[madcows7]

labi šī pēdējā mēneša laikā mani draugi dators ieguva extremly lēna un viegli rati daudzos veidos, un mēs domājam, tā vīruss heres my nolaupīt log citu palīdzību varētu appreciated thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 4:00:42 gada 4/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running procesiem:
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8.582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
C: \ Windows \ System32 \ CtHelper.exe
C: \ Windows \ System32 \ CTXFIHLP.EXE
C: \ Windows \ System32 \ rundll32.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Windows \ System32 \ CTxfispi.exe
C: \ Users \ Mark JR \ Program Files \ DNS \ btdna.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ wbem \ unsecapp.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
c: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = aptuveni: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. vietējo
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts: 72.233.61.2 L2authd.lineage2.com
O1 - Hosts: 72.233.61.2 L2testauthd.lineage2.com
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: RealPlayer Download and Record Plugin Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Pakalpojumi Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll (file missing)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - (bf00e119-21a3-4fd1-b178-3b8537e75c92) - C: \ Program Files \ Megaupload \ Mega Manager \ MegaIEMn.dll
O3 - Toolbar: (no name) - (E0E899AB-F487-11D5-8D29-0050BA6940E3) - (no file)
O4 - HKLM \ .. \ Run: [Avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Windows Defender]% programfiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [Režģis dienests] "C: \ Program Files \ GridService \ peer.exe"-n Grid
O4 - HKLM \ .. \ Run: [vmware-tray] "C: \ Program Files \ VMware \ VMware Workstation \ vmware-tray.exe"
O4 - HKLM \ .. \ Run: [VMware hqtray] "C: \ Program Files \ VMware \ VMware Workstation \ hqtray.exe"
O4 - HKLM \ .. \ Run: [Symantec PIF AlertEng] "C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8.582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / / M " C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8.582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [UpdReg] C: \ Windows \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [AsioReg] REGSVR32.EXE / S CTASIO.DLL
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM \ .. \ Run: [CtxfiReg] CTXFIREG.EXE
O4 - HKLM \ .. \ Run: [NvSvc] RUNDLL32.EXE C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [InCD] C: \ Program Files \ Ahead \ InCD \ InCD.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Users \ Mark JR \ Program Files \ DNS \ btdna.exe"
O4 - HKCU \ .. \ Run: [igndlm.exe] C: \ Program Files \ Download Manager \ DLM.exe / windowsstart / startifwork
O4 - HKCU \ .. \ Run: [Steam] "C: \ Program Files \ tvaika \ steam.exe"-kluss
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% programfiles% \ Windows sānjoslas \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% programfiles% \ Windows sānjoslas \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
Ø8 - ārpus konteksta menu item: Download Link Izmantojot Mega Manager ... - C: \ Program Files \ Megaupload \ Mega Manager \ mm_file.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: Yahoo! Pakalpojumi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll (file missing)
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ prxernsp.dll
O13 - Gopher Prefix:
Ø16 - DPF: (0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75) (CKAVWebScan Object) -- http://www.kaspersky.com/kos/eng/par...an_unicode.cab
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (48DD0448-9.209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab
Ø16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
Ø16 - DPF: (A4110378-789B-455F-AE86-3A1BFC402853) (ZPA_SHVL Object) -- http://zone.msn.com/bingame/zpagames...l.cab55579.cab
Ø16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220.313.175.592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
Ø16 - DPF: (FFB3A759-98B1-446F-BDA9-909C6EB18CC7) (PCPitstop eksāmens) -- http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Ø20 - Winlogon Paziņot: GoToAssist - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ G2AWinLogon.dll (file missing)
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: Avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: Avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: Avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect dienests (CLTNetCnService) - Unknown īpašnieks - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: Creative dienests CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, sadali Citrix Systems, Inc - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown īpašnieks - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ PIF \ (B8E1DD85-8.582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: MySQL - Unknown īpašnieks - C: \ Program.exe (file missing)
O23 - Service: PnkBstrA - Unknown īpašnieks - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown īpašnieks - D: \ Program Files \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C: \ Program Files \ Common Files \ Steam \ SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown īpašnieks - C: \ Program Files \ VMware \ VMware Workstation \ vmware-ufad.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc - C: \ Windows \ system32 \ vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - Unknown īpašnieks - C: \ Program Files \ Common Files \ VMware \ VMware Virtual Image Editing \ vmount2.exe (file missing)
O23 - Service: VMware NAT serviss - VMware, Inc - C: \ Windows \ system32 \ vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - C: \ WAMP \ bin \ apache \ apache2.2.8 \ bin \ httpd.exe
O23 - Service: wampmysqld - Unknown īpašnieks - C: \ WAMP \ bin \ mysql \ mysql5.0.51a \ bin \ mysqld-nt.exe

--
End of failu - 9.561 bytes

[evilfantasy]

Jums būs jādara abiem pārējiem skenē no ŠEIT un pēc šiem baļķiem. Tad palaist jaunu HJT skenēšanas un pēc žurnālu arī.

[KanoakaVirus]

Prasīt, lai viņš reģistrēties, tas būs vieglāk un skaidrāk?

[madcows7]

UH tur ir kā 10 skeneri kuriem viens viņš izmanto

[evilfantasy]

SUPERAntiSpyware
Malwarebytes "Anti-Malware (MBAM)

[madcows7]

superantispyware didn't man log

[evilfantasy]

Lai ielādētu pārcelšanās informāciju, lūdzu, rīkojieties šādi:

• Pēc reboot, veiciet dubultklikšķi uz SUPERAntiSpyware ikonas uz darbvirsmas.
• Click Preferences. Click Statistika / Logs tab.
• Saskaņā Scanner Baļķi, veiciet dubultklikšķi uz SUPERAntiSpyware Scan Žurnālā.
• Tā tiks atvērta noklusējuma teksta redaktoru (vislabāk Notepad).

[madcows7]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/18/2008 at 07:25

Application Version: 4.0.1154

Core Noteikumi Database Version: 3.441
Trace Noteikumi Database Version: 1433

Scan type: Complete Scan
Kopā Scan Time: 00:27:10

Atmiņas vienības skenēts: 617
Memory draudiem detected: 0
Reģistra vienības skenēts: 5.920
Reģistrs draudiem detected: 0
File preces skenēts: 29.182
File draudiem detected: 0

[evilfantasy]

Malwarebytes "Anti-Malware (MBAM), tad palaist jaunu HijackThis skenēšanas un post, ka žurnālā, kā arī lūdzu.

[madcows7]

ok internetā notiek lēni latly arī tad, ja theres no vīrusiem, kāds būtu, kas izraisa šo ... tikai tad, ja tehre tādu nav