Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Ook last van Vundo virus

Anoniem
M@rc
3 antwoorden
  • Ik heb ook last van het vundo virus heb eerdere topics gelezen hier en ook fundofix gedownload en laten draaien…hij gaf een melding dat nog niet alles verwijderd kon worden (ook na de reboot blijft er een file staan…)

    Ik heb ook hijackthis gedraaid en hieronder het resultaat…

    P.s. mij virusscanner geeft hem momenteel niet meer weer…

    Kunnen jullie mij nog wat advies geven over de volgende stappen…????

    Thanks :lol:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:34:01, on 6-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\PROGRA~1\NavNT\vptray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
    C:\Program Files\Webshots\webshots.scr
    C:\hijack\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\opnnnki.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A32344BE-8F6B-47AF-A1DC-D45AA5214717} - C:\WINDOWS\system32\gebya.dll (file missing)
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Spamihilator.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O4 - Global Startup: ZDConfig.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://83.167.223.15/admin/jre-1_5_0_10-windows-i586-p.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EA03BC1-C11E-469F-93BD-B537B68CDD3D}: NameServer = 62.58.50.5,62.58.50.6
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F199EE0-82F6-4C22-91DA-42DA6B8B6423}: NameServer = 62.58.50.5,62.58.50.6
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: opnnnki - C:\WINDOWS\SYSTEM32\opnnnki.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: PETER Connects Audio Service (PcaAudioService) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaAudioService.exe
    O23 - Service: PETER Connects Telephone List Loading Utility service (PcaLdb1Service) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaLdb1Service.exe
    O23 - Service: PETER Connects Main service (PcaMainService) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaMainService.EXE
    O23 - Service: PETER Connects Management service (PcaMngtService) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaMngtService.exe
    O23 - Service: PETER Connects TAPI Interface service (PcaTapiService) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaTapiService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
  • Je gebruikt een oude versie van HijackThis. Best dat je deze versie gebruikt: http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:0aa72d9911]O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\opnnnki.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - Winlogon Notify: opnnnki - C:\WINDOWS\SYSTEM32\opnnnki.dll[/b:0aa72d9911]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
  • Ok hieronder de nieuwe logfiles…

    [u:26d6c07c1c][b:26d6c07c1c]hijackthis:[/b:26d6c07c1c][/u:26d6c07c1c]

    Logfile of HijackThis v1.99.1
    Scan saved at 22:34:01, on 6-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\PROGRA~1\NavNT\vptray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
    C:\Program Files\Webshots\webshots.scr
    C:\hijack\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\opnnnki.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A32344BE-8F6B-47AF-A1DC-D45AA5214717} - C:\WINDOWS\system32\gebya.dll (file missing)
    O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Spamihilator.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O4 - Global Startup: ZDConfig.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS
    ppdf32.dll
    O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://83.167.223.15/admin/jre-1_5_0_10-windows-i586-p.exe
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EA03BC1-C11E-469F-93BD-B537B68CDD3D}: NameServer = 62.58.50.5,62.58.50.6
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F199EE0-82F6-4C22-91DA-42DA6B8B6423}: NameServer = 62.58.50.5,62.58.50.6
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: opnnnki - C:\WINDOWS\SYSTEM32\opnnnki.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: PETER Connects Audio Service (PcaAudioService) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaAudioService.exe
    O23 - Service: PETER Connects Telephone List Loading Utility service (PcaLdb1Service) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaLdb1Service.exe
    O23 - Service: PETER Connects Main service (PcaMainService) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaMainService.EXE
    O23 - Service: PETER Connects Management service (PcaMngtService) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaMngtService.exe
    O23 - Service: PETER Connects TAPI Interface service (PcaTapiService) - JDM Software BV - Maassluis - The Netherlands. - C:\Program Files\PETER Connects\Programs\PcaTapiService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

    [u:26d6c07c1c][b:26d6c07c1c]en combofix:[/b:26d6c07c1c][/u:26d6c07c1c]

    ComboFix 08-01-07.5 - blomk 2008-01-07 22:22:32.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.833 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\blomk.KEN.000\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\blomk.KEN.000\Application Data\inst.exe
    C:\WINDOWS\system32\lonpo.ini
    C:\WINDOWS\system32\lonpo.ini2

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-12-07 to 2008-01-07 ))))))))))))))))))))))))))))))
    .

