Vraag & Antwoord

Beveiliging & privacy

Trojan virus?

13 antwoorden
  • Van de week heeft mijn virus scanner melding gemaakt van een trojan virus die hij verder niet kon verwijderen. Heb inmiddels symantec in veilige modus een scan laten doen en die kan niets vinden. Ook Panda on-line komt met niets bijzonders. Kan iemand deze hiJack voor mij nakijken. Als daar ook niets bijzonders inzit geloof ik het verder wel. :wink: Dank, Maarten [list:2850857360]Logfile of HijackThis v1.99.1 Scan saved at 12:51:36, on 26-5-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\tppaldr.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Nuria\Nuria.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\iPod\bin\iPodService.exe F:\Downloads\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: winpdc32 - C:\WINDOWS\SYSTEM32\winpdc32.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe [/list:u:2850857360]
  • Download [url=http://www.bleepingcomputer.com/files/spyware/KillBox.zip]Pocket KillBox[/url]. Unzip het programma naar je bureaublad. Klik op killbox.exe. Selecteer de optie “Delete on reboot”. In het veld “Full path of file to delete" Kopieer en plak je het volgende: [code:1:9a936ee69e] C:\WINDOWS\SYSTEM32\winpdc32.dll [/code:1:9a936ee69e] Klik op de knop "Single File". Klik op de knop met de rode cirkel en het witte kruis. Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES". Het logje is wel moeilijk leesbaar zo. Ga naar Start - Uitvoeren en tik in: notepad.exe Klik op OK. Ga in Kladblok naar Opmaak, en haal het vinkje voor "Automatische terugloop" weg. Sluit Notepad terug af. Maak een nieuwe hijackthislog en post deze.
  • Hallo M@rc, Heb je instructies uitgevoerd. Ik kan alleen het logfile van killbox niet vinden. Waar wordt dat neergezet? Hierbij een nieuw HJT log. M [list:b9dcbd38e8]Logfile of HijackThis v1.99.1 Scan saved at 15:57:20, on 26-5-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\tppaldr.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Nuria\Nuria.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Internet Explorer\iexplore.exe F:\Downloads\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe [/list:u:b9dcbd38e8]
  • De instructies die ik je gaf zijn niet bedoeld voor een killboxlog maar voor de hijackthislog. Doe even wat ik gevraagd heb. Dat haalt die nutteloze spaties overal weg en maakt het logje aangenamer om te analyseren.
  • Sorry voor het misverstand. Heb de word wrap uitgezet. Hierbij de nieuwe file. Maarten [list:9adfc10985] Logfile of HijackThis v1.99.1 Scan saved at 10:13:17, on 28-5-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\tppaldr.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Nuria\Nuria.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE C:\WINDOWS\system32\wuauclt.exe F:\Downloads\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing) O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe [/list:u:9adfc10985]
  • Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:3c621ee57c]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)[/b:3c621ee57c] Klik daarna op "Fix checked" en sluit HijackThis af. Doe deze online-scan: http://www.pandasoftware.com/activescan/com/activescan_principal.htm Na het scannen krijg je de mogelijkheid om het logje op te slaan. Doe dit. Post de inhoud van dat logje samen met een nieuwe hijackthislog.
  • Hijack fixes uitgevoerd, ga nu de scan starten. Resultaat volgt. M
  • Beide zaken succesvol uitgevoerd. Hierbij de gevraagde logs. Alvast dank voor de analyse.\ M Hijack [list:bd63c9d35e]Logfile of HijackThis v1.99.1 Scan saved at 13:07:42, on 28-5-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\tppaldr.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Nuria\Nuria.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\iPod\bin\iPodService.exe F:\Downloads\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe [/list:u:bd63c9d35e] Panda scan [list:bd63c9d35e] Incident Status Location Adware:Adware/YazzleSudoku Not disinfected C:\!KillBox\winpdc32.dll Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\buikhuisen\Application Data\Mozilla\Firefox\Profiles\0iknx3y2.Buikhuisen\cookies.txt[.doubleclick.net/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\buikhuisen\Cookies\buikhuisen@stat.onestat[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Joyce\Application Data\Mozilla\Firefox\Profiles\vafynlxf.Standaardgebruiker\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Joyce\Application Data\Mozilla\Firefox\Profiles\vafynlxf.Standaardgebruiker\cookies.txt[.atdmt.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joyce\Application Data\Mozilla\Firefox\Profiles\vafynlxf.Standaardgebruiker\cookies.txt[.2o7.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@ad.yieldmanager[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@bluestreak[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@serving-sys[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@statcounter[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Martine\Application Data\Mozilla\Firefox\Profiles\v4yqqat9.default\cookies.txt[.2o7.net/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Martine\Application Data\Mozilla\Firefox\Profiles\v4yqqat9.default\cookies.txt[.hitbox.