firebird2
2009-10-23 13:12 . 2009-10-23 13:12    15050    ----a-w-    c:\programmer\Fælles filer\anawyk.db
2009-10-21 13:59 . 2009-10-21 13:59    18879    ----a-w-    c:\programmer\Fælles filer\ryrewut.db
2009-10-21 13:59 . 2009-10-21 13:59    16445    ----a-w-    c:\programmer\Fælles filer\zobawot.db
2009-10-14 08:24 . 2009-05-07 10:28    18632    ----a-w-    c:\documents and settings\Reception1\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-10-14 08:24 . 2009-10-14 08:23    --------    d-----w-    c:\programmer\Windows Live
2009-10-14 08:24 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Microsoft
2009-10-14 08:24 . 2009-10-14 08:24    --------    d-----w-    c:\programmer\Windows Live SkyDrive
2009-10-14 08:16 . 2009-10-14 08:16    --------    d-----w-    c:\programmer\Fælles filer\Windows Live
2009-10-08 17:04 . 2009-02-03 19:31    282112    ----a-w-    c:\windows\MiniWeb.exe
2009-10-08 17:02 . 2009-10-08 17:02    278528    ----a-w-    c:\windows\system32\DSJPG.dll
2009-10-08 17:02 . 2009-02-03 19:31    144896    ----a-w-    c:\windows\system32\dsxml.dll
2009-10-08 17:02 . 2009-09-19 14:28    260096    ----a-w-    c:\windows\system32\TMDGUI20.dll
2009-10-08 17:02 . 2009-09-19 14:28    155648    ----a-w-    c:\windows\system32\dsibapi.dll
2009-10-08 17:02 . 2009-10-08 17:02    279552    ----a-w-    c:\windows\system32\DSJPG_12Bit.dll
2009-10-08 17:02 . 2009-09-19 14:22    287232    ----a-w-    c:\windows\system32\DSPNG.dll
2009-10-08 17:01 . 2009-09-13 10:22    109568    ----a-w-    c:\windows\system32\dszlib.dll
2009-10-08 17:01 . 2009-09-13 10:22    101888    ----a-w-    c:\windows\system32\ToolBox20.dll
2009-09-11 14:19 . 2008-06-18 14:33    136192    ----a-w-    c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2008-06-18 14:33    58880    ----a-w-    c:\windows\system32\msasn1.dll
2009-08-29 07:28 . 2008-06-18 14:33    832512    ------w-    c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2008-06-18 14:33    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2008-06-18 14:33    17408    ------w-    c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2008-06-18 14:33    247326    ----a-w-    c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((((((  SnapShot@2009-10-28_10.25.33  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-19 14:26 . 2009-11-19 14:26    16384              c:\windows\temp\Perflib_Perfdata_584.dat
+ 2006-05-09 08:50 . 2009-08-06 18:24    44768              c:\windows\system32\wups2.dll
+ 2008-06-18 12:46 . 2009-08-06 18:24    35552              c:\windows\system32\wups.dll
+ 2008-06-18 12:46 . 2009-08-06 18:24    53472              c:\windows\system32\wuauclt.exe
- 2008-11-06 18:00 . 2009-05-26 11:40    17784              c:\windows\system32\spmsg.dll
+ 2008-11-06 18:00 . 2008-07-08 13:00    17784              c:\windows\system32\spmsg.dll
+ 2009-11-13 06:47 . 2009-08-06 18:24    44768              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-11-13 06:47 . 2009-08-06 18:24    35552              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-06-18 14:33 . 2009-11-19 14:30    43610              c:\windows\system32\perfc009.dat
+ 2008-06-18 12:46 . 2009-08-06 18:24    35552              c:\windows\system32\dllcache\wups.dll
+ 2008-06-18 12:46 . 2009-08-06 18:24    53472              c:\windows\system32\dllcache\wuauclt.exe
+ 2008-06-18 14:33 . 2009-08-06 18:24    96480              c:\windows\system32\dllcache\cdm.dll
+ 2009-02-03 19:31 . 1998-07-28 10:53    12288              c:\windows\system32\Dgtscan.dll
- 2009-05-18 10:15 . 2007-12-05 13:37    12288              c:\windows\system32\Dgtscan.dll
+ 2009-02-03 19:31 . 1999-03-30 01:10    18432              c:\windows\system32\Commsc32.dll
- 2009-05-18 10:15 . 2007-12-05 13:37    18432              c:\windows\system32\Commsc32.dll
- 2009-05-18 10:15 . 2007-12-05 13:37    43520              c:\windows\system32\Cdrvxf32.dll
+ 2009-02-03 19:31 . 1999-03-30 01:10    43520              c:\windows\system32\Cdrvxf32.dll
- 2009-05-18 10:15 . 2007-12-05 13:37    32256              c:\windows\system32\Cdrvhf32.dll
+ 2009-02-03 19:31 . 1999-03-30 01:10    32256              c:\windows\system32\Cdrvhf32.dll
- 2009-05-18 10:15 . 2007-12-05 13:37    31232              c:\windows\system32\Cdrvdl32.dll
+ 2009-02-03 19:31 . 1999-03-30 01:09    31232              c:\windows\system32\Cdrvdl32.dll
+ 2008-06-18 14:33 . 2009-08-06 18:24    96480              c:\windows\system32\cdm.dll
+ 2008-06-18 12:46 . 2009-08-06 18:24    209632              c:\windows\system32\wuweb.dll
+ 2008-06-18 12:46 . 2009-08-06 18:24    327896              c:\windows\system32\wucltui.dll
+ 2008-06-18 12:46 . 2009-08-06 18:23    575704              c:\windows\system32\wuapi.dll
