[madcows7]

hyvin viime kuussa ystäviäni tietokone sai erittäin hidasta ja viallisista monin tavoin, ja mielestämme sen viruksen heres minun kaappaus log muita auttaa olisi hyvä kiitos

Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu klo 4:00:42 PM, annettu 4.17.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Käynnissä olevista prosesseista:
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ ALWIL Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
C: \ Windows \ System32 \ CtHelper.exe
C: \ Windows \ System32 \ CTXFIHLP.EXE
C: \ Windows \ System32 \ rundll32.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Windows \ System32 \ CTxfispi.exe
C: \ Users \ Mark JR \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ wbem \ Unsecapp.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
c: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = noin: tyhjä
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Asetukset, ProxyOverride = *. paikallisten
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts: 72.233.61.2 L2authd.lineage2.com
O1 - Hosts: 72.233.61.2 L2testauthd.lineage2.com
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: RealPlayer Download ja Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - (bf00e119-21a3-4fd1-b178-3b8537e75c92) - C: \ Program Files \ MEGAUPLOAD \ Mega Manager \ MegaIEMn.dll
O3 - Toolbar: (no name) - (E0E899AB-F487-11D5-8D29-0050BA6940E3) - (no file)
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe piilotus
O4 - HKLM \ .. \ Run: [Grid Service] "C: \ Program Files \ GridService \ peer.exe"-n Grid
O4 - HKLM \ .. \ Run: [VMware-levy] "C: \ Program Files \ VMware \ VMware Workstation \ VMware-tray.exe"
O4 - HKLM \ .. \ Run: [VMware hqtray] "C: \ Program Files \ VMware \ VMware Workstation \ hqtray.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [UpdReg] C: \ Windows \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [AsioReg] Regsvr32.exe / S CTASIO.DLL
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM \ .. \ Run: [CtxfiReg] CTXFIREG.EXE
O4 - HKLM \ .. \ Run: [NvSvc] rundll32.exe C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [InCD] C: \ Program Files \ Ahead \ InCD \ InCD.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Users \ Mark JR \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [igndlm.exe] C: \ Program Files \ Download Manager \ DLM.exe / windowsstart / startifwork
O4 - HKCU \ .. \ Run: [Steam] "c: \ program files \ steam \ steam.exe"-silent
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O8 - Extra yhteydessä valikkotoimintoa: Download Link Using Mega Manager ... - C: \ Program Files \ MEGAUPLOAD \ Mega Manager \ mm_file.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll (file missing)
O10 - Tuntematon tiedosto Winsock LSP: c: \ windows \ system32 \ prxernsp.dll
O13 - Gopher Prefix:
O16 - DPF: (0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75) (CKAVWebScan Object) -- http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: (A4110378-789B-455F-AE86-3A1BFC402853) (ZPA_SHVL Object) -- http://zone.msn.com/bingame/zpagames...l.cab55579.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (FFB3A759-98B1-446F-BDA9-909C6EB18CC7) (PCPitstop Tentti) -- http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: GoToAssist - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ G2AWinLogon.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ ALWIL Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ ALWIL Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ ALWIL Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ ALWIL Software \ Avast4 \ ashWebSv.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: LiveUpdaten - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LiveUpdaten Notice Service Ex (LiveUpdaten Notice Ex) - Unknown owner - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: LiveUpdaten Notice Service - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: MySQL - Unknown owner - C: \ Program.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C: \ Program Files \ Common Files \ Steam \ SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C: \ Program Files \ VMware \ VMware Workstation \ VMware-ufad.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C: \ Windows \ system32 \ vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - Unknown owner - C: \ Program Files \ Common Files \ VMware \ VMware Virtual Image Editing \ vmount2.exe (file missing)
O23 - Service: VMware NAT Service - VMware, Inc. - C: \ Windows \ system32 \ vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - c: \ wamp \ bin \ apache \ apache2.2.8 \ bin \ httpd.exe
O23 - Service: wampmysqld - Unknown owner - c: \ wamp \ bin \ mysql \ mysql5.0.51a \ bin \ mysqld-nt.exe

--
End of file - 9561 bytes

[evilfantasy]

Sinun tulee tehdä kaksi muuta skannaa alkaen TÄSTÄ ja sen jälkeen niitä lokeja. Sitten suorita uusi HJT skannaa ja lähetä loki myös.

[KanoakaVirus]

Kysy häneltä rekisteröivät tekisi asioita helpompaa ja selkeämpää?

[madcows7]

TKK on kuin 10 skannereita, johon hän käyttää

[evilfantasy]

SUPERAntiSpyware
Malwarebytes' Anti-Malware (MBAM)

[madcows7]

superantispyware didnt antaa minulle log

[evilfantasy]

Voit hakea poistamistiedot tee seuraavasti:

• Kun käynnistät kaksoisnapsauttamalla SUPERAntiSpyware kuvaketta työpöydällä.
• Valitse Asetukset. Napsauta Tilastotiede / Logs välilehti.
• Alle Scanner Lokit, kaksoisnapsauta SUPERAntiSpyware Scan Loki.
• Se avautuu oletusmuokkaimena tekstieditorissa (mieluiten Notepadilla).

[madcows7]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Muodostettu 04.18.2008 klo 07:25 PM

Application Version: 4.0.1154

Core Rules Database Version: 3441
Trace Rules Database Version: 1433

Scan type: Complete Scan
Total Scan Time: 00:27:10

Muisti erät skannattavan: 617
Muisti uhkia havaittu: 0
Rekisterin kohteita skannattavan: 5920
Rekisterin uhkia havaittu: 0
Tiedoston kohteita skannattavan: 29182
Tiedoston uhkia havaittu: 0

[evilfantasy]

Malwarebytes' Anti-Malware (MBAM), suorita uusi Hijackthis scan ja post että log samoin kiitos.

[madcows7]

ok internet on menossa hitaasti latly myös, jos Theres ole viruksia, mikä aiheuttaa tämän ... vain, jos tehre ovat none