Virus-problemer
HejJeg har desværre fået noget virus/spyware på min PC.
Jeg har prøvet med Ad-Aware, AVG Anti-Spyware 7.5, Norton Antivirus 2007, Housecall, Xmicro og XoftSpySE.
Den sidste fandt flere cookies. En af mange var WinAntivirus Cookie. Den har jeg slettet flere gange, men kommer hele tiden igen.
Jeg har samlet dette billede. En af mine virusser/spyware er ErrorSafe.
Link 1: http://img407.imageshack.us/img407/2756/62295650wh7.jpg
1: Den kommer nok som følge af ErrorSafe.
2: Jeg tror denne (Downloader.MisleadApp) er fejlen til det hele. Norton fortæller mig hele tiden,
at denne forsøger at bryde ind i systemet. Af den grund kan jeg heller ikke aktivere Ultimate defender/fixer/cleaner i Personal Security Center (billedet i link 2).
3: Det billed kommer på alle Internetsider. Nok pga. ErrorSafe.
4: Det sidste kommer også, når jeg åbner Internet Explorer. Klikker jeg luk, så lukker den alle vinduer ned.
Link 2: http://img407.imageshack.us/img407/6840/51434927hg0.jpg
Her er Personal Security Center. Jeg kan ikke aktivere dem pga. Downloader.MisleadApp
Eksempelvis kan jeg heller ikke gå ind på siden www.frip.dk - den siger "Not enough storage is available to complete this operation."
Hvad kan jeg gøre ved det? Har fået at vide, at jeg skal formatere, men man må kunne fjerne den virus.
Her er logfil fra HiJackThis.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:26:36, on 29-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\X-Micro\Bluetooth-software\bin\btwdins.exe
D:\Programmer\KSE\nHancer 32bit\nHancerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Programmer\SecCenter\scprot4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
D:\Programmer\X-Micro\Bluetooth-software\BTTray.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
D:\Programmer\Mirc\mirc.exe
C:\Programmer\MSN Messenger\usnsvc.exe
D:\Programmer\Adobe\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\SecCenter\scprot4.exe
D:\Downloads\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sol.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Programmer\Kjmkkwap\bxqlmdsy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5621007F-BBEE-4674-8077-94C3591DE7C3} - C:\WINDOWS\system32\nnnnlig.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B3FB97CE-E687-4771-AACB-985AE82BF295} - C:\WINDOWS\system32\geedd.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ssaqqnqi.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmer\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gzupoved] rundll32.exe "C:\Programmer\gzupoved\wvkredcl.dll",Init
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\owrepueq.dll",forkonce
O4 - HKLM\..\Run: [gbefczkx] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gbefczkx.dll"
O4 - HKLM\..\Run: [SC2] C:\Programmer\SecCenter\scprot4.exe
O4 - HKLM\..\RunServices: [Microsoft] uzjswsu.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - D:\Programmer\X-Micro\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Subscribe in NewzCrawler - file://D:\Programmer\Newzcrawler\NewzCrawler\context.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - D:\Programmer\Newzcrawler\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - D:\Programmer\Newzcrawler\NewzCrawler\News.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmer\X-Micro\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmer\X-Micro\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll
O20 - Winlogon Notify: nnnnlig - C:\WINDOWS\SYSTEM32\nnnnlig.dll
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - D:\Programmer\X-Micro\Bluetooth-software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - D:\Programmer\KSE\nHancer 32bit\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8596 bytes
