Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Trojan virus?

Maarten60
13 antwoorden
  • Van de week heeft mijn virus scanner melding gemaakt van een trojan virus die hij verder niet kon verwijderen.
    Heb inmiddels symantec in veilige modus een scan laten doen en die kan niets vinden. Ook Panda on-line komt met niets bijzonders. Kan iemand deze hiJack voor mij nakijken. Als daar ook niets bijzonders inzit geloof ik het verder wel. :wink:
    Dank,
    Maarten

    [list:2850857360]Logfile of HijackThis v1.99.1
    Scan saved at 12:51:36, on 26-5-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\tppaldr.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Nuria\Nuria.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\iPod\bin\iPodService.exe
    F:\Downloads\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -

    http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: winpdc32 - C:\WINDOWS\SYSTEM32\winpdc32.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec

    AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog

    Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    [/list:u:2850857360]



  • Download Pocket KillBox.
    Unzip het programma naar je bureaublad.
    Klik op killbox.exe.
    Selecteer de optie “Delete on reboot”.
    In het veld “Full path of file to delete" Kopieer en plak je het volgende:
    [code:1:9a936ee69e]
    C:\WINDOWS\SYSTEM32\winpdc32.dll
    [/code:1:9a936ee69e]
    Klik op de knop "Single File".
    Klik op de knop met de rode cirkel en het witte kruis.
    Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES".


    Het logje is wel moeilijk leesbaar zo.
    Ga naar Start - Uitvoeren en tik in: notepad.exe
    Klik op OK.
    Ga in Kladblok naar Opmaak, en haal het vinkje voor "Automatische terugloop" weg.
    Sluit Notepad terug af.
    Maak een nieuwe hijackthislog en post deze.
  • Hallo M@rc,
    Heb je instructies uitgevoerd. Ik kan alleen het logfile van killbox niet vinden. Waar wordt dat neergezet?
    Hierbij een nieuw HJT log.
    M
    [list:b9dcbd38e8]Logfile of HijackThis v1.99.1
    Scan saved at 15:57:20, on 26-5-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\tppaldr.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Nuria\Nuria.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    F:\Downloads\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -

    http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

    http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec

    AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog

    Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    [/list:u:b9dcbd38e8]



  • De instructies die ik je gaf zijn niet bedoeld voor een killboxlog maar voor de hijackthislog.
    Doe even wat ik gevraagd heb. Dat haalt die nutteloze spaties overal weg en maakt het logje aangenamer om te analyseren.
  • Sorry voor het misverstand. Heb de word wrap uitgezet. Hierbij de nieuwe file.
    Maarten

    [list:9adfc10985]
    Logfile of HijackThis v1.99.1
    Scan saved at 10:13:17, on 28-5-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\tppaldr.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Nuria\Nuria.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    F:\Downloads\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    [/list:u:9adfc10985]



  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:3c621ee57c]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe
    O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)[/b:3c621ee57c]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Doe deze online-scan: http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    Na het scannen krijg je de mogelijkheid om het logje op te slaan. Doe dit.
    Post de inhoud van dat logje samen met een nieuwe hijackthislog.
  • Hijack fixes uitgevoerd, ga nu de scan starten.
    Resultaat volgt.
    M
  • Beide zaken succesvol uitgevoerd.

    Hierbij de gevraagde logs.
    Alvast dank voor de analyse.\
    M

    Hijack
    [list:bd63c9d35e]Logfile of HijackThis v1.99.1
    Scan saved at 13:07:42, on 28-5-2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\tppaldr.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Nuria\Nuria.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\iPod\bin\iPodService.exe
    F:\Downloads\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [anvshell] anvshell.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin
    pjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    [/list:u:bd63c9d35e]

