Vraag & Antwoord

Beveiliging & privacy

hijackthis log wie kan ff checken?

12 antwoorden
  • hallo dit is een hijackthis log van een vervuild beestje van famile wie kan er naar kijken Logfile of HijackThis v1.99.1 Scan saved at 23:47:32, on 10-8-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\xpjava.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\System32\PackethSvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\powerman.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\PRISMSTA.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\SurfAccuracy\SAcc.exe C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\jan rein oostenveld\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\System32\powerman.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [afbVHR6] C:\WINDOWS\uwnxs.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\RunServices: [Regmgr] scvhost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmep.exe O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Regmgr] scvhost.exe O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - HKCU\..\RunServices: [Regmgr] scvhost.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/013f4116546d849a9c06/netzip/RdxIE601.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Plaats HijackThis in een eigen map in plaats van op je bureaublad. Dit in verband met de backups die HijackThis maakt, die kunnen daar gemakkelijk zoekraken. Probeer deze via Configuratiescherm -- Software te deïnstalleren: [b:2d6dc7afbe]SurfAccuracy[/b:2d6dc7afbe] Download en installeer [url=http://www.ccleaner.com/]CCleaner[/url]. Gebruik het programma nog niet. Zorg ervoor dat alle verborgen bestanden en mappen weergegeven worden.[url=http://users.telenet.be/marcvn/spyware/1117602.htm] Hoe verborgen bestanden en mappen weergeven.[/url]. Start HijackThis. Kies daarna voor "Open the Misc Tools section" --> Druk op de knop "Generate StartupList log" Post de inhoud van deze log in je volgende bericht. Open een klablokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. [code:1:2d6dc7afbe]sc stop msdirectx pauze sc delete msdirectx [/code:1:2d6dc7afbe]Dubbelklik op del.bat. Start de computer in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Start Hijackthis. Ga naar Config - Misc Tools. Kies de Processmanager en beëindig dit proces: [b:2d6dc7afbe]xpjava.exe[/b:2d6dc7afbe] Run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:2d6dc7afbe]F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe O4 - HKLM\..\Run: [afbVHR6] C:\WINDOWS\uwnxs.exe O4 - HKLM\..\RunServices: [Regmgr] scvhost.exe O4 - HKLM\..\RunServices: [Microsoft Windows Update] scvvhost.exe O4 - HKLM\..\RunServices: [Microsofts MediaScope] winmep.exe O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe O4 - HKCU\..\Run: [Regmgr] scvhost.exe O4 - HKCU\..\RunServices: [Regmgr] scvhost.exe O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)[/b:2d6dc7afbe] Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af. Zoek via Windows verkenner naar de volgende mappen en bestanden en verwijder deze(indien deze nog aanwezig zijn) [b:2d6dc7afbe]C:\Program Files\SurfAccuracy c:\documents and settings\jan rein oostenveld\msdirectx.sys C:\WINDOWS\System32\msdirectx.sys C:\WINDOWS\uwnxs.exe winmep.exe wdrk32.exe scvvhost.exe[/b:2d6dc7afbe] en [b:2d6dc7afbe]scvhost.exe[/b:2d6dc7afbe] [color=red:2d6dc7afbe]Let op verwijder niet [b:2d6dc7afbe]C:\WINDOWS\system32\svchost.exe[/b:2d6dc7afbe] Deze hoort namelijk bij Windows.[/color:2d6dc7afbe] [b:2d6dc7afbe]Het gebruik van Ccleaner:[/b:2d6dc7afbe] Ccleaner verwijderd ook cookies. Cookies zijn meestal gewoon nutteloos, soms zelfs kwaadaardig, maar er zijn er ook enkele die nodig zijn voor het inloggen op bepaalde websites. Ccleaner biedt je de mogelijkheid om in te stellen welke cookies je behouden wilt. Kijk hiervoor bij "Opties"en dan Cookies, selecteer de cookies die je behouden wilt en plaats die in de "Te behouden cookies" ruimte. Klik daarna op de knop "Opschonen". Herstel daarna je webinstellingen: Ga naar Configuratiescherm --> Internetopties --> tabblad Programma's. Klik op de "Webinstellingen herstellen". Start de PC in normale modus. Start HijackThis opnieuw, maak een nieuwe log en post deze. vr.gr.smeenk :wink:
