Vraag & Antwoord
Trojan virus?
13 antwoorden
- Van de week heeft mijn virus scanner melding gemaakt van een trojan virus die hij verder niet kon verwijderen.
Heb inmiddels symantec in veilige modus een scan laten doen en die kan niets vinden. Ook Panda on-line komt met niets bijzonders. Kan iemand deze hiJack voor mij nakijken. Als daar ook niets bijzonders inzit geloof ik het verder wel. :wink:
Dank,
Maarten
[list:2850857360]Logfile of HijackThis v1.99.1
Scan saved at 12:51:36, on 26-5-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\tppaldr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nuria\Nuria.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Downloads\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: winpdc32 - C:\WINDOWS\SYSTEM32\winpdc32.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[/list:u:2850857360] - Download Pocket KillBox.
Unzip het programma naar je bureaublad.
Klik op killbox.exe.
Selecteer de optie “Delete on reboot”.
In het veld “Full path of file to delete" Kopieer en plak je het volgende:
[code:1:9a936ee69e]
C:\WINDOWS\SYSTEM32\winpdc32.dll
[/code:1:9a936ee69e]
Klik op de knop "Single File".
Klik op de knop met de rode cirkel en het witte kruis.
Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES".
Het logje is wel moeilijk leesbaar zo.
Ga naar Start - Uitvoeren en tik in: notepad.exe
Klik op OK.
Ga in Kladblok naar Opmaak, en haal het vinkje voor "Automatische terugloop" weg.
Sluit Notepad terug af.
Maak een nieuwe hijackthislog en post deze. - Hallo M@rc,
Heb je instructies uitgevoerd. Ik kan alleen het logfile van killbox niet vinden. Waar wordt dat neergezet?
Hierbij een nieuw HJT log.
M
[list:b9dcbd38e8]Logfile of HijackThis v1.99.1
Scan saved at 15:57:20, on 26-5-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\tppaldr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nuria\Nuria.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Downloads\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[/list:u:b9dcbd38e8] - De instructies die ik je gaf zijn niet bedoeld voor een killboxlog maar voor de hijackthislog.
Doe even wat ik gevraagd heb. Dat haalt die nutteloze spaties overal weg en maakt het logje aangenamer om te analyseren. - Sorry voor het misverstand. Heb de word wrap uitgezet. Hierbij de nieuwe file.
Maarten
[list:9adfc10985]
Logfile of HijackThis v1.99.1
Scan saved at 10:13:17, on 28-5-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\tppaldr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nuria\Nuria.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
F:\Downloads\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[/list:u:9adfc10985] - Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:
[b:3c621ee57c]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.jcash.biz/l/ddb5c5ccea4ef98dda0b765d4a93712e_13.exe
O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing)[/b:3c621ee57c]
Klik daarna op "Fix checked" en sluit HijackThis af.
Doe deze online-scan: http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Na het scannen krijg je de mogelijkheid om het logje op te slaan. Doe dit.
Post de inhoud van dat logje samen met een nieuwe hijackthislog. - Hijack fixes uitgevoerd, ga nu de scan starten.
Resultaat volgt.
M - Beide zaken succesvol uitgevoerd.
Hierbij de gevraagde logs.
Alvast dank voor de analyse.\
M
Hijack
[list:bd63c9d35e]Logfile of HijackThis v1.99.1
Scan saved at 13:07:42, on 28-5-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\tppaldr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Nuria\Nuria.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Downloads\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Nuria] C:\Program Files\Nuria\Nuria.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092998101859
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[/list:u:bd63c9d35e]
Panda scan
[list:bd63c9d35e]
Incident Status Location
Adware:Adware/YazzleSudoku Not disinfected C:\!KillBox\winpdc32.dll
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\buikhuisen\Application Data\Mozilla\Firefox\Profiles\0iknx3y2.Buikhuisen\cookies.txt[.doubleclick.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\buikhuisen\Cookies\buikhuisen@stat.onestat[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Joyce\Application Data\Mozilla\Firefox\Profiles\vafynlxf.Standaardgebruiker\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Joyce\Application Data\Mozilla\Firefox\Profiles\vafynlxf.Standaardgebruiker\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joyce\Application Data\Mozilla\Firefox\Profiles\vafynlxf.Standaardgebruiker\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@ad.yieldmanager[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Joyce\Cookies\joyce@statcounter[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Martine\Application Data\Mozilla\Firefox\Profiles\v4yqqat9.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Martine\Application Data\Mozilla\Firefox\Profiles\v4yqqat9.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Martine\Cookies\martine@atdmt[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Martine\Cookies\martine@bluestreak[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Martine\Cookies\martine@doubleclick[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[statse.webtrendslive.com/dcs2c3jt04h7cnydom5ebrdmf_7t9d]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.smni.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.smni.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.fe.lea.lycos.fr/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.statse.webtrendslive.com/S146253]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.statse.webtrendslive.com/S119579]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.fe.lea.lycos.de/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.overture.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.fe.lea.lycos.es/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.go.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Nikkie\Application Data\Mozilla\Firefox\Profiles\052t9hcr.default\cookies.txt[.ads.gorillanation.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@adopt.hbmediapro[2].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@ads.gorillanation[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@azjmp[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@desktop.kazaa[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@fe.lea.lycos[3].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@fe.lea.lycos[4].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@go[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@pop.mircx[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@rn11[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@smni[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@xmts[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Nikkie\Cookies\nikkie@yadro[2].txt
Adware:Adware/Cydoor Not disinfected C:\Program Files\Diet K\dk\dietk3.dat
[/list:u:bd63c9d35e] - Dit bestand kan je verwijderen:
C:\Program Files\Diet K\dk\dietk3.dat
(misschien zelfs de hele map Diet K, ik ken het niet, bekijk je zelf best even)
Deze map mag je verwijderen:
C:\!KillBox
Download ATF cleaner (gemaakt door Atribune)
Dubbelklik op ATF cleaner om het programma te starten.
In het venster "Main", plaats je een vinkje bij [b:47ff020689]Select All[/b:47ff020689].
Klik op de knop [b:47ff020689]Empty Selected[/b:47ff020689].
Gebruik je ook Firefox als browser:
Klik op het tabblad "Firefox" en plaats een vinkje bij [b:47ff020689]Select All[/b:47ff020689].
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords"
Klik op de knop [b:47ff020689]Empty Selected[/b:47ff020689].
Gebruik je ook Opera als browser:
Klik op het tabblad "Opera" en plaats een vinkje bij [b:47ff020689]Select All[/b:47ff020689].
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop [b:47ff020689]Empty Selected[/b:47ff020689].
Ga naar het menu "Main" en klik op de knop [b:47ff020689]Exit[/b:47ff020689] om het programma af te sluiten.
Zijn er nog problemen Maarten? - Ik heb alles uit kunnen voeren.
Voor zover ik kan zien heb ik geen problemen meer.
alles werkt naar behoren.
Het probleem begon met een foutmelding van mijn virusscanner. Die heb ik niet meer kunnen reproduceren. Dus als mijn logs schoon zijn, ga ik er vanuit dat alles verder goed is.
Dank voor de hulp.
Maarten - Ik denk wel dat alles nu in orde is.
De meeste scanners detecteren deze trojan, maar kunnen deze niet verwijderen. Oorzaak is dat deze gehecht is aan ondermeer winlogon.exe. - ok, nogmaals bedankt voor de hulp.
Maarten - Graag gedaan.
Je zou eventueel nog de bestaande systeemherstelpunten kunnen wissen.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.