+ 2008-06-18 14:33 . 2009-11-19 14:30    322734              c:\windows\system32\perfh009.dat
+ 2009-10-15 07:08 . 2009-08-06 18:23    215920              c:\windows\system32\muweb.dll
+ 2009-10-15 07:08 . 2009-08-06 18:23    274288              c:\windows\system32\mucltui.dll
+ 2009-10-29 17:17 . 2009-07-25 04:23    149280              c:\windows\system32\javaws.exe
+ 2009-10-29 17:17 . 2009-07-25 04:23    145184              c:\windows\system32\javaw.exe
+ 2009-10-29 17:17 . 2009-07-25 04:23    145184              c:\windows\system32\java.exe
- 2008-06-18 14:39 . 2009-10-15 07:06    114968              c:\windows\system32\FNTCACHE.DAT
+ 2008-06-18 14:39 . 2009-11-13 06:44    114968              c:\windows\system32\FNTCACHE.DAT
+ 2008-11-05 11:38 . 2009-07-06 14:11    158224              c:\windows\system32\drivers\tmcomm.sys
+ 2007-03-22 08:54 . 2009-07-15 17:37    339984              c:\windows\system32\drivers\TM_CFW.sys
+ 2008-06-18 12:46 . 2009-08-06 18:24    209632              c:\windows\system32\dllcache\wuweb.dll
+ 2008-06-18 12:46 . 2009-08-06 18:24    327896              c:\windows\system32\dllcache\wucltui.dll
+ 2008-06-18 12:46 . 2009-08-06 18:23    575704              c:\windows\system32\dllcache\wuapi.dll
+ 2008-11-05 13:18 . 2009-07-25 04:23    411368              c:\windows\system32\deploytk.dll
+ 2009-11-03 15:00 . 2009-05-26 11:40    394616              c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-03 15:00 . 2009-05-26 11:40    232824              c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2008-06-18 12:46 . 2009-08-06 18:23    1929952              c:\windows\system32\wuaueng.dll
+ 2008-06-18 14:33 . 2009-08-14 15:15    1850624              c:\windows\system32\win32k.sys
+ 2008-06-18 14:33 . 2009-10-21 04:07    3598336              c:\windows\system32\mshtml.dll
- 2008-06-18 14:33 . 2009-08-29 07:28    3598336              c:\windows\system32\mshtml.dll
+ 2008-06-18 12:46 . 2009-08-06 18:23    1929952              c:\windows\system32\dllcache\wuaueng.dll
+ 2008-11-07 07:08 . 2009-08-14 15:15    1850624              c:\windows\system32\dllcache\win32k.sys
+ 2008-06-18 14:33 . 2009-10-21 04:07    3598336              c:\windows\system32\dllcache\mshtml.dll
- 2008-06-18 14:33 . 2009-08-29 07:28    3598336              c:\windows\system32\dllcache\mshtml.dll
+ 2009-11-03 15:00 . 2009-08-29 07:28    3598336              c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2008-11-10 16:41 . 2009-11-05 17:36    26768832              c:\windows\system32\MRT.exe
.
-- Snapshot sat til dags dato --
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"OfficeScanNT Monitor"="c:\programmer\Trend Micro\Client Server Security Agent\pccntmon.exe" [2009-10-08 943400]
"Easy-PrintToolBox"="c:\programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"OE"="c:\programmer\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe" [2009-08-31 492808]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-11 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Reception1\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
SetWeb.lnk - c:\programmer\SetWeb\SetWeb.exe [2008-11-5 847872]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\DentalSuite\\DentalSuite.exe"=
"c:\\Programmer\\DentalSuite\\VNC\\winvnc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 TmPreFilter;Trend Micro PreFilter;c:\programmer\Trend Micro\Client Server Security Agent\tmpreflt.sys [16-08-2008 02:00 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [22-03-2007 09:54 339984]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [29-10-2009 18:29 50704]
S2 TmFilter;Trend Micro Filter;c:\programmer\Trend Micro\Client Server Security Agent\tmxpflt.sys [16-08-2008 02:00 230928]
S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [05-11-2008 14:17 52026]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\programmer\Trend Micro\Client Server Security Agent\TmPfw.exe [29-10-2009 18:25 497008]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\programmer\Trend Micro\Client Server Security Agent\TmProxy.exe [29-10-2009 18:25 689416]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Yderligere scanning -------
.
uStart Page = dk.msn.com//
IE: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: danid.dk
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\programmer\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll
DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} - hxxps://192.168.18.11:4343/SMB/console/html/root/AtxEnc.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} - hxxps://activex.dataloen.dk/controls/Dataloen3341.CAB
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 15:39
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-11-19 15:40
ComboFix-quarantined-files.txt  2009-11-19 14:40