  • StartupList report, 11-8-2005, 21:56:35 StartupList version: 1.52.2 Started from : C:\Documents and Settings\jan rein oostenveld\Bureaublad\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\PackethSvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\xpjava.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\WINDOWS\System32\powerman.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\PRISMSTA.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Documents and Settings\jan rein oostenveld\Bureaublad\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten] WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = userinit.exe,xpjava.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install SoundMan = SOUNDMAN.EXE SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe HotkeyApp = C:\Program Files\Launch Manager\HotkeyApp.exe LMgrOSD = C:\Program Files\Launch Manager\OSD.exe Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Regmgr = scvhost.exe Microsoft Windows Update = scvvhost.exe Microsofts MediaScope = winmep.exe Win32 DRK Driver = wdrk32.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Wanadoo Menu = C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background Regmgr = scvhost.exe SpySweeper = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices Regmgr = scvhost.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\ssmypics.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Mijn computer scannen.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab [{56336BCB-3D8A-11D6-A00B-0050DA18DE71}] CODEBASE = http://software-dl.real.com/013f4116546d849a9c06/netzip/RdxIE601.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37984.3308333333 [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\Program Files\Grisoft\AVG Free\avgupd.dll.DEL||C:\Program Files\Grisoft\AVG Free\avglog.dll.DEL||C:\Program Files\Grisoft\AVG Free\avgcfg.dll.DEL||C:\Program Files\Grisoft\AVG Free\avgcore.dll.DEL||C:\Program Files\Grisoft\AVG Free\avgctrl.dll.DEL||C:\Program Files\Grisoft\AVG Free\avgklib.dll.DEL||C:\Program Files\Grisoft\AVG Free\avgres.dll.DEL||C:\Program Files\Grisoft\AVG Free\avgset.dll.DEL||C:\Program Files\Grisoft\AVG Free\avgtmgr.dll.DEL||C:\Program Files\Grisoft\AVG Free\avgupsvc.exe.DEL||C:\Program Files\Grisoft\AVG Free\avgw.exe.DEL -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 7.457 bytes Report generated in 0,094 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
  • Logfile of HijackThis v1.99.1 Scan saved at 22:38:25, on 11-8-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\PackethSvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\WINDOWS\System32\powerman.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\PRISMSTA.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\jan rein oostenveld\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\System32\powerman.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/013f4116546d849a9c06/netzip/RdxIE601.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Je HijackThis log is schoon :D Heb je alle bestanden kunnen vinden? Zoek dit bestand nog eens op met je verkenner en verwijder deze(indien nog aanwezig) [b:7f902c4d5e]C:\WINDOWS\System32\xpjava.exe[/b:7f902c4d5e] Doe daarna eens een onlinescan met [url=http://www.pandasoftware.com/activescan/]Panda[/url] en plaats het logje van Panda in je volgende bericht vr.gr.smeenk :wink:
  • hallo ik kon hem niet meer vinden daarna nog ff ccleaner gedaan alles weg kon ook niet alles vinden er was al een hoop weg na de eerste aktie :D mijn schoonvader zal blij zijn :P eerst volgende keer dat ik boven ben (op zolder )zal ik ff panda online doen alvast bedankt :wink:
  • Graag gedaan hoor :D Het kan wel kloppen dat je niet alles kon vinden, een aantal zaken leken me in het eerste log al niet meer actief en een aantal zaken zijn door het uitvoeren van de stappen in de fix al verwijderd. Als je die onlinescan gedaan hebt post dan het log van Panda hier maar, soms moeten er aan de hand van dat log nog acties ondernomen worden. Hoe draait deze PC inmiddels, zijn er geen problemen meer? Groeten smeenk :wink:
  • je kan nu al merken dat hij sneller is zeker online en geeft geen meldingen meer die andere pc van vorige week lijkt ook goed hoewel ik gisteren tog ff schrok ik keek in ccleaner bij reparatie uitvoeren en daar stond winstyle32.dll tussen om te herstellen :-?
