[madcows7]

och denna senaste månaden mina vänner dator har extremt långsam och buggig på många sätt och vi tror att ett virus Heres min hijack logg annan hjälp skulle uppskattas tack

Loggfil av Trend Micro HijackThis v2.0.2
Scan sparas på 4:00:42 PM om 4/17/2008
Plattform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Kör processer:
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.EXE
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Common Files \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
C: \ Windows \ System32 \ CtHelper.exe
C: \ Windows \ System32 \ CTXFIHLP.EXE
C: \ Windows \ System32 \ rundll32.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Windows \ System32 \ CTxfispi.exe
C: \ Users \ Mark JR \ Program \ DNA \ btdna.exe
C: \ Program \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ wbem \ unsecapp.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
c: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = cirka: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokala
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts: 72.233.61.2 L2authd.lineage2.com
O1 - Hosts: 72.233.61.2 L2testauthd.lineage2.com
O2 - BHO: (inget namn) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: RealPlayer Download och Titelinformation Plugin för Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program \ Yahoo! \ Common \ yiesrvc.dll (fil saknas)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (inget namn) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program \ Delade filer \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - (bf00e119-21a3-4fd1-b178-3b8537e75c92) - C: \ Program Files \ MEGAUPLOAD \ Mega Manager \ MegaIEMn.dll
O3 - Toolbar: (inget namn) - (E0E899AB-F487-11D5-8D29-0050BA6940E3) - (no file)
O4 - HKLM \ .. \ Run: [avast!] C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Windows Defender]% program% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [Grid Service] "C: \ Program \ GridService \ peer.exe"-n Grid
O4 - HKLM \ .. \ Run: [VMware-fack] "C: \ Program Files \ VMware \ VMware Workstation \ VMware-tray.exe"
O4 - HKLM \ .. \ Run: [VMware hqtray] "C: \ Program Files \ VMware \ VMware Workstation \ hqtray.exe"
O4 - HKLM \ .. \ Run: [Symantec pif AlertEng] "C: \ Program Files \ Common Files \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe" / a / m " C: \ Program Files \ Common Files \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ AlertEng.dll "
O4 - HKLM \ .. \ Run: [UpdReg] C: \ Windows \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [AsioReg] regsvr32.exe / S CTASIO.DLL
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM \ .. \ Run: [CtxfiReg] CTXFIREG.EXE
O4 - HKLM \ .. \ Run: [NvSvc] rundll32.exe C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [NeroCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [InCD] C: \ Program Files \ Ahead \ InCD \ InCD.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Users \ Mark JR \ Program \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [igndlm.exe] C: \ Program Files \ Download Manager \ DLM.exe / windowsstart / startifwork
O4 - HKCU \ .. \ Run: [Steam] "c: \ program \ steam \ steam.exe"-silent
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% program% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% program% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O8 - Extra sammanhang menyobjektet: Download Link Med Mega Manager ... - C: \ Program Files \ MEGAUPLOAD \ Mega Manager \ mm_file.htm
Ø9 - Extra button: (inget namn) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program \ Yahoo! \ Common \ yiesrvc.dll (fil saknas)
O10 - Unknown file i Winsock LSP: c: \ windows \ system32 \ prxernsp.dll
O13 - Gopher Prefix:
O16 - DPF: (0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75) (CKAVWebScan Object) -- http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (48DD0448-9209-4F81-9F6D-D83562940134) (MySpace Uploader Control) -- http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: (69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A) (GameLauncher Control) -- http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: (A4110378-789B-455F-AE86-3A1BFC402853) (ZPA_SHVL Object) -- http://zone.msn.com/bingame/zpagames...l.cab55579.cab
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (FFB3A759-98B1-446F-BDA9-909C6EB18CC7) (PCPitstop Exam) -- http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: GoToAssist - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ G2AWinLogon.dll (fil saknas)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc. - C: \ Program \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown ägaren - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (fil saknas)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, en division inom Citrix Systems, Inc. - C: \ Program Files \ Citrix \ GoToAssist \ 480 \ g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ progra ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown ägaren - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe (fil saknas)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ pif \ (B8E1DD85-8582-4c61-B58F-2F227FCA9A08) \ PIFSvc.exe
O23 - Service: MySQL - Unknown ägaren - C: \ Program.exe (fil saknas)
O23 - Service: PnkBstrA - Unknown ägaren - C: \ Windows \ system32 \ PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown ägaren - C: \ Program Files \ Alcohol Soft \ Alcohol 120 \ StarWind \ StarWindServiceAE.exe (fil saknas)
O23 - Service: Steam Client Service - Valve Corporation - C: \ Program Files \ Common Files \ Steam \ SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - Unknown ägaren - C: \ Program Files \ VMware \ VMware Workstation \ VMware-ufad.exe (fil saknas)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C: \ Windows \ system32 \ vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - Unknown ägaren - C: \ Program Files \ Common Files \ VMware \ VMware Virtual Image Editing \ vmount2.exe (fil saknas)
O23 - Service: VMware NAT Service - VMware, Inc. - C: \ Windows \ system32 \ vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - c: \ wamp \ bin \ apache \ apache2.2.8 \ bin \ httpd.exe
O23 - Service: wampmysqld - okänd ägare - c: \ wamp \ bin \ mysql \ mysql5.0.51a \ bin \ mysqld-nt.exe

--
End of file - 9561 bytes

[evilfantasy]

Du kommer att behöva göra de andra två scans från HÄR och efter dessa loggar. Kör sedan en ny HJT scan och posta loggen också.

[KanoakaVirus]

Be honom att registrera sig, skulle göra det enklare och tydligare?

[madcows7]

eh det är som 10 skannrar som en tänker han använda

[evilfantasy]

SUPERAntiSpyware
Malwarebytes' Anti-Malware (MBAM)

[madcows7]

SUPERAntiSpyware didnt ge mig en logg

[evilfantasy]

För att hämta avlägsnande information gör du följande:

• Efter omstart, dubbelklicka på SUPERAntiSpyware ikon på skrivbordet.
• Klicka Inställningar. Klicka på Statistik / Logs tab.
• Enligt Scanner Logs Dubbelklicka på SUPERAntiSpyware Scan Logg.
• Den kommer att öppnas i din förvalda textredigeraren (helst Notepad).

[madcows7]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/18/2008 vid 07:25

Application Version: 4.0.1154

Core Rules Database Version: 3441
Trace Rules Database Version: 1433

Scan type: Complete Scan
Total Scan Time: 00:27:10

Memory ex skannade: 617
Memory hot upptäcks: 0
Registreringsenheten ex skannade: 5920
Registreringsenheten hot upptäcks: 0
Arkiv ex skannade: 29182
Arkiv hot upptäcks: 0

[evilfantasy]

Malwarebytes' Anti-Malware (MBAM) och sedan köra en ny HijackThis skanna och skicka som log och snälla.

[madcows7]

ok internet går långsamt latly också om Theres no virus vad som skulle orsaka det här ... endast om tehre saknas