    Panda scan

    [list:bd63c9d35e]
    Incident Status Location

    Adware:Adware/YazzleSudoku Not disinfected C:\!KillBox\winpdc32.dll
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\buikhuisen\Application Data\Mozilla\Firefox\Profiles\0iknx3y2.Buikhuisen\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\buikhuisen\Cookies\buikhuisen@stat.onestat[2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Joyce\Application Data\Mozilla\Firefox\Profiles\vafynlxf.Standaardgebruiker\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Joyce\Application Data\Mozilla\Firefox\Profiles\vafynlxf.Standaardgebruiker\cookies.txt[.atdmt.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joyce\Application Data\Mozilla\Firefox\Profiles\vafynlxf.Standaardgebruiker\cookies.txt[.2o7.net/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@2o7[1].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@ad.yieldmanager[2].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@bluestreak[2].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@serving-sys[2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@statcounter[1].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Martine\Application Data\Mozilla\Firefox\Profiles\v4yqqat9.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Martine\Application Data\Mozilla\Firefox\Profiles\v4yqqat9.default\cookies.txt[.hitbox.com/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Martine\Cookies\martine@atdmt[1].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Martine\Cookies\martine@bluestreak[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Martine\Cookies\martine@doubleclick[1].txt
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[statse.webtrendslive.com/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[statse.webtrendslive.com/dcs2c3jt04h7cnydom5ebrdmf_7t9d]
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.doubleclick.net/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[media.fastclick.net/]
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.atdmt.com/]
    Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.metriweb.be/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.smni.com/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.stat.onestat.com/]
    Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.smni.com/]
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.stat.onestat.com/]
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.fe.lea.lycos.fr/]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.statse.webtrendslive.com/S146253]
    Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.statse.webtrendslive.com/S119579]
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.fe.lea.lycos.de/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.overture.com/]
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.fe.lea.lycos.es/]
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.go.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.bluestreak.com/]
    Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.ads.gorillanation.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@ad.yieldmanager[1].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@adopt.hbmediapro[2].txt
    Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@ads.gorillanation[2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@atwola[1].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@azjmp[2].txt
    Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@desktop.kazaa[1].txt
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@fe.lea.lycos[1].txt
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@fe.lea.lycos[3].txt
    Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@fe.lea.lycos[4].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@go[1].txt
    Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@pop.mircx[1].txt
    Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@rn11[1].txt
    Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@smni[1].txt
    Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@www.myaffiliateprogram[1].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@xiti[1].txt
    Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@xmts[1].txt
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Nikkie\Cookies
    ikkie@yadro[2].txt
    Adware:Adware/Cydoor Not disinfected C:\Program Files\Diet K\dk\dietk3.dat
    [/list:u:bd63c9d35e]




















  • Dit bestand kan je verwijderen:
    C:\Program Files\Diet K\dk\dietk3.dat
    (misschien zelfs de hele map Diet K, ik ken het niet, bekijk je zelf best even)

    Deze map mag je verwijderen:
    C:\!KillBox

    Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    In het venster "Main", plaats je een vinkje bij [b:47ff020689]Select All[/b:47ff020689].
    Klik op de knop [b:47ff020689]Empty Selected[/b:47ff020689].

    Gebruik je ook Firefox als browser:
    Klik op het tabblad "Firefox" en plaats een vinkje bij [b:47ff020689]Select All[/b:47ff020689].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:47ff020689]Empty Selected[/b:47ff020689].

    Gebruik je ook Opera als browser:
    Klik op het tabblad "Opera" en plaats een vinkje bij [b:47ff020689]Select All[/b:47ff020689].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:47ff020689]Empty Selected[/b:47ff020689].

    Ga naar het menu "Main" en klik op de knop [b:47ff020689]Exit[/b:47ff020689] om het programma af te sluiten.

    Zijn er nog problemen Maarten?
  • Ik heb alles uit kunnen voeren.
    Voor zover ik kan zien heb ik geen problemen meer. :D alles werkt naar behoren.

    Het probleem begon met een foutmelding van mijn virusscanner. Die heb ik niet meer kunnen reproduceren. Dus als mijn logs schoon zijn, ga ik er vanuit dat alles verder goed is.

    Dank voor de hulp.
    Maarten
  • Ik denk wel dat alles nu in orde is.
    De meeste scanners detecteren deze trojan, maar kunnen deze niet verwijderen. Oorzaak is dat deze gehecht is aan ondermeer winlogon.exe.
  • ok, nogmaals bedankt voor de hulp.
    Maarten
  • Graag gedaan.
    Je zou eventueel nog de bestaande systeemherstelpunten kunnen wissen.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.