Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

TROJAN VUNDO

Anoniem
pimvandenderen
11 antwoorden
  • Goedendag,

    Er is laatst iets op de computer geinstalleerd en sindsdien heb ik last van een trojan.vundo. HIj zegt File: C:\WINNT\syste32\hgdax.dll. Dit virus valt niet te verwijderen via spyware doctor en Hitman pro en noem maar op. Geen van de virus scanners kan 'm vinden. Ik heb nu hijackthis gedownload en daar is de volgende .txt bestand uitgekomen.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:13, on 2008-01-03
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Server\Apache2\Apache2\bin\Apache.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\Server\Apache2\Apache2\bin\Apache.exe
    C:\Server\MySQL\bin\mysqld-nt.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINNT\system32\HPZipm12.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\rundll32.exe
    C:\WINNT\system32\regsvr32.exe
    C:\WINNT\system32\regsvr32.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iFinger\iFinger.exe
    C:\Server\Apache2\Apache2\bin\ApacheMonitor.exe
    C:\Program Files\MSN Messenger\MsnMsgr .Exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/
    unonce.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F3 - REG:win.ini: load=C:\WINNT\system32\hgdax.exe
    O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINNT\system32\efcyxxv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Aircppao\yehfpjrk.dll
    O2 - BHO: (no name) - {91E17C53-63D3-472D-B006-858C8BD4435F} - C:\WINNT\system32\hgdax.dll
    O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [{8B-B3-3E-E8-ZN}] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BundleDownloader\27.ex_ P2D002
    O4 - HKLM\..\Run: [PostCast Server] C:\Server\PostCast Server\postcastserver.exe
    O4 - HKLM\..\Run: [rerilwrs] rundll32.exe "C:\Program Files\mzezmtqz\yfmpyhyf.dll",Init
    O4 - HKLM\..\Run: [pepiraha] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pepiraha.dll"
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [kdapmnmd] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\kdapmnmd.dll"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm .exe"
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: .protected
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: iFinger 2.0.lnk = C:\Program Files\iFinger\iFinger.exe
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Server\Apache2\Apache2\bin\ApacheMonitor.exe
    O4 - Global Startup: .protected
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINNT\system32\SHDOCVW.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: efcyxxv - C:\WINNT\SYSTEM32\efcyxxv.dll
    O23 - Service: Apache2 - Apache Software Foundation - C:\Server\Apache2\Apache2\bin\Apache.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Logical Disk Manager Administrative-service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: MySQL - Unknown owner - C:\Server\MySQL\bin\mysqld-nt (file missing)
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


    End of file - 7304 bytes


    Wat moet ik nu doen om dit probleem te kunnen oplossen?
  • Hoi Montinio,

    Download [b:3b2bb4ef24]Combofix[/b:3b2bb4ef24] naar je [b:3b2bb4ef24]bureaublad[/b:3b2bb4ef24]

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:3b2bb4ef24]download Combofix opnieuw[/b:3b2bb4ef24]. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op [u:3b2bb4ef24]combofix.exe[/u:3b2bb4ef24]
    Kies voor "Continue" door [b:3b2bb4ef24]1[/b:3b2bb4ef24] te typen gevolgd door [b:3b2bb4ef24]ENTER[/b:3b2bb4ef24].
    Tijdens het runnen van de fix, [b:3b2bb4ef24]NIET[/b:3b2bb4ef24] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:3b2bb4ef24]combofix.txt[/b:3b2bb4ef24] openen.
    [i:3b2bb4ef24]Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log. [/i:3b2bb4ef24]

    Succes!

    Pim
  • Ik heb dus combofix.exe gedownload en dus de auto scan er overlaten gaan.

    De scan eindigt met voltooid deel_1.
    Verder gaat de scan niet.

    Combofix geeft ook geen melding voor herstart etc..

    Dus ik herstart zelf, maar ik krijg helemaal geen log met combofix.txt in het beeld. Wat is het probleem?
  • Ga naar start –> uitvoeren en typ daar: [b:af270e79ac]Combofix /u[/b:af270e79ac]
    Dit zal Combofix verwijderen.

    Daarna download combofix opnieuw:
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Probeer via bovenstaande methode een log hiermee te maken.
    Mocht dit weer niet lukken, verwijder Combofix opnieuw, download het opnieuw, start je computer in Veilige modus en probeer op die manier een log te maken :)

    Succes!
    Pim
  • Gelukt:) Combofix deed het wel in veilige modus.

