Vraag & Antwoord

Beveiliging & privacy

Moeite met verwijderen Vundo virus

Anoniem
None
24 antwoorden
  • Nee, heb geen problemen meer.
    Hier de log van combofix:

    "Erwin" - 2007-07-29 16:07:06 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


    2007-07-29 01:25 <DIR> d——– C:\DOCUME~1\Erwin\DoctorWeb
    2007-07-28 18:18 <DIR> d——– C:\Hijack
    2007-07-19 23:24 90,112 –a—— C:\WINDOWS\system32\regdacl.exe
    2007-07-19 23:24 4,096 –a—— C:\WINDOWS\system32\reboot.exe
    2007-07-19 23:24 <DIR> d——– C:\WINDOWS\system32\regdacl
    2007-07-17 21:56 51,200 –a—— C:\WINDOWS\nircmd.exe
    2007-07-17 20:16 <DIR> d——– C:\VundoFix Backups
    2007-07-17 18:56 <DIR> d——– C:\DOCUME~1\Erwin\APPLIC~1\Pro Cycling Manager 2007
    2007-07-17 17:36 9,600 –a—— C:\WINDOWS\system32\drivers\hidusb.sys
    2007-07-17 17:25 352,768 -ra—— C:\WINDOWS\system32\drivers\rt61.sys
    2007-07-10 20:56 <DIR> d——– C:\Program Files\InterActual
    2007-07-09 21:07 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll
    2007-07-09 21:07 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
    2007-07-05 17:03 64,648 –a—— C:\WINDOWS\system32\drivers\pe3akt6c.sys
    2007-07-05 17:03 406,920 –a—— C:\WINDOWS\system32\pr2akt6c.exe
    2007-07-05 17:02 83,592 –a—— C:\WINDOWS\system32\drivers\pf2akt6c.sys
    2007-07-05 17:02 55,440 –a—— C:\WINDOWS\system32\drivers\ps6akt6c.sys


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-18 14:20:51 ——– d—–w C:\Program Files\SpywareBlaster
    2007-07-18 14:20:36 ——– d—–w C:\Program Files\Hitman Pro
    2007-07-17 16:50:10 ——– d—–w C:\Program Files\Ahead
    2007-07-16 14:06:57 ——– d—–w C:\Program Files\GameShadow
    2007-07-14 13:55:20 3,195 —-a-w C:\WINDOWS\mozver.dat
    2007-07-14 13:55:17 ——– d—–w C:\Program Files\DivX
    2007-07-11 23:39:10 73,632 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-07-11 23:39:10 448,864 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-07-11 22:00:45 ——– d—–w C:\Program Files\PokerStars
    2007-07-10 14:23:37 ——– d—–w C:\DOCUME~1\Erwin\APPLIC~1\Canon
    2007-07-09 06:23:13 ——– d—–w C:\DOCUME~1\Erwin\APPLIC~1\SiteAdvisor
    2007-06-24 10:06:21 ——– d—–w C:\Program Files\McAfee
    2007-06-20 21:49:57 ——– d—–w C:\Program Files\iTunes
    2007-06-20 21:49:31 ——– d—–w C:\Program Files\iPod
    2007-06-20 21:44:22 ——– d—–w C:\Program Files\QuickTime
    2007-06-20 21:39:37 ——– d—–w C:\Program Files\Apple Software Update
    2007-06-19 13:01:45 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-06-09 09:47:49 249,856 ——w C:\WINDOWS\Setup1.exe
    2007-06-09 09:47:46 73,216 —-a-w C:\WINDOWS\ST6UNST.EXE
    2007-06-06 01:40:29 ——– d—–w C:\Program Files\Ubisoft
    2007-06-05 16:15:00 ——– d—–w C:\Program Files\Common Files\Teleca Shared
    2007-06-05 16:11:41 ——– d—–w C:\Program Files\EPSON
    2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2006-08-03 21:58:10 96,752 —-a-w C:\DOCUME~1\Erwin\APPLIC~1\GDIPFONTCACHEV1.DAT
    2003-11-18 12:37:32 241,664 —-a-w C:\Program Files\npmusicn.dll
    2003-09-28 10:08:22 809 —-a-w C:\Program Files\INSTALL.LOG


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2001-04-16 15:39 37808 –a—— C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
    2007-03-30 17:41 1099304 –a—— C:\Program Files\SiteAdvisor\6066\SiteAdv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2004-05-12 01:03 744960 –a—— C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 –a—— C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    2006-12-22 17:02 67136 –a—— c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-08-31 21:33 322368 –a—— C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-01-20 11:48 C:\WINDOWS\SOUNDMAN.EXE]
    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 07:20]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-20 10:15]
    "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" []
    "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" []
    "FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-12-10 01:19]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" []
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 19:45]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2006-08-10 21:38]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
    "Mobipocket Web Companion"="C:\Program Files\Common Files\Mobipocket Shared\webcomp.exe" []
    "Mobipocket Reader Notifications"="C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe" [2006-06-20 17:54]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
    Dit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDonkey2000]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]


    Contents of the 'Scheduled Tasks' folder
    2007-07-12 18:15:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-03-31 23:00:18 C:\WINDOWS\tasks\McQcTask.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-29 16:13:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-29 16:14:08
    C:\ComboFix-quarantined-files.txt … 2007-07-29 16:13

    — E O F —
  • Ziet er goed uit.

    Best dat je nog even alle bestaande systeemherstelpunten wist:
    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Systeemherstel uitschakelen.

    Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.
  • Oké, blij dat ik eindelijk van de trojan af ben. Heel erg bedankt voor jouw hulp! Echt goed werk wat jullie doen.
  • Graag gedaan Eltjo.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.