Søg
Avatar billede kiwankow Nybegynder
24. maj 2007 - 10:20 Der er 14 kommentarer og
1 løsning

Hjælp til log filer på ekstrem langsom maskine

Hej jeg vil høre om der er nogen der vil hjælpe med at kigge på disse log filer på min fars pc. Den er ekstremt længe om at starte op. Der er instaleret windows 2000 servicepack 4.

Jeg har i fejlsikret tilstand kørt ccleaner og AVG.

Derefter i normal tilstand hijackthis og rootcheck.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:38:35 23-05-2007

+ Scan result:



HKLM\SOFTWARE\iGlobalMedia -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\Installer -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\upgrades -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\blackjack -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\boardbabe -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\caribbeanpoker -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\client -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\coolbananas -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\flamingo -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\funkychicken -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\games -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goannagold -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldeneagle -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\goldengopher -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\hotroller -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\junglerumble -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kangacash -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\kookakeno -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\letitride -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\magicmanslot -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\megaeuropeanroulette -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\metropolis -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\piggypayback -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\predatorslot -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\safecrackerkeno -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\silvercity -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\threecardpoker -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\tod -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\upgrader -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vegasclub -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerdw -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerjob -> Adware.AceClubCasino : Cleaned.
HKLM\SOFTWARE\iGlobalMedia\starluckcasino\casino\version\vpokerjp -> Adware.AceClubCasino : Cleaned.
C:\Documents and Settings\F098JS\Dokumenter\Home of Fun.exe -> Adware.Casino : Cleaned.
C:\Documents and Settings\F098JS\Dokumenter\pacificpoker.exe -> Adware.Casino : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCAR -> Adware.CometCursor : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SWAR -> Adware.CometCursor : Cleaned.
HKU\S-1-5-21-1085031214-1708537768-1060284298-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\GAIN -> Adware.Gator : Cleaned.
C:\Documents and Settings\F098JS\Menuen Start\Programmer\Start\DLHelperEXE.exe -> Adware.Thumper : Cleaned.
C:\Programmer\KeyKeeper\KKeeper.exe -> Not-A-Virus.Monitor.Win32.StonsKeyKeeper : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@www.adobe[2].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@commissionpartner[1].txt -> TrackingCookie.Commissionpartner : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@commissionpartner[2].txt -> TrackingCookie.Commissionpartner : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@commissionpartner[3].txt -> TrackingCookie.Commissionpartner : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@track.commissionpartner[1].txt -> TrackingCookie.Commissionpartner : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@connextra[10].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@connextra[3].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@connextra[4].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@connextra[5].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@connextra[6].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@connextra[7].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@connextra[8].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Lokale indstillinger\Temp\Cookies\f098js@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@www.findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ads.gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@idot[1].txt -> TrackingCookie.Idot : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ilead.itrack[2].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ilead.itrack[3].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ilead.itrack[5].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\F098JS\Lokale indstillinger\Temp\Cookies\f098js@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@komtrack[1].txt -> TrackingCookie.Komtrack : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ie.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@search.msn[3].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@www.paypal[2].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ppms.popularix[1].txt -> TrackingCookie.Popularix : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@ads-205.quarterserver[2].txt -> TrackingCookie.Quarterserver : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@guide.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@guide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@realguide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@www.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@www.saxobank[1].txt -> TrackingCookie.Saxobank : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\F098JS\Cookies\f098js@yadro[3].txt -> TrackingCookie.Yadro : Cleaned.