    Hier is de combofix.txt:
    ComboFix 08-01-05.1 - Administrator 2008-01-05 12:05:22.11 -
  • Belangrijk dat je deze stappen zo snel mogelijk achter elkaar uitvoert!

    1. Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:
    [b:c9e55a83be]
    Folder::
    C:\WINNT\vkhdjtck
    C:\FOUND.001
    C:\FOUND.002

    File::
    C:\WINNT\system32\drvjef.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "8E718888-423F-11D2-876E-00A0C9082467"=-
    "41C29B07-6F91-4966-91BE-2E2841643C83"=-
    [-HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}]
    [-HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
    [-HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

    [/b:c9e55a83be]
    Sla dit op op je Bureaublad als [b:c9e55a83be]CFScript.txt[/b:c9e55a83be]

    Sleep [b:c9e55a83be]CFScript.txt[/b:c9e55a83be] in [b:c9e55a83be]ComboFix.exe[/b:c9e55a83be] zoals getoond in onderstaand voorbeeld :

    [img:c9e55a83be]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif[/img:c9e55a83be]

    Dit zal [b:c9e55a83be]ComboFix[/b:c9e55a83be] doen herstarten.
    Start opnieuw op als daarom gevraagd wordt.

    2. Download RenV.exe naar je Bureaublad.

    Open Kladblok, kopiëer en plak het volgende (ENKEL de INHOUD van het code-venster) in een leeg venster:
    [code:1:c9e55a83be]
    —-a-w 1,065,800 2008-01-03 09:56:42 C:\Program Files\Spyware Doctor\SDTrayApp .exe
    —-a-w 20,058,152 2007-12-28 10:57:20 C:\Program Files\Skype\Phone\Skype .exe
    —-a-w 35,328 2007-12-28 10:56:06 C:\Program Files\Winamp\winampa .exe
    [/code:1:c9e55a83be]

    Sla dit op op je Bureaublad als [b:c9e55a83be]Log.txt[/b:c9e55a83be]

    Sleep [b:c9e55a83be]Log.txt[/b:c9e55a83be] in [b:c9e55a83be]RenV.exe[/b:c9e55a83be] zoals getoond in onderstaand voorbeeld:
    [img:c9e55a83be]http://img.photobucket.com/albums/v666/sUBs/RenV.gif[/img:c9e55a83be]

    3. Ga naar [b:c9e55a83be] en klik onderaan op [b:c9e55a83be]Accept[/b:c9e55a83be].
    Deze scanner werkt uitsluitend met
  • Het is gelukt. Hier is de kavscan.txt

    ——————————————————————————-
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, January 06, 2008 1:04:25 PM
    Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 6/01/2008
    Kaspersky Anti-Virus database records: 503040
    ——————————————————————————-

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 31517
    Number of viruses found: 14
    Number of infected objects: 88
    Number of suspicious objects: 0
    Duration of the scan process: 02:01:27

