Vraag & Antwoord

Beveiliging & privacy

virus

Anoniem
None
34 antwoorden
  • M@rc,

    heb i.e. 7 geinstalleerd, en werkt goed, behalve dit elke keer als ik ie 7
    opstart dan vind Kaspersky AV, het volgende.
    trojan W32 banload.bon. hij verwijdert hem ,maar als ik IE weer opstart
    dan vindt die hem weer. dan ga ik naar de Temp map waar die naar toe verwijst zit, en dan staat er dit: Ldrcrpt.dat
    weet jij wat die inhoudt.

    Darunia
  • Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Combofixlog:

    ComboFix 07-08-09.3 - "Boss Hogg" 2007-08-14 20:51:09.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.20 [GMT 2:00]


    ((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))


    2007-08-14 17:43 <DIR> dr-h—– C:\DOCUME~1\BOSSHO~1\Onlangs geopend
    2007-08-14 11:03 83,024 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-08-14 11:03 57,424 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-08-14 11:03 53,840 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-08-14 11:03 39,376 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-08-14 11:03 29,264 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-08-14 11:02 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-08-14 11:02 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-08-14 11:02 <DIR> d——– C:\DOCUME~1\BOSSHO~1\APPLIC~1\PC Tools
    2007-08-13 20:22 <DIR> d–h—– C:\WINDOWS\$hf_mig$
    2007-08-13 17:22 512,096 –a—— C:\WINDOWS\system32\drivers\amon.sys
    2007-08-13 17:22 298,104 –a—— C:\WINDOWS\system32\imon.dll
    2007-08-13 17:22 15,424 –a—— C:\WINDOWS\system32\drivers\nod32drv.sys
    2007-08-13 17:17 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-08-12 21:20 708,096 –a—— C:\WINDOWS\ntdll.dll
    2007-08-12 20:45 51,200 –a—— C:\WINDOWS\nircmd.exe
    2007-08-12 18:49 <DIR> d——– C:\WINDOWS\ERUNT
    2007-08-09 21:17 <DIR> d——– C:\Program Files\InterMute
    2007-08-06 13:01 28,672 –a—— C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-07-31 13:07 4,980,736 –a—— C:\DOCUME~1\BOSSHO~1\ntuser.dat
    2007-07-30 10:47 <DIR> d——– C:\WINDOWS\system32\logz2
    2007-07-29 13:12 3,287,754 –a—— C:\WINDOWS\AirForce.dat
    2007-07-28 11:18 <DIR> d——– C:\WINDOWS\system32\logz2(2)
    2007-07-25 17:49 20,480 –a—— C:\WINDOWS\system32\Ldrcrpt.dat


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-14 18:28 830976 –a–c— C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-14 18:28 1032704 –a–c— C:\WINDOWS\system32\dllcache\kernel32.dll
    2007-08-12 21:15 ——— d——– C:\Program Files\MSN Messenger
    2007-08-09 13:43 ——— d——– C:\DOCUME~1\BOSSHO~1\APPLIC~1\LimeWire
    2007-08-06 14:49 ——— d–h—– C:\Program Files\InstallShield Installation Information
    2007-08-06 14:48 ——— d——– C:\Program Files\Common Files\InterVideo
    2007-08-06 14:47 ——— d——– C:\Program Files\InterActual
    2007-07-31 09:53 3136 –a—— C:\WINDOWS\system32\vscan.dat
    2007-07-28 11:43 671744 –a—— C:\WINDOWS\system32\wininet(2)(2)(2).dll
    2007-07-28 11:43 1028608 –a—— C:\WINDOWS\system32\kernel32(2)(2)(2).dll
    2007-07-27 06:15 54624 –a—— C:\WINDOWS\system32\perfc013.dat
    2007-07-27 06:15 367714 –a—— C:\WINDOWS\system32\perfh013.dat
    2007-05-15 09:45 972336 –a—— C:\WINDOWS\UNNeroVision.exe
    2007-05-05 23:18 81920 –a—— C:\DOCUME~1\BOSSHO~1\APPLIC~1\ezpinst.exe
    2007-05-05 23:18 47360 –a—— C:\DOCUME~1\BOSSHO~1\APPLIC~1\pcouffin.sys
    2007-05-05 17:04 87608 –a—— C:\DOCUME~1\BOSSHO~1\APPLIC~1\inst.exe
    2007-03-22 21:44:28 5 –sha-w C:\WINDOWS\system32\abfadbaddde_s.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-06-27 13:54]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\System32\wmfhotfix.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= :\WINDOWS\system32\srr