Pre-Kørsel: 69.375.778.816 byte ledig
Post-Kørsel: 69.703.368.704 byte ledig

- - End Of File - - FAED57CC7D0DAD477EF47D0A982AB17E

Skrevet fre. d. 20. november 2009 kl. 07:22:51| #47

f-arn
f-arn (24.175 point)
Slet disse manuelt:

c:\windows\ugytyjydab.dat
c:\windows\system32\vykeneh.com
c:\windows\system32\iryxojufu.com
c:\programmer\Fælles filer\anawyk.db
c:\programmer\Fælles filer\ryrewut.db
c:\programmer\Fælles filer\zobawot.db


Prøv så at køre denne online skanner for at se om den finder flere rester. Du skal også her slå din  antivirus fra. Lad mig vide hvad den siger.

http://www.eset.com/onlinescan/index.php

Skrevet fre. d. 20. november 2009 kl. 14:49:20| #48

crasser83
crasser83 (15.495 point)
Ok, det gør jeg når jeg er der på Mandag. Hold øjnene åbne. :-)

Skrevet fre. d. 20. november 2009 kl. 14:58:18| #49


Skrevet ons. d. 25. november 2009 kl. 00:53:51| #50

crasser83
crasser83 (15.495 point)
Det bliver først torsdag, da jeg ikke har været på klinikken før alligevel.

Skrevet ons. d. 25. november 2009 kl. 01:07:35| #51

f-arn
f-arn (24.175 point)
Jeg er her nok "osse" torsdag :)

Skrevet tor. d. 26. november 2009 kl. 16:46:51| #52

crasser83
crasser83 (15.495 point)
Den siger no virus found, men er MEGET hurtig overstået. 0,0Dek. NB. Første gang den gjorde det gik den galt med "unexpeted error"...

Skrevet tor. d. 26. november 2009 kl. 16:54:54| #53

crasser83
crasser83 (15.495 point)
ps. filerne er fundet og fjernet.