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Martine\Cookies\martine@atdmt[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Martine\Cookies\martine@bluestreak[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Martine\Cookies\martine@doubleclick[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[statse.webtrendslive.com/dcs2c3jt04h7cnydom5ebrdmf_7t9d] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[media.fastclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.atdmt.com/] Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.metriweb.be/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.2o7.net/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.xiti.com/] Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.smni.com/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.stat.onestat.com/] Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.smni.com/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.stat.onestat.com/] Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.fe.lea.lycos.fr/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.statse.webtrendslive.com/S146253] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.statse.webtrendslive.com/S119579] Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.fe.lea.lycos.de/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.overture.com/] Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.fe.lea.lycos.es/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.go.com/] Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.revenue.net/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.ads.gorillanation.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@ad.yieldmanager[1].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@adopt.hbmediapro[2].txt Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@ads.gorillanation[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@atwola[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@azjmp[2].txt Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@desktop.kazaa[1].txt Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@fe.lea.lycos[1].txt Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@fe.lea.lycos[3].txt Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@fe.lea.lycos[4].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@go[1].txt Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@pop.mircx[1].txt Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@rn11[1].txt Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@smni[1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@www.myaffiliateprogram[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@xiti[1].txt Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@xmts[1].txt Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@yadro[2].txt Adware:Adware/Cydoor Not disinfected C:\Program Files\Diet K\dk\dietk3.dat [/list:u:bd63c9d35e]
  • Dit bestand kan je verwijderen: C:\Program Files\Diet K\dk\dietk3.dat (misschien zelfs de hele map Diet K, ik ken het niet, bekijk je zelf best even) Deze map mag je verwijderen: C:\!KillBox Download [url=http://www.atribune.org/ccount/click.php?id=1]ATF cleaner[/url] (gemaakt door Atribune) Dubbelklik op ATF cleaner om het programma te starten. In het venster "Main", plaats je een vinkje bij [b:47ff020689]Select All[/b:47ff020689]. Klik op de knop [b:47ff020689]Empty Selected[/b:47ff020689]. Gebruik je ook Firefox als browser: Klik op het tabblad "Firefox" en plaats een vinkje bij [b:47ff020689]Select All[/b:47ff020689]. Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". (dit haalt het vinkje weer weg bij "Firefox saved passwords") Klik op de knop [b:47ff020689]Empty Selected[/b:47ff020689]. Gebruik je ook Opera als browser: Klik op het tabblad "Opera" en plaats een vinkje bij [b:47ff020689]Select All[/b:47ff020689]. Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No". Klik op de knop [b:47ff020689]Empty Selected[/b:47ff020689]. Ga naar het menu "Main" en klik op de knop [b:47ff020689]Exit[/b:47ff020689] om het programma af te sluiten. Zijn er nog problemen Maarten?
  • Ik heb alles uit kunnen voeren. Voor zover ik kan zien heb ik geen problemen meer. :D alles werkt naar behoren. Het probleem begon met een foutmelding van mijn virusscanner. Die heb ik niet meer kunnen reproduceren. Dus als mijn logs schoon zijn, ga ik er vanuit dat alles verder goed is. Dank voor de hulp. Maarten
  • Ik denk wel dat alles nu in orde is. De meeste scanners detecteren deze trojan, maar kunnen deze niet verwijderen. Oorzaak is dat deze gehecht is aan ondermeer winlogon.exe.
  • ok, nogmaals bedankt voor de hulp. Maarten
  • Graag gedaan. Je zou eventueel nog de bestaande systeemherstelpunten kunnen wissen.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.