Ewido gav følgende log:
---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------
+ Oprettet den: 23:39:56, 18-03-2006
+ Rapport-Checksum: 9824D20E
+ Scanningsresultat:
C:\Documents and Settings\j\Cookies\j@2o7[2].txt -> TrackingCookie.2o7 : Renset med backup
C:\Documents and Settings\j\Cookies\j@adtech[1].txt -> TrackingCookie.Adtech : Renset med backup
C:\Documents and Settings\j\Cookies\j@advertising[1].txt -> TrackingCookie.Advertising : Renset med backup
C:\Documents and Settings\j\Cookies\j@atdmt[2].txt -> TrackingCookie.Atdmt : Renset med backup
C:\Documents and Settings\j\Cookies\j@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Renset med backup
C:\Documents and Settings\j\Cookies\j@com[1].txt -> TrackingCookie.Com : Renset med backup
C:\Documents and Settings\j\Cookies\j@doubleclick[2].txt -> TrackingCookie.Doubleclick : Renset med backup
C:\Documents and Settings\j\Cookies\j@mediaplex[1].txt -> TrackingCookie.Mediaplex : Renset med backup
C:\Documents and Settings\j\Cookies\j@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
C:\Documents and Settings\j\Cookies\j@questionmarket[1].txt -> TrackingCookie.Questionmarket : Renset med backup
C:\Documents and Settings\j\Cookies\j@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Renset med backup
C:\Documents and Settings\j\Cookies\j@serving-sys[2].txt -> TrackingCookie.Serving-sys : Renset med backup
C:\Documents and Settings\j\Cookies\j@stat.onestat[2].txt -> TrackingCookie.Onestat : Renset med backup
C:\Documents and Settings\j\Cookies\j@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Renset med backup
C:\Documents and Settings\j\Cookies\j@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Renset med backup
C:\WINDOWS\system32\host.exe -> Backdoor.Agobot.afk : Renset med backup
::Rapport slut
Hijackhits gav følgende log:
Logfile of HijackThis v1.99.1
Scan saved at 23:44:34, on 18-03-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programmer\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\ATKKBService.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\j\Lokale indstillinger\Temporary Internet Files\Content.IE5\2NMBML2V\hijackthis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Programmer\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by116fd.bay116.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
Håber at det giver mening......