    2008-01-07 22:21 . 2000-08-31 08:00 51,200 –a—— C:\WINDOWS\NirCmd.exe
    2008-01-07 22:14 . 2008-01-07 22:14 <DIR> d——– C:\Program Files\Trend Micro
    2008-01-06 22:36 . 2008-01-06 22:36 314,720 –a—— C:\WINDOWS\system32\opnol.dll
    2008-01-06 22:00 . 2008-01-06 22:28 <DIR> d——– C:\VundoFix Backups
    2008-01-06 11:54 . 2008-01-06 11:54 <DIR> d——– C:\Program Files\ZyDAS Technology Corporation
    2008-01-06 11:54 . 2003-04-23 19:25 61,440 –a—— C:\WINDOWS\system32\ZDTRLib.DLL
    2008-01-06 11:54 . 2002-10-29 17:35 61,440 –a—— C:\WINDOWS\system32\ZDN50.dll
    2008-01-06 11:54 . 2003-04-23 19:25 49,152 –a—— C:\WINDOWS\system32\ZD12APP.dll
    2008-01-06 11:54 . 2003-05-15 18:29 38,656 –a—— C:\WINDOWS\system32\drivers\ZD1201U.sys
    2008-01-06 11:54 . 2003-05-12 14:56 25,088 –a—— C:\WINDOWS\system32\UNZD1201.exe
    2008-01-06 11:54 . 2003-03-14 12:24 24,576 –a—— C:\WINDOWS\system32\ZyDelReg.exe
    2008-01-06 11:54 . 2003-05-23 17:53 24,576 –a—— C:\WINDOWS\system32\KZDAPP.exe
    2008-01-06 11:54 . 2003-05-21 17:34 24,576 –a—— C:\WINDOWS\system32\InsDrvZD.dll
    2008-01-06 11:54 . 2002-10-30 11:43 16,157 –a—— C:\WINDOWS\system32\ZDNDIS5.sys
    2008-01-05 17:36 . 2008-01-05 17:36 <DIR> d——– C:\Program Files\Microsoft.NET
    2008-01-05 17:36 . 2008-01-05 17:36 <DIR> d——– C:\Program Files\Microsoft Works
    2008-01-05 17:36 . 2008-01-05 17:36 <DIR> dr-h—– C:\MSOCache
    2008-01-05 17:35 . 2008-01-05 17:35 <DIR> d——– C:\Program Files\RankingCounter
    2008-01-05 17:35 . 2008-01-05 17:35 <DIR> d——– C:\os-call
    2008-01-05 17:35 . 2008-01-05 17:35 <DIR> d——– C:\DutchPornPosters posten - FTD 471320 - BigTitsBoss - Shyla Dicktating - 27-08-2007 - BigTitsBoss-Shyla_Dicktatingnzb
    2008-01-05 17:35 . 2008-01-05 17:35 <DIR> d——– C:\debian
    2008-01-05 16:22 . 2008-01-05 17:34 <DIR> d—s—- C:\Documents and Settings\————\ASPNET
    2008-01-05 13:52 . 2008-01-05 13:52 <DIR> d——– C:\Program Files\Microsoft(2).NET
    2008-01-05 13:50 . 2008-01-05 13:50 <DIR> d——– C:\Program Files\MSXML 6.0
    2008-01-05 13:46 . 2008-01-05 13:52 <DIR> d——– C:\Program Files\Microsoft SQL Server
    2008-01-05 13:01 . 2008-01-05 13:01 <DIR> d——– C:\Program Files\Solarwinds
    2008-01-05 12:57 . 2001-07-21 22:23 8,002 –a—— C:\WINDOWS\system32\smtpctrs.h
    2008-01-05 12:57 . 2001-07-21 22:23 773 –a—— C:\WINDOWS\system32
    tfsdrct.h
    2008-01-05 12:55 . 2001-09-07 14:00 5,379 –a—— C:\WINDOWS\system32\w3ctrs.h
    2008-01-05 12:55 . 2001-09-07 14:00 3,276 –a—— C:\WINDOWS\system32\infoctrs.h
    2008-01-05 12:55 . 2001-09-07 14:00 2,024 –a—— C:\WINDOWS\system32\axctrnm.h
    2008-01-05 12:49 . 2008-01-05 12:49 <DIR> d——– C:\Documents and Settings\blomk.KEN.000\Application Data\SolarWinds
    2008-01-05 12:46 . 2008-01-05 12:46 <DIR> d——– C:\Program Files\MSBuild
    2008-01-05 12:38 . 2008-01-05 17:35 <DIR> d——– C:\WINDOWS\system32\XPSViewer
    2008-01-05 12:37 . 2008-01-05 12:37 <DIR> d——– C:\Program Files\Reference Assemblies
    2008-01-05 12:28 . 2008-01-05 12:28 <DIR> d——– C:\solarwinds
    2008-01-05 12:07 . 2008-01-05 17:35 <DIR> d——– C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-01-03 22:25 . 2008-01-03 22:28 <DIR> d——– C:\voip-module
    2007-12-23 19:47 . 2008-01-05 17:37 <DIR> d——– C:\Program Files\ZyDAS Technology Corporation(2)
    2007-12-23 19:06 . 2003-04-25 15:17 70,388 ——— C:\WINDOWS\system32\drivers\WS01UPH.bin
    2007-12-16 20:56 . 2007-12-16 20:56 24,336 ——— C:\WINDOWS\system32\opnnnki.dll
    2007-12-08 20:12 . 2007-12-08 20:12 0 –a—— C:\WINDOWS
