[madcows7]

vel dette siste måned vennene mine datamaskinen fikk extremly langsom og buggy på mange måter, og vi tror det et virus heres min kapre logge andre hjelpe ville være verdsatt takk

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 4:00:42 PM, on 4/17/2008
Plattform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Kjører prosesser:
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Programfiler \ Fellesfiler \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
C: \ Windows \ System32 \ CtHelper.exe
C: \ Windows \ System32 \ CTXFIHLP.EXE
C: \ Windows \ System32 \ rundll32.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe
C: \ Windows \ System32 \ CTxfispi.exe
C: \ Users \ Mark JR \ Programfiler \ DNA \ btdna.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ wbem \ Unsecapp.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
c: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = ca: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts: 72.233.61.2 L2authd.lineage2.com
O1 - Hosts: 72.233.61.2 L2testauthd.lineage2.com
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: RealPlayer Download og Record Plugin for Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Programfiler \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll (fil mangler)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programfiler \ Fellesfiler \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - (bf00e119-21a3-4fd1-b178-3b8537e75c92) - C: \ Programfiler \ Megaupload \ Mega Manager \ MegaIEMn.dll
O3 - Toolbar: (no name) - (E0E899AB-F487-11D5-8D29-0050BA6940E3) - (no file)
O4 - HKLM \ .. \ Run: [avast!] C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [Rutenett Service] "C: \ Programfiler \ GridService \ peer.exe"-n Rutenett
O4 - HKLM \ .. \ Run: [VMware-skuffen] "C: \ Programfiler \ VMware \ VMware Workstation \ VMware-tray.exe"
O4 - HKLM \ .. \ Run: [VMware hqtray] "C: \ Programfiler \ VMware \ VMware Workstation \ hqtray.exe"
O4 - HKLM \ .. \ Run: [Symantec pif AlertEng] "C: \ Programfiler \ Fellesfiler \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Programfiler \ Fellesfiler \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [UpdReg] C: \ Windows \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [AsioReg] Regsvr32.exe / S CTASIO.DLL
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM \ .. \ Run: [CtxfiReg] CTXFIREG.EXE
O4 - HKLM \ .. \ Run: [NvSvc] rundll32.exe C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Programfiler \ Fellesfiler \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [InCD] C: \ Programfiler \ Ahead \ InCD \ InCD.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Users \ Mark JR \ Programfiler \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [igndlm.exe] C: \ Programfiler \ Download Manager \ DLM.exe / windowsstart / startifwork
O4 - HKCU \ .. \ Run: [Steam] "c: \ programfiler \ steam \ steam.exe"-silent
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O8 - Extra sammenheng menyelement: Download Link Bruke Mega Manager ... - C: \ Programfiler \ Megaupload \ Mega Manager \ mm_file.htm
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra "Verktøy" MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programfiler \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra knappen: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Programfiler \ Yahoo! \ Common \ yiesrvc.dll (fil mangler)
O10 - Unknown fil i Winsock LSP: c: \ windows \ system32 \ prxernsp.dll
O13 - Gopher Prefix:
O16 - DPF: (0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75) (CKAVWebScan Object) -- http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programfiler \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: (A4110378-789B-455F-AE86-3A1BFC402853) (ZPA_SHVL Object) -- http://zone.msn.com/bingame/zpagames...l.cab55579.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (FFB3A759-98B1-446F-BDA9-909C6EB18CC7) (PCPitstop eksamen) -- http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: GoToAssist - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ G2AWinLogon.dll (fil mangler)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programfiler \ Fellesfiler \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, en divisjon av Citrix Systems, Inc. - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Programfiler \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - c: \ progra ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C: \ Programfiler \ Fellesfiler \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: MySQL - Unknown owner - C: \ Program.exe (fil mangler)
O23 - Service: PnkBstrA - Unknown owner - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C: \ Programfiler \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe (fil mangler)
O23 - Service: Steam Client Service - Ventilverksted Corporation - C: \ Programfiler \ Fellesfiler \ Steam \ SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown owner - C: \ Programfiler \ VMware \ VMware Workstation \ VMware-ufad.exe (fil mangler)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C: \ Windows \ system32 \ vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - Unknown owner - C: \ Programfiler \ Fellesfiler \ VMware \ VMware Virtual Image Editing \ vmount2.exe (fil mangler)
O23 - Service: VMware NAT Service - VMware, Inc. - C: \ Windows \ system32 \ vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - c: \ wamp \ bin \ apache \ apache2.2.8 \ bin \ httpd.exe
O23 - Service: wampmysqld - Unknown owner - c: \ wamp \ bin \ mysql \ mysql5.0.51a \ bin \ mysqld-nt.exe

--
End of file - 9561 bytes

[evilfantasy]

Du må gjøre to andre skanner fra HER og legge disse loggene. Deretter kjører du en ny HJT scan og post loggen også.

[KanoakaVirus]

Spør ham om å registrere deg, vil gjøre det enklere og klarere?

[madcows7]

uh er det gjerne 10 scannere som en får han bruke

[evilfantasy]

SUPERAntiSpyware
Malwarebytes' Anti-Malware (MBAM)

[madcows7]

superantispyware didnt gi meg en logg

[evilfantasy]

Å hente fjerningen informasjon, vennligst gjør følgende:

• Etter omstart, dobbeltklikker SUPERAntiSpyware ikon på skrivebordet.
• Klikk Preferanser. Klikk Statistikk / Logs tab.
• Under Scanner Logger, dobbeltklikk SUPERAntiSpyware Scan Logg.
• Det åpnes i standard tekstredigeringsprogram (fortrinnsvis Notisblokk).

[madcows7]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/18/2008 at 07:25

Application Version: 4.0.1154

Core Rules Database Version: 3441
Trace Rules Database Version: 1433

Scan type: Complete Scan
Total Scan Time: 00:27:10

Minne eks skannet: 617
Minne trusler oppdages: 0
Registerelementene skannet: 5920
Registerverdi trusler oppdages: 0
Fil eks skannet: 29182
Fil trusler oppdages: 0

[evilfantasy]

Malwarebytes' Anti-Malware (MBAM) og deretter kjøre en ny Hijackthis skanne og legge loggen så vel, takk.

[madcows7]

ok internett går tregt latly også om Theres no virus hva ville være årsaken til ... bare hvis tehre er ingen