::Report end

=============================================================

Logfile of HijackThis v1.99.1
Scan saved at 21:47:49, on 23-05-2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\Programmer\Personal Communications\PCS_AGNT.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\drivers\ldlcserv.exe
C:\notes\ntmulti.exe
C:\WINNT\system32\regsvc.exe
c:\Programmer\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\pcssfrrx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\NILaunch.exe
C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Programmer\Apoint\Apoint.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINNT\system32\internat.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\suitest.exe
C:\Documents and Settings\F098JS\Skrivebord\spywarefri\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,pcssfrrx.exe
O1 - Hosts: 172.17.10.227 MRTGS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\System32\NILaunch.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [CPortPatch] C:\WINNT\DockQuickInstall\cppch.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programmer\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programmer\MultiPoker\MultiPoker.exe (file missing)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://places.semlernet.dk/qp2.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00619BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1900ib100.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://smc.semlernet.dk/iNotes.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.home.dk/skyline/TEInstall/TE.cab
O16 - DPF: {4A224399-F178-4816-8CDD-65873E3B92A5} (Contributor Web Client Connector) - http://planningsmcb.semlernet.dk/cognos/contributor/controls/clientFull73.cab
O16 - DPF: {57D60ED1-AFA0-47C3-A850-723896923971} (epcInstallerConnector Class) - http://planningsmcb.semlernet.dk/cognos/contributor/controls/epcWebInstaller73.cab
O16 - DPF: {A45A8A35-19FA-4E8B-874C-CBA3107F354C} (GVLaunch Control) - http://www.casinolauncher.com/gvlaunch.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://semnav.semlernet.dk/webinst.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://crazyvegas.microgaming.com/crazyvegas/FlashAX.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp06.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {E107733C-FEA3-43D3-8A6C-3473256802A9} (EPExcelPrint_73.ExcelPrint) - http://planningsmcb.semlernet.dk/cognos/contributor/Controls/ExtExcelPrint.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/danicalink/activex/DanskeSikker.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fha098.semlernet.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fha098.semlernet.dk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fha098.semlernet.dk
O20 - Winlogon Notify: NavLogon - c:\WINNT\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LocalSystem (ldlcserv) - Unknown owner - C:\WINNT\System32\drivers\ldlcserv.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Programmer\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe

=============================================================

********************************* ROOTCHK-(21-05-07)-LOG, by ejvindh
on 23-05-2007 21:49:26,12

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-23 21:49:26
Windows 5.0.2195 Service Pack 4 FAT
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Avatar billede Computer Hjælp (Gratis) Mester
24. maj 2007 - 10:48 #1
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,pcssfrrx.exe
O1 - Hosts: 172.17.10.227 MRTGS01
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programmer\MultiPoker\MultiPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Programmer\MultiPoker\MultiPoker.exe (file missing)
O16 - DPF: {A45A8A35-19FA-4E8B-874C-CBA3107F354C} (GVLaunch Control) - http://www.casinolauncher.com/gvlaunch.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://crazyvegas.microgaming.com/crazyvegas/FlashAX.cab

For at kunne se alle filer og mapper, så følg denne vejledning:
http://www.spywareinfo.dk/tip-og-tricks/mappeindstillinger.htm

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

C:\Program Files\Win Comm\ <- Hele mappen

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------
Avatar billede kiwankow Nybegynder
24. maj 2007 - 12:52 #2
Jeg glemte lige at tilføje at det er en firma maskine der er koblet til et netvæk som der må helst ikke slettes noget der går ud over det..!!

Skal jeg stadig gøre som du allerede har beskrevet..??

Du skriver:

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

skal jeg gøre alt hvad der står på den side eller skal jeg bare starte op i fejlsikret tilstand..??


Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

Jeg er ikke helt med på hvilke filer/mapper jeg skal søge efter og slette..??


C:\Program Files\Win Comm\ <- Hele mappen

Mener du at hele mappen skal slettes..?? og det er ikke noget der pårvirker netværket eller de programmer der installeret..??
Avatar billede Computer Hjælp (Gratis) Mester
24. maj 2007 - 22:19 #3
... bare alm. FEJLSIKKER tilstand [F8] som du nok kender...

Men hvis du KAN slette nævnte
..\Win Comm\
mappe i normal tilstand så prøv det først...

For det ER denne WinComm.exe som (ifølge flere stader) gør den værste ballade...
Avatar billede kiwankow Nybegynder
24. maj 2007 - 22:57 #4
øg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

Jeg er ikke helt med på hvilke filer/mapper jeg skal søge efter og slette..??
Avatar billede kiwankow Nybegynder
28. maj 2007 - 22:30 #5
nu har jeg fixex de linjer du sagde og slettet de enkelte filer dog ikke dem i c:\winnt\system32

her er der en ny log..!!