    sreg.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-07 21:38 ——— d—–w C:\Documents and Settings\blomk.KEN.000\Application Data\Spamihilator
    2008-01-07 21:37 ——— d—–w C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\VMware
    2008-01-07 21:37 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data\VMware
    2008-01-06 10:54 ——— d–h–w C:\Program Files\InstallShield Installation Information
    2008-01-05 16:37 ——— d—–w C:\Program Files\DartManager
    2008-01-05 16:36 ——— d—–w C:\Program Files\Net Tools
    2008-01-05 16:36 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-01-05 16:35 ——— d—–w C:\Program Files\Round Robin Scheduler 4.0
    2008-01-04 21:24 ——— d—–w C:\Documents and Settings\blomk.KEN.000\Application Data\GrabIt
    2007-12-26 11:08 ——— d—–w C:\Program Files\Common Files\Galactix Software
    2007-12-05 19:40 ——— d—–w C:\Program Files\SpeedFan
    2007-12-01 18:55 ——— d—–w C:\Program Files\GrabIt
    2007-11-30 20:56 ——— d—–w C:\Documents and Settings\blomk.KEN.000\Application Data\Wireshark
    2007-11-30 20:41 ——— d—–w C:\Program Files\Wireshark
    2007-11-30 20:40 ——— d—–w C:\Program Files\WinPcap
    2007-11-25 12:41 ——— d—–w C:\Documents and Settings\blomk.KEN.000\Application Data\VMware
    2007-11-25 10:38 737,280 —-a-w C:\WINDOWS\iun6002.exe
    2007-11-25 10:38 ——— d—–w C:\Program Files\WYSIWYG Web Builder 4 NL
    2007-11-20 18:35 1,529,790 —-a-w C:\mrtg-2.9.29.zip
    2007-11-18 21:32 ——— d—–w C:\Program Files\DVD Shrink
    2007-11-18 21:32 ——— d—–w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
    2007-11-17 11:02 ——— d—–w C:\Program Files\Lavasoft
    2007-11-17 11:02 ——— d—–w C:\Documents and Settings\blomk.KEN.000\Application Data\Lavasoft
    2007-11-17 10:59 ——— d—–w C:\Program Files\DynGate
    2007-11-10 19:03 ——— d—–w C:\Program Files\Activision
    2007-11-10 15:52 22,328 —-a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-10 15:52 22,328 —-a-w C:\Documents and Settings\blomk.KEN.000\Application Data\PnkBstrK.sys
    2007-11-10 15:51 66,872 —-a-w C:\WINDOWS\system32\PnkBstrA.exe
    2007-11-10 15:51 103,736 —-a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-09 21:31 ——— d—–w C:\Program Files\PETER Connects
    2007-11-09 21:28 94,208 —-a-w C:\Documents and Settings\blomk.KEN.000\Application Data\ezplay.sys
    2007-11-09 21:28 47,360 —-a-w C:\Documents and Settings\blomk.KEN.000\Application Data\pcouffin.sys
    2007-11-09 21:28 ——— d—–w C:\Documents and Settings\blomk.KEN.000\Application Data\Vso
    2007-11-09 21:25 ——— d—–w C:\Program Files\Rainbow Technologies
    2007-11-09 19:23 94,208 —-a-w C:\WINDOWS\system32\drivers\ezplay.sys
    2007-11-09 19:23 47,360 —-a-w C:\WINDOWS\system32\drivers\pcouffin.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    2007-12-16 20:56 24336 ——— C:\WINDOWS\system32\opnnnki.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F5C8DCE-6E85-432D-8E79-8C28EAA9FEF3}]
    2008-01-06 22:36 314720 –a—— C:\WINDOWS\system32\opnol.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A32344BE-8F6B-47AF-A1DC-D45AA5214717}]
    C:\WINDOWS\system32\gebya.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PtiuPbmd"="ulutil2.dll" [2003-11-05 19:06 110592 C:\WINDOWS\system32\ulutil2.dll]
    "vptray"="C:\PROGRA~1\NavNT\vptray.exe" [2001-09-24 06:59 73728]
    "Cmaudio"="cmicnfg.cpl" []
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 08:12 90112]
    "Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-08-09 15:34 651264]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360]