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Snelle start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Synchronizer.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^PCzapper Media Manager.lnk]
    backup=C:\WINDOWS\pss\PCzapper Media Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
    "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    %systemroot%\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
    C:\WINDOWS\System32\LXSUPMON.EXE RUN

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
    "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
    "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]
    smanager.7.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvv]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
    VTTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
    VTtrayp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "usnsvc"=3 (0x3)
    "svcWRSSSDK"=2 (0x2)
    "SDhelper"=3 (0x3)
    "RichVideo"=2 (0x2)
    "NOD32krn"=2 (0x2)

    R0 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    R1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
    R1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
    R1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
    R1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
    R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet-adapter - NT-stuurprogramma;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    R3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys
    S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys
    S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
    S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
    S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
    S3 nmwcdcj;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
    S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys


    Contents of the 'Scheduled Tasks' folder
    2007-02-24 00:01:16 C:\WINDOWS\Tasks\RegistryMedicAuotScan.job

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-14 20:55:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden registry entries …

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:000000d2

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-14 20:58:48
    C:\ComboFix2.txt … 2007-08-12 20:49

    — E O F —


    Hijacklog

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:04, on 14-8-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    c:\windows\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    c:\program files\grisoft\avg7\avgcc.exe
    c:\program files\mozilla firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\documents and settings\boss hogg\bureaublad\hijackthis_v2.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telegraaf.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170494849734
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.lycos.nl/app/uploader/FileUploader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - AppInit_DLLs: C:\WINDOWS\System32\wmfhotfix.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


    End of file - 5004 bytes

    Darunia
  • Kaspersky?
    AVG bedoel je?

    Welke file blijkt geïnfecteerd?
  • had kaspersky erop gezet, om te kijken of die nog wat kon vinden en die vond die w32 banload.bon. omdat hij hem niet echt kon verwijderen.
    daarna heb ik avg er weer op terug gezet.

    het bestand : Ldrcrpt.dat

    Darunia
  • Hallo Darunia,

    Ik zou heel graag kopies hebben van een aantal bestanden.

    Ga naar deze site: http://www.bleepingcomputer.com/submit-malware.php?channel=11
    Bij "Link to topic where this file was requested:" plaats je een link naar dit topic.
    Bij "Browse to the file you want to submit:" klik je op de knop "Bladeren" en navigeer je naar dit bestand: [b:ba0fa5df18]C:\WINDOWS\system32\dllcache\wininet.dll [/b:ba0fa5df18]
    Klik daarna op de knop "Send file".

    Doe dit ook voor de volgende bestanden:
    C:\WINDOWS\system32\dllcache\kernel32.dll
    C:\WINDOWS\system32\wininet.dll
    C:\WINDOWS\system32\kernel32.dll
    C:\WINDOWS\system32\wininet(2)(2)(2).dll
    C:\WINDOWS\system32\kernel32(2)(2)(2).dll

    Je mag ze eventueel ook zippen en als 1 file uploaden.

    Alvast bedankt.
  • Hi M@rc,

    Het euvel is al verholpen, in de map windows.system32 zat ook die Ldrcprt.dat, die heb ik verwijderd. en heb nu geen problemen er meer
    mee.

    Thanx, voor je hulp

    Darunia :D
  • Hallo Darunia,

    Het kan inderdaad zijn dat je probleem verholpen is.
    Helemaal overtuigd ben ik echter niet.
    De kans bestaat dat een aantal legitieme windows bestanden geïnfecteerd zijn. Daarom dat ik je vroeg om bovengenoemde bestanden even te uploaden.
  • Marc,

    Heb ze zelf even een voor een gescand, en inderdaad ze waren besmet met
    trojans.

    Kaspersky heeft ze verwijderd.

    greetz Darunia :)
  • Heeft Kaspersky ze kunnen cleanen?
  • ja, ik heb de pc herstart en nog eens gescand die bestanden die jij had genoteerd, maar hij vond geen trojans meer.

    Darunia
  • Mooi zo.

    Best dat je nog even alle bestaande systeemherstelpunten wist.
  • is gebeurt,

    bedankt voor je hulp, Top

    Darunia :D
  • Graag gedaan Darunia. :wink:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.