    Infected Object Name / Virus Name / Last Action
    C:\WINNT\system32\config\software.LOG Object is locked skipped
    C:\WINNT\system32\config\default.LOG Object is locked skipped
    C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
    C:\WINNT\system32\config\SAM.LOG Object is locked skipped
    C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\SECURITY Object is locked skipped
    C:\WINNT\system32\config\SOFTWARE Object is locked skipped
    C:\WINNT\system32\config\SYSTEM Object is locked skipped
    C:\WINNT\system32\config\DEFAULT Object is locked skipped
    C:\WINNT\system32\config\SAM Object is locked skipped
    C:\WINNT\system32\Perflib_Perfdata_2ec.dat Object is locked skipped
    C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
    C:\WINNT\Debug\oakley.log Object is locked skipped
    C:\WINNT\Debug\ipsecpa.log Object is locked skipped
    C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINNT\WindowsUpdate.log Object is locked skipped
    C:\WINNT\SchedLgU.Txt Object is locked skipped
    C:\WINNT\CSC\00000001 Object is locked skipped
    C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Default User\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08AC0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08940000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08940001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08980000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08EC0000.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09000001.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08EC0001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09080000.VBN Infected: not-a-virus:AdWare.Win32.TrafficSol.n skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ABC0001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA40001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC00001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC00002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A9C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ABC0002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA40002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB80003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A100000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A1C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09F80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A300000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A400000.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A280000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A3C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AEC0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08C40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\096C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01340000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B40001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A840002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\093C0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\075C0000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01100000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08F00001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06900000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01100001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B00000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08B00001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F80000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B000000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AD00000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Geschiedenis\History.IE5\MSHist012008010620080107\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Administrator\Bureaublad\Mappen\Yme spul\OmertaScript.exe/file01 Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\Documents and Settings\Administrator\Bureaublad\Mappen\Yme spul\OmertaScript.exe Inno: infected - 1 skipped
    C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\history.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\key3.db Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9pvg6mss.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\index2.dat Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\contactgroup256.dbb Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\profile256.dbb Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\voicemail256.dbb Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\chatmsg256.dbb Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\chat512.dbb Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\call256.dbb Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\callmember256.dbb Object is locked skipped
    C:\Documents and Settings\Administrator\Application Data\Skype\joustra5\user1024.dbb Object is locked skipped
    C:\Documents and Settings\Administrator
    tuser.dat.LOG Object is locked skipped
    C:\Program Files\Mozilla Firefox\components
    sBrowserOpt.dll Infected: not-a-virus:AdWare.Win32.BHO.lq skipped
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080104-201640-846.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080104-201640-719.dll Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skipped
    C:\Program Files\Omerta Script\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\pepiraha.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\kdapmnmd.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\ejopqpmn.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\sfynexkt.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\lwxehmrs.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\zcxefcbu.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\clolkraz.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\hezotubq.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Program Files\Aircppao\yehfpjrk.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Program Files\Mkdrrxjl\sxlyigvz.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Program Files\Jhkswxoc\jvvipule.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Program Files\Qzkrzynl\zylisfry.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Program Files\Idgvsxyx\zneglhac.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Program Files\Gxtazgkf\ahvjvnto.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Program Files\Zjaqswas\tjdzksdp.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\Program Files\Lqoccqmd\gfuqmzje.dll.vir Infected: Trojan.Win32.Obfuscated.mi skipped
    C:\QooBox\Quarantine\C\WINNT\system32
    jprckha
    jprckha1.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.aa skipped
    C:\QooBox\Quarantine\C\WINNT\system32
    jprckha
    jprckha3.exe.vir Infected: not-a-virus:Downloader.Win32.UltimateFix.d skipped
    C:\QooBox\Quarantine\C\WINNT\system32\fccdccb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped
    C:\QooBox\Quarantine\C\WINNT\system32\drvjef.dll.vir Infected: Trojan.Win32.Dialer.yz skipped
    C:\QooBox\Quarantine\catchme2008-01-05_121445.12.zip/efcyxxv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dgw skipped
    C:\QooBox\Quarantine\catchme2008-01-05_121445.12.zip/hgdax.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dih skipped
    C:\QooBox\Quarantine\catchme2008-01-05_121445.12.zip ZIP: infected - 2 skipped

    Scan process completed.

    EN HIER IS DE VERSE COMBOFIX.TXT

    ComboFix 08-01-05.1 - Administrator 06-01-2008 13:10:15.13 -





  • Ziet er prima uit :)
    Hoe is het inmiddels met je problemen?
  • Nou ik moet zeggen, dat de computer veel sneller is en ik heb geen last meer van het virus :D

    Heel erg bedankt voor deze duidelijke hulp:).


    Mvg,

    Montinio
  • Graag gedaan Montinio :wink:

    Doe het volgende nog even :)

    Download ATF Cleaner (by Atribune)

    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:a712af1236]Select All[/b:a712af1236].
    Klik op de knop [b:a712af1236]Empty Selected[/b:a712af1236].

    Het volgende doen als je ook [u:a712af1236]FireFox[/u:a712af1236] als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:a712af1236]Select All[/b:a712af1236].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
    Klik op de knop [b:a712af1236]Empty Selected.[/b:a712af1236]

    Het volgende doen als je ook [u:a712af1236]Opera[/u:a712af1236] als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:a712af1236]Select All[/b:a712af1236].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:a712af1236]Empty Selected[/b:a712af1236].
    Ga naar het tabblad "Main" en klik op de knop [b:a712af1236]Exit[/b:a712af1236] om het programma af te sluiten.

    Deinstalleer Combofix:
    Ga naar start –> uitvoeren en typ daar: [b:a712af1236]combofix /u[/b:a712af1236]
    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

    Lees om herhaling te voorkomen deze beveiligingstips nog eens door:
    http://www.jawwi.nl/nederlands/tips/beveiligen/beveiligen.html

    Pim
  • Oke is goed. Bedankt voor alles _o_

    :D Groeten,
    Montinio:)

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.