    C:\Documents and Settings\blomk.KEN\Menu Start\Programma's\Opstarten\
    SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2007-09-17 18:04:02]

    C:\Documents and Settings\blomk.KEN.000\Menu Start\Programma's\Opstarten\
    Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-04-03 18:19:21]

    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\
    Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]
    Spamihilator.lnk - C:\Program Files\Spamihilator\spamihilator.exe [2007-08-09 15:34:08]
    VPN Client.lnk - C:\WINDOWS\Installer\{229205AC-74D7-4045-BE2E-F3276B498EF1}\Icon3E5562ED7.ico [2007-10-22 18:47:20]
    ZDConfig.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe [2008-01-06 11:54:04]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\opnnnki.dll [2007-12-16 20:56 24336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\opnnnki]
    opnnnki.dll 2007-12-16 20:56 24336 C:\WINDOWS\system32\opnnnki.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\opnol.dll

    R0 DontGo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\drivers\DontGo.sys [2004-06-29 15:25]
    R0 ulsata2;ulsata2;C:\WINDOWS\system32\drivers\ulsata2.sys [2005-06-29 17:44]
    R3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-05-15 18:29]
    R3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\system32\ZDNDIS5.SYS [2002-10-30 11:43]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers
    pf.sys [2007-06-29 01:01]
    S3 PcaAudioService;PETER Connects Audio Service;"C:\Program Files\PETER Connects\Programs\PcaAudioService.exe" [2007-10-23 13:18]
    S3 PcaLdb1Service;PETER Connects Telephone List Loading Utility service;"C:\Program Files\PETER Connects\Programs\PcaLdb1Service.exe" [2007-10-23 13:16]
    S3 PcaMainService;PETER Connects Main service;"C:\Program Files\PETER Connects\Programs\PcaMainService.EXE" [2007-10-23 14:22]
    S3 PcaMngtService;PETER Connects Management service;"C:\Program Files\PETER Connects\Programs\PcaMngtService.exe" [2007-10-23 13:11]
    S3 PcaTapiService;PETER Connects TAPI Interface service;"C:\Program Files\PETER Connects\Programs\PcaTapiService.exe" [2007-10-23 14:22]
    S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" [2007-01-09 23:17]
    S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2006-10-22 04:30]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##bianca#d]
    \Shell\AutoRun\command - Z:\Setup.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \Shell\AutoRun\command - H:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - H:\Directx\dxsetup.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-07 22:39:05
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    ——————— DLLs Loaded Under Running Processes ———————

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\opnnnki.dll
    -> C:\WINDOWS\system32\NavLogon.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
    -> C:\WINDOWS\system32\opnol.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
    -> C:\WINDOWS\system32\opnol.dll
    -> C:\WINDOWS\system32\opnnnki.dll
    .
    Voltooingstijd: 2008-01-07 22:46:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-07 21:46:22
    ComboFix2.txt 2007-06-02 11:13:47
    ComboFix3.txt 2007-05-28 18:42:07
    ComboFix4.txt 2007-05-28 11:49:44


    Thanks :)




Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.