Logfile of HijackThis v1.99.1
Scan saved at 22:29:02, on 28-05-2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\Programmer\Personal Communications\PCS_AGNT.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
c:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\drivers\ldlcserv.exe
C:\notes\ntmulti.exe
C:\WINNT\system32\regsvc.exe
c:\Programmer\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\NILaunch.exe
C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Programmer\Apoint\Apoint.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\F098JS\Skrivebord\spywarefri\alternativ.exe
C:\WINNT\explorer.exe
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\1e8b0a00d08fe34123a7dff8c750285a\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\System32\NILaunch.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [CPortPatch] C:\WINNT\DockQuickInstall\cppch.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://places.semlernet.dk/qp2.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00619BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1900ib100.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - http://smc.semlernet.dk/iNotes.cab
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://www.home.dk/skyline/TEInstall/TE.cab
O16 - DPF: {4A224399-F178-4816-8CDD-65873E3B92A5} (Contributor Web Client Connector) - http://planningsmcb.semlernet.dk/cognos/contributor/controls/clientFull73.cab
O16 - DPF: {57D60ED1-AFA0-47C3-A850-723896923971} (epcInstallerConnector Class) - http://planningsmcb.semlernet.dk/cognos/contributor/controls/epcWebInstaller73.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://semnav.semlernet.dk/webinst.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp06.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {E107733C-FEA3-43D3-8A6C-3473256802A9} (EPExcelPrint_73.ExcelPrint) - http://planningsmcb.semlernet.dk/cognos/contributor/Controls/ExtExcelPrint.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/danicalink/activex/DanskeSikker.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fha098.semlernet.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fha098.semlernet.dk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fha098.semlernet.dk
O20 - Winlogon Notify: NavLogon - c:\WINNT\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LocalSystem (ldlcserv) - Unknown owner - C:\WINNT\System32\drivers\ldlcserv.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Programmer\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Programmer\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe
Avatar billede Computer Hjælp (Gratis) Mester
28. maj 2007 - 22:34 #6
PS:
Er PC'en tilknyttet
fha098.semlernet.dk
???
Avatar billede kiwankow Nybegynder
28. maj 2007 - 22:47 #7
ja det skulle jeg mene hvorfor..??
Avatar billede kiwankow Nybegynder
28. maj 2007 - 23:16 #8
computeren er stadig en evighed om at starte op og kan ikke åbne 2 programmer samtidig uden det tager flere minutter..??
Avatar billede Computer Hjælp (Gratis) Mester
29. maj 2007 - 07:54 #9
(Du kunne da godt fortælle at du fortsætter tråden herfra -> http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=38480 ? Hvilket jeg også ville have forestået...)
Avatar billede kiwankow Nybegynder
29. maj 2007 - 08:18 #10
jeg ved nu ikke om jeg fortsætter tråden, jeg prøver bare på at få mest mulig hjælp så er det vel i orden at spørge to steder.
Avatar billede fromsej Praktikant
29. maj 2007 - 13:26 #11
Det er det både og.
Du kan selvfølgelig ikke vide, at vi fra Spywarefri også løser logs på Eksperten, derfor vil vi helst have den kun et sted, så ikke to af os laver samme log.

Men, da det alligevel er en firma maskine, og Spywarefri kun er for private, lukker jeg stille og roligt din tråd på Spywarefri.
Avatar billede kiwankow Nybegynder
29. maj 2007 - 16:00 #12
det er godt nok en privat maskine vi har bare forbindelse til firmaets server. hvad så med tråden her..?? her vil du måske heller ikke hjælpe så..??
Avatar billede fromsej Praktikant
29. maj 2007 - 22:43 #13
Det vil jeg såmænd gerne, men det er lidt en umulig situation jeg står i.
Vi afviser firmaer hos os selv, og hjælper på Eksperten, det er i overkanten af dobbeltmoralsk. ;-)
Nå, who cares, desuden er det jo en privat maskine.

Der er ikke mere skidt i loggen.
Prøv dette:
Klik på Start->Kør skriv SFC /scannow(bemærk mellemrum), klik OK.
Din Win2000-CD skal sidde i drevet.
Genstart, se om det hjalp.
Avatar billede cyberspace Nybegynder
30. maj 2007 - 11:40 #14
du kan også prøve denne
http://www.arlet.dk/index.html?/langsomcomputer.htm

og når det er gjort kan du hente denne sikkerhedspakke http://arlet.dk/pakke.htm
Avatar billede kiwankow Nybegynder
26. juni 2008 - 06:13 #15
lukket
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
29/0113:08 Bruge PHP til at hente hjemmeside med fsockopen Af Strawberry i PHP
28/0113:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
28/0111:32 Hjælp til kontrol af sygefravær Af Maja i Excel
27/0113:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
White papers
Flere white papers »