[madcows7]

og dette sidste måned mine venner computer fik Ekstrem langsom og buggy på mange måder, og vi tror, det er en virus heres min hijack log enhver anden form for hjælp vil være værdsat takket

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt på 4:00:42 PM, den 4/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Kørende processer:
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.EXE
C: \ Programmer \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
C: \ Windows \ System32 \ CtHelper.exe
C: \ Windows \ System32 \ CTXFIHLP.EXE
C: \ Windows \ System32 \ rundll32.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Windows \ System32 \ CTxfispi.exe
C: \ Users \ Mark JR \ Programmer \ DNA \ btdna.exe
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ Windows \ System32 \ Wbem \ Unsecapp.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
c: \ Programmer \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ca: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts: 72.233.61.2 L2authd.lineage2.com
O1 - Hosts: 72.233.61.2 L2testauthd.lineage2.com
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programmer \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll (filen mangler)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - (bf00e119-21a3-4fd1-b178-3b8537e75c92) - C: \ Programmer \ Megaupload \ Mega Manager \ MegaIEMn.dll
O3 - Toolbar: (no name) - (E0E899AB-F487-11D5-8D29-0050BA6940E3) - (no file)
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [Gitter Service] "C: \ Programmer \ GridService \ peer.exe"-n Gitter
O4 - HKLM \ .. \ Run: [VMware-bakken] "C: \ Programmer \ VMware \ VMware Workstation \ VMware-tray.exe"
O4 - HKLM \ .. \ Run: [VMware hqtray] "C: \ Programmer \ VMware \ VMware Workstation \ hqtray.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [UpdReg] C: \ Windows \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [AsioReg] regsvr32.exe / S CTASIO.DLL
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM \ .. \ Run: [CtxfiReg] CTXFIREG.EXE
O4 - HKLM \ .. \ Run: [NvSvc] rundll32.exe C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programmer \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [InCD] C: \ Programmer \ Ahead \ InCD \ InCD.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Users \ Mark JR \ Programmer \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [igndlm.exe] C: \ Programmer \ Download Manager \ DLM.exe / windowsstart / startifwork
O4 - HKCU \ .. \ Run: [Steam] "c: \ program files \ damp \ steam.exe"-tavs
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O8 - Extra sammenhæng menupunkt: Download Link Brug Mega Manager ... - C: \ Programmer \ Megaupload \ Mega Manager \ mm_file.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Ekstra knap: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programmer \ Yahoo! \ Common \ yiesrvc.dll (filen mangler)
O10 - Ukendt fil i Winsock LSP: c: \ Windows \ system32 \ prxernsp.dll
O13 - Gopher Prefix:
O16 - DPF: (0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75) (CKAVWebScan Object) -- http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programmer \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: (A4110378-789B-455F-AE86-3A1BFC402853) (ZPA_SHVL Object) -- http://zone.msn.com/bingame/zpagames...l.cab55579.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (FFB3A759-98B1-446F-BDA9-909C6EB18CC7) (PCPitstop eksamen) -- http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: GoToAssist - C: \ Programmer \ Citrix \ GoToAssist \ 480 \ G2AWinLogon.dll (filen mangler)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc. - C: \ Programmer \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown ejer - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe (file mangler)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programmer \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, en division af Citrix Systems, Inc. - C: \ Programmer \ Citrix \ GoToAssist \ 480 \ g2aservice.exe
O23 - Service: InstallDriver Tabel Manager (IDriverT) - Macrovision Corporation - C: \ Programmer \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Programmer \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown ejer - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe (file mangler)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C: \ Programmer \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: MySQL - Unknown ejer - C: \ Program.exe (filen mangler)
O23 - Service: PnkBstrA - Unknown ejer - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Ukendt ejer - C: \ Programmer \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe (filen mangler)
O23 - Service: Steam Client Service - Valve Corporation - C: \ Programmer \ Common Files \ Steam \ SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Ukendt ejer - C: \ Programmer \ VMware \ VMware Workstation \ VMware-ufad.exe (filen mangler)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C: \ Windows \ system32 \ vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - Ukendt ejer - C: \ Programmer \ Common Files \ VMware \ VMware Virtual Image Editing \ vmount2.exe (filen mangler)
O23 - Service: VMware NAT Service - VMware, Inc. - C: \ Windows \ system32 \ vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - c: \ wamp \ bin \ apache \ apache2.2.8 \ bin \ httpd.exe
O23 - Service: wampmysqld - Ukendt ejer - c: \ wamp \ bin \ mysql \ mysql5.0.51a \ bin \ mysqld-nt.exe

--
End of file - 9561 bytes

[evilfantasy]

Du bliver nødt til at gøre de to andre scanninger fra HER og efter disse logfiler. Derefter køre en ny HJT scanning og post loggen også.

[KanoakaVirus]

Bed ham om at registrere, ville gøre tingene lettere og klarere?

[madcows7]

uh der gerne 10 scannere, som en gør han brug

[evilfantasy]

SUPERAntiSpyware
Malwarebytes' Anti-Malware (MBAM)

[madcows7]

superantispyware gjorde ikke give mig en log

[evilfantasy]

At hente fjernelse information bedes du gøre følgende:

• Efter genstart, skal du dobbeltklikke på SUPERAntiSpyware ikon på skrivebordet.
• Klik på Præferencer. Klik på Statistics / Logs fane.
• Under Scanner log, skal du dobbeltklikke på SUPERAntiSpyware Scan Log.
• Det vil åbne i din standard teksteditor (helst Notesblok).

[madcows7]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/18/2008 at 07:25

Application Version: 4.0.1154

Core Rules Database Version: 3441
Trace Rules Database Version: 1433

Scan type: Complete Scan
Total Scan Time: 00:27:10

Memory poster scannet: 617
Memory trusler opdaget: 0
Topdomæneadministratoren poster scannet: 5920
Topdomæneadministratoren trusler opdaget: 0
File poster skannet: 29182
File trusler opdaget: 0

[evilfantasy]

Malwarebytes' Anti-Malware (MBAM), derefter køre en ny Hijackthis scanne og efter at logge såvel tak.

[madcows7]

ok internettet går langsomt latly også hvis theres ingen virus, hvad der ville være forårsager dette ... kun hvis tehre er ingen