  • Je bedoelt de optie "Fouten" van Ccleaner, werd het bestand verwijderd of enkele onnodige registersleutels i.v.m. het ontbreken van het bestand winstyle32.dll? Als het 2e het geval was dan is er denk ik niets aan de hand :wink: Groeten smeenk
  • Incident Status Location Hacktool:hacktool/rootkit.a No disinfected C:\WINDOWS\SYSTEM32\rdriv.sys Spyware:spyware/lowzones No disinfected C:\WINDOWS\update-sp2.html Spyware:spyware/searchcentrix No disinfected Windows Registry Virus:Trj/Downloader.DSJ Disinfected C:\WINDOWS\a776a8.js Virus:Bck/Sdbot.EKP Disinfected C:\WINDOWS\Edit.exe Adware:Adware/MediaTickets No disinfected C:\WINDOWS\r.bat Adware:Adware/MediaTickets No disinfected C:\WINDOWS\symantec-scan.html Adware:Adware/MediaTickets No disinfected C:\WINDOWS\symantec.css Adware:Adware/MediaTickets No disinfected C:\WINDOWS\symantec.html Virus:Trj/Zapchast.D Disinfected C:\WINDOWS\system32\c.bat Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\i Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\o Hacktool:Hacktool/Rootkit.L No disinfected C:\WINDOWS\system32\rdriv.sys Virus:W32/Gaobot.FNS.worm Disinfected C:\WINDOWS\system32\winsys32c.exe Virus:W32/Sdbot.ECF.worm Disinfected C:\WINDOWS\system32\xpjava.exe Adware:Adware/MediaTickets No disinfected C:\WINDOWS\update-sp2.html Adware:Adware/MediaTickets No disinfected C:\WINDOWS\update-sp3.html Adware:Adware/MediaTickets No disinfected C:\WINDOWS\update-sp5.html
  • Hallo lightsomedog, Hier nog wat informatie :wink:[quote:d0dc4ccba4="ik"]soms moeten er aan de hand van dat log nog acties ondernomen worden.[/quote:d0dc4ccba4]Zo als je ziet zijn er ondanks het schone log toch nog een aantal trojans, virussen, adware en spyware op je systeem aangetroffen. Deze konden helaas niet allemaal verwijderd worden. Open een klablokbestand. Kopieer onderstaande code in dit kladblokbestand. Ga naar Bestand - Opslaan als. Bij "Opslaan in" kies je: Bureaublad Bij "Bestandsnaam" zet je: del.bat Bij "Opslaan als type" selecteer je: Alle bestanden (*.*). Klik op de knop Opslaan. [code:1:d0dc4ccba4]sc stop rdriv pauze sc delete rdriv [/code:1:d0dc4ccba4]Dubbelklik op del.bat. De volgende bestanden zijn dus nog op je systeem aanwezig en kunnen dus verwijderd worden(doe dit maar in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url] en zorg dat [url=http://users.telenet.be/marcvn/spyware/1117602.htm]verborgen mappen en bestanden weergegeven worden[/url]) [b:d0dc4ccba4]C:\WINDOWS\update-sp2.html C:\WINDOWS\system32\rdriv.sys C:\WINDOWS\a776a8.js C:\WINDOWS\r.bat C:\WINDOWS\symantec-scan.html C:\WINDOWS\symantec.css C:\WINDOWS\symantec.html C:\WINDOWS\update-sp2.html C:\WINDOWS\update-sp3.html C:\WINDOWS\update-sp5.html[/b:d0dc4ccba4] Start na afloop Ccleaner nog maar een keer en klik op de knop "Opschonen". En deze bleek dus nog wel aanwezig: [b:d0dc4ccba4]Virus:W32/Sdbot.ECF.worm Disinfected C:\WINDOWS\system32\xpjava.exe[/b:d0dc4ccba4] En is dus door Panda al verwijderd :D Daarna nog even windows.update doen[quote:d0dc4ccba4]Platform: Windows XP SP1 (WinNT 5.01.2600)[/quote:d0dc4ccba4]Want deze is niet helemaal bij de tijd. Groeten smeenk :wink:
  • ben weer thuis nu nog ff de pc af maken hier een hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 19:16:42, on 25-8-2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\Wbutton.exe C:\WINDOWS\System32\powerman.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\PRISMSTA.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\PackethSvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\jan rein oostenveld\Bureaublad\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\System32\powerman.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Wanadoo Menu] C:\Program Files\Wanadoo\NL\Mnu\IGOMNU.EXE /S:T O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0 O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/013f4116546d849a9c06/netzip/RdxIE601.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe panda log Incident Status Location Hacktool:hacktool/rootkit.a No disinfected C:\WINDOWS\SYSTEM32\rdriv.sys Spyware:spyware/lowzones No disinfected C:\WINDOWS\update-sp2.html Spyware:spyware/searchcentrix No disinfected Windows Registry Virus:Trj/Downloader.DSJ Disinfected C:\WINDOWS\a776a8.js Virus:Bck/Sdbot.EKP Disinfected C:\WINDOWS\Edit.exe Adware:Adware/MediaTickets No disinfected C:\WINDOWS\r.bat Adware:Adware/MediaTickets No disinfected C:\WINDOWS\symantec-scan.html Adware:Adware/MediaTickets No disinfected C:\WINDOWS\symantec.css Adware:Adware/MediaTickets No disinfected C:\WINDOWS\symantec.html Virus:Trj/Zapchast.D Disinfected C:\WINDOWS\system32\c.bat Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\i Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\o Hacktool:Hacktool/Rootkit.L No disinfected C:\WINDOWS\system32\rdriv.sys Virus:W32/Gaobot.FNS.worm Disinfected C:\WINDOWS\system32\winsys32c.exe Virus:W32/Sdbot.ECF.worm Disinfected C:\WINDOWS\system32\xpjava.exe Adware:Adware/MediaTickets No disinfected C:\WINDOWS\update-sp2.html Adware:Adware/MediaTickets No disinfected C:\WINDOWS\update-sp3.html Adware:Adware/MediaTickets No disinfected C:\WINDOWS\update-sp5.html

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.