Tvungen avsluttning, virus?

[Cerb89]

Heisann

 

Denne meldigen kommer av og til:

 

 

Virus? noen som vet hvordan jeg kan bli kvitt dette?

 

Takker for hjelp på forhånd

 

EDIT# Bruker AVG free edtion anti virus vet ikke om det er noe super bra løsnign men, bruekr også sygate personal firewall. (hvis det har no med saken å gjøre..)

Endret 2. mai 2006 av johnny Bravo

[HuXLo]

hei,hmm ser jo nesten ut som gode gammle blast ormen. du kan jo prøve og update windwos versjon din, så kan du teste og kjøre stinger, det er et bra og lite virus program som sletter ormer.

[Cerb89]

Tror det jeg også, håper denne tar knekken på den http://www.symantec.com/avcenter/venc/data...moval.tool.html¨

 

 

Den sa at den ikke fant blaster på min maskin =/

 

W32.Blaster.Worm has not been found on your computer.

Endret 2. mai 2006 av johnny Bravo

[Cerb89]

Om dette kan hjelpe noe vet jeg ikke men bare slenger med dette screensotte av oppgavebehnaldigen og HijackThis log, om det kan gi no mere forsåelse for hva som kan være galt.

 

 

HijackThis log:

 

Logfile of HijackThis v1.99.1

Scan saved at 16:44:53, on 03.05.2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

C:\Programfiler\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

C:\WINDOWS\System32\PRISMSVR.EXE

C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe

C:\Programfiler\MessengerPlus! 3\MsgPlus.exe

C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe

C:\WINDOWS\MXOALDR.EXE

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Security Administrator\newadmin.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\BitComet\BitComet.exe

C:\Programfiler\Microsoft AntiSpyware\gcasDtServ.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Petter\Skrivebord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rpqobqrmcksv.com/pTbHHyd9PR0zfl...A1FrS7aEvJ.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {A70E18F6-9F55-86AE-3077-9401561F9309} - C:\DOCUME~1\Petter\PROGRA~1\ARMYMF~1\this title.exe (file missing)

O2 - BHO: (no name) - {FCCDED50-028B-82F6-664E-8FE792CA0BC5} - C:\DOCUME~1\Petter\PROGRA~1\ARMYMF~1\Extra Beep.exe (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\System32\PRISMSVR.EXE" /APPLY

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DELUXECC] C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [00saskda] "C:\Programfiler\Security Administrator\newadmin.exe" saskda

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [Dent About Stop Hide] C:\Documents and Settings\All Users\Programdata\idol 16 dent about\Web bend.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Programfiler\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [1 great] C:\DOCUME~1\Petter\PROGRA~1\PROCPL~1\Ford Bind Slow.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.ex" -silent

O4 - Startup: Adobe Gamma.lnk.disabled

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk.disabled

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk.disabled

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTSERV.EXE (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\NCS\Sync\NetSvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe

O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

 

 

Endret 3. mai 2006 av johnny Bravo

[berxter]

Tja, blant annet lop.com er her med et par tilfeller. Du installerte visst MessengerPlus med sponsor, og da får du denne dritten. Du får prøve regla hos

 

http://www.wilderssecurity.com/showthread.php?t=50662

 

Noen påstår at du kan fjerne lop ved å gå til nettsida deres og lete etter et avinstallasjonsprogram, se her

Du får fikse 02-BHO (file missing) med HJT, og alle 06tilfellene også.

 

Noe sier meg at jeg har sett denne/liknende logg før fra deg??

EDIT: Ah, der var den, ja.

Jaja, du får tatt svineriet nå da, håper jeg.

 

Bernt K

Endret 3. mai 2006 av berxter

[Cerb89]

takk for den guiden din

 

Skal teste den ut, da kan vi se om det har blitt no bedere.