Det var en større omgang, ikke alt du har foreslået er lykkedes!
Jeg vil prøve at gennemgå det fra en ende af:
00 - Jeg kan ikke finde Bearshare i Tilføj/Fjern programmer, jeg kan dog godt finde mappen på C: drevet. Kan jeg bare delete den?
9 - Jeg kan ikke finde hverken "Security Info" eller "View my Active desktop as a web page" eller noget der ligner under Start->Kontrolpanel->Skærm->Skrivebord->Tilpas Skrivebordet->Web
10 - Jeg kunne ikke finde "Automatic removal" på Panda scanneren
Her kommer loggen fra samme:
Incident Status Location
Adware:adware/securityerror Not desinfected C:\Documents and Settings\All Users\Menuen Start\Online Security Center.url
Adware:Adware/Findspy Not desinfected C:\Documents and Settings\Hans\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-1e3e24b3-332ce09d.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Hans\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-12053f31-6aad29d0.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Hans\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-555a097b.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Hans\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-cb66fa7-555a097b.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Renamed C:\Documents and Settings\Hans\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv494.jar-251c7594-6fb1ce35.zip[Matrix.class]
Dialer:Dialer.Gen Not desinfected D:\Documents and Settings\Hans Heinze\Lokale indstillinger\Temporary Internet Files\Content.IE5\QXPIBIL4\hot_denmark[1].exe
Dialer:Dialer.Gen Not desinfected D:\WINDOWS\system32\Hot_Denmark-uninstall.exe
Dialer:Dialer.Gen Not desinfected D:\WINDOWS\system32\VideoAction_dk-uninstall.exe
11 - Her kommer lidt flere logs:
Logfile of HijackThis v1.99.1
Scan saved at 12:38:55, on 05-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\ScanWizard 5\ScannerFinder.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hans\Skrivebord\HTJ\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll (file missing)
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\system32\SoundMan.exe
O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\system32\SetCDfmt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Programmer\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cabO23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
---------------------------------------------------------
ewido security suite - Scanningsrapport
---------------------------------------------------------
+ Oprettet den: 17:38:58, 04-12-2005
+ Rapport-Checksum: 84DC0AAF
+ Scanningsresultat:
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Renset med backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Renset med backup
C:\Documents and Settings\Christina.MIG-7E876D9376F\Cookies\christina@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
C:\Documents and Settings\Christina.MIG-7E876D9376F\Cookies\christina@burstnet[2].txt -> Spyware.Cookie.Burstnet : Renset med backup
C:\Documents and Settings\Hans\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-7fb5dbb4-3cb6f6f0.class -> Trojan.Java.ClassLoader.f : Renset med backup
C:\Documents and Settings\Hans\Cookies\Cookies\hans@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset med backup
C:\Documents and Settings\Hans\Cookies\hans@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Renset med backup
C:\Documents and Settings\Hans\Cookies\hans@com[2].txt -> Spyware.Cookie.Com : Renset med backup
C:\Documents and Settings\Hans\Lokale indstillinger\Temporary Internet Files\Content.IE5\C1UFS9QB\mm[2].js -> Spyware.Chitika : Renset med backup
C:\Programmer\Programmer\Programmer\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Renset med backup
D:\Documents and Settings\Christina\Cookies\christina@commissionpartner[1].txt -> Spyware.Cookie.Commissionpartner : Renset med backup
D:\Documents and Settings\Christina\Cookies\christina@com[1].txt -> Spyware.Cookie.Com : Renset med backup
D:\Documents and Settings\Christina\Lokale indstillinger\Temp\p2psetup.exe -> Spyware.P2PNetworking : Renset med backup
D:\Documents and Settings\Hans Heinze\Cookies\hans heinze@com[2].txt -> Spyware.Cookie.Com : Renset med backup
D:\Documents and Settings\Hans Heinze\Cookies\hans heinze@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
D:\Documents and Settings\Hans Heinze\Cookies\hans heinze@download.com[1].txt -> Spyware.Cookie.Com : Renset med backup
D:\Documents and Settings\Hans Heinze\Cookies\hans heinze@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Renset med backup
D:\Documents and Settings\Hans Heinze\Cookies\hans heinze@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Renset med backup
D:\Programmer\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Renset med backup
E:\Hans\Cookies\hans@atdmt[1].txt -> Spyware.Cookie.Atdmt : Renset med backup
E:\Hans\Cookies\hans@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset med backup
E:\Programmer\Programmer\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Renset med backup
E:\RECYCLER\S-1-5-21-1177238915-688789844-1957994488-1003\Df3\hans@atdmt[1].txt -> Spyware.Cookie.Atdmt : Renset med backup
E:\RECYCLER\S-1-5-21-1177238915-688789844-1957994488-1003\Df3\hans@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset med backup
E:\RECYCLER\S-1-5-21-1177238915-688789844-1957994488-1003\Df4\hans@atdmt[1].txt -> Spyware.Cookie.Atdmt : Renset med backup
E:\RECYCLER\S-1-5-21-1177238915-688789844-1957994488-1003\Df4\hans@cz3.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset med backup
F:\back up 18-12-04\Programmer\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Renset med backup
::Rapport slut
smitRem © log file
version 2.7
by noahdfear
Microsoft Windows XP [version 5.1.2600]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
msvol.tlb
ld****.tmp
ncompat.tlb
logfiles
~~~ Icons in System32 ~~~
ts.ico
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
SpyAxeFix © by noahdfear
Microsoft Windows XP [version 5.1.2600]
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1544 'explorer.exe'
Killing PID 1544 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
svchosts.dll present
1024 directory present
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
Da dette foregår hos min nabo, kan responstiderne fra mig være lidt lange, sorry.