Skrevet tor. d. 26. november 2009 kl. 17:07:45| #54


Skrevet tor. d. 26. november 2009 kl. 17:38:25| #55

crasser83
crasser83 (15.495 point)
Den virker og er i gang.... Skriver ASAP

Skrevet tor. d. 26. november 2009 kl. 17:59:40| #56

crasser83
crasser83 (15.495 point)
Det er et godt tegn ikk? :-)


Virus status: SAFE!

Your computer is free of known threats.

51257 files scanned, 0 file(s) infected on your disk drives.

No viruses were detected in memory

Your computer is free of known threats.  Virus Detection does not check compressed files.

Your computer appears safe for now.  For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.

Skrevet tor. d. 26. november 2009 kl. 19:08:23| #57

f-arn
f-arn (24.175 point)
Jo - jeg tror ikke der er mere, men prøv at sætte jeres egen antivirus til at lave en fuld system skanning. Det kan jo være den kan finde lidt.

Skrevet tor. d. 26. november 2009 kl. 19:33:29| #58

crasser83
crasser83 (15.495 point)
ok mange tak! Vil du have dine velfortjente point? :)

Skrevet tor. d. 26. november 2009 kl. 20:30:15| #59

f-arn
f-arn (24.175 point)
Desuden vil jeg lige høre om du kender en god, billig og effektiv antivirusprogram som jeg efterfølgende på computerne?

Det ved jeg ikke rigtig, men det er jo klart at jeres nuværende ikke var særligt effektivt. Hvor mange computere skal det bruges til?

Klik start, kør og kopier dettte: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves

Skrevet fre. d. 27. november 2009 kl. 08:51:21| #60

crasser83
crasser83 (15.495 point)
Vi har fået opgraderet vores antivirus/antimalware program så det nu er helt i orden, ellers tak.

MANGE, MANGE, MANGE TAK FOR HJÆLPEN!

VÆRSGO!

Skrevet fre. d. 27. november 2009 kl. 09:14:50| #61

f-arn
f-arn (24.175 point)
Takker for point, men må jeg for sjovs skyld høre hvad i valgte?

Skriv et indlæg




Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] [img]link til billede[/img]
Web- og emailadresser omdannes automatisk til links

Log ind

   


Seneste spørgsmål

Widevine Media Optimizer - og mærkelige lyde

Oprettet den 23. oktober 2014 kl. 00.21
Guldsmeden giver 30 point for svar | Giv et svar »

hjælp til at fjerne Astromenda m.fl.

Oprettet den 21. oktober 2014 kl. 21.41
2hans giver 200 point for svar | Giv et svar »

Din Avast er udløbet

Oprettet den 20. oktober 2014 kl. 07.57
carlt giver 200 point for svar | Giv et svar »

Seneste guides

Find ejeren af et vilkårligt domæne
Undgå reklamerne på iPad
Opret BOOTBAR USB pen ...





Computerworld

Teaser billede

Android L: Disse telefoner får den nye version af Android

Den nyeste version af Android, Android Lollipop, er blevet præsenteret og er nu kommet ud i prøveversion til nogle enkelte enheder, men hvilke smartphones vil rent faktisk få det nye system?

CIO

Teaser billede

Microsoft: Adgang til Windows 10 vil kræve flere koder

I et forsøg på at appellere til de sikkerheds-bekymrede it-chefer indbygger Microsoft to-faktor-autentifikation direkte i Windows 10, som vil kræve to koder at få adgang til. Også en række andre...

Comon

Teaser billede

Test: Mini-computer fra Gigabyte har overraskende meget kraft

Gigabyte's Brix Pro (GB-BXi7-4770R) har overraskende meget kraft i så lille et chassis, men størrelsen giver også problemer.

Channelworld

Teaser billede

Printbranchen er ved at save benene af sig selv

Stenhård priskonkurrence undergraver den traditionelle forretningsmodel for salg af print-og kopimaskiner.

White paper

Teaser billede

Offentlig it-indkøb: Hvordan?

Denne Computerworld Guide ser nærmere på offentlige indkøberes palet af muligheder for at gå hårdt til deres it-leverandører.



Udgiver · © 2014 Computerworld A/S · Hørkær 18 · 2730 Herlev · Tlf.: 77 300 300 · Fax: 77 300 301 · Brug af personoplysninger