Vraag & Antwoord

Beveiliging & privacy

Trojan.vundo probleem

Anoniem
None
7 antwoorden
  • Hoi ,

    Heb sinds twee dagen een irritante pop-up waar norton een melding van maakt.
    Deze blijft in beeld staan en ik kan hem niet verwijderen.
    Het gaat om een trojan.vundo in mijn systeem32 map en als bestand ddcyv.dll.
    Heb ondertussen al heel wat spyware programma,s geprobeerd maar geen enkele herkend de virus op norton na.
    Heb er niet merkbaar last van maar wil er toch graag vanaf.
    Hopenlijk kan iemand mij daarbij helpen.

    M.vr.gr.Richard
  • Dag Richard,

    Vundo is momenteel een pest en een lastige infectie om te verwijderen.
    Doe dit even:
    Download combofix.exe: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Plaats het op je bureaublad.
    Dubbelklik er op om het programma te starten.
    In het scherm dat verschijnt tik je een 1 in om het cleaning- en analysesproces te laten uitvoeren.
    Volg de instructies op het scherm.
    Als het tooltje klaar is, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje.

    Download HijackThis.
    Sla het bestand op. Dubbelklik op HJTInstall.exe om de installatie te starten.
    Na de installatie start het programma. Klik op de knop "scan".
    Wanneer de hijackthisscan klaar is, verandert de knop 'Scan' in een knop 'Save logfile'.
    Klik hierop en sla de logfile op als hijackthis.log.
    Hijackthis.log zal openen. Post de inhoud van deze logfile ook in je volgende bericht.
  • Hoi M@rc ,

    Alvast heel erg bedankt voor je hulp.
    Hier zijn de 2 logfiles waar je mij om vroeg.
    ComboFix 07-12-28.1 - EUROMAXItest 2007-12-28 17:48:44.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1602 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\EUROMAXItest\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\vycdd.ini
    C:\WINDOWS\system32\vycdd.ini2

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))
    .

    2007-12-28 15:09 . 2007-12-28 15:28 <DIR> d——– C:\Program Files\Spyware Terminator
    2007-12-28 15:09 . 2007-12-28 15:09 <DIR> d——– C:\Program Files\Crawler
    2007-12-28 15:09 . 2007-12-28 15:11 <DIR> d——– C:\Documents and Settings\EUROMAXItest\Application Data\Spyware Terminator
    2007-12-28 15:09 . 2007-12-28 15:10 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2007-12-27 21:53 . 2007-12-27 21:53 <DIR> d——– C:\Documents and Settings\EUROMAXItest\Application Data\TrojanHunter
    2007-12-27 15:24 . 2007-12-27 15:24 <DIR> d——– C:\Documents and Settings\All Users\Application Data\NETGATE
    2007-12-27 14:42 . 2007-12-27 14:50 <DIR> d——– C:\VundoFix Backups
    2007-12-26 23:35 . 2007-12-26 23:35 <DIR> d——– C:\Program Files\Common Files\DAZ
    2007-12-20 22:49 . 2007-12-20 22:49 262 –a—— C:\WINDOWS\game.ini
    2007-12-19 20:17 . 2007-12-19 20:17 <DIR> d–h—– C:\WINDOWS\page files
    2007-12-19 20:17 . 2007-12-19 20:17 <DIR> d——– C:\WINDOWS\INTERLOK
    2007-12-19 20:17 . 2007-12-19 20:17 56 –ahs—- C:\redir.sys
    2007-12-19 19:23 . 2007-12-19 19:23 <DIR> d——– C:\WINDOWS\MetaCreations
    2007-12-18 00:57 . 2007-12-18 00:57 <DIR> d——– C:\Program Files\Google
    2007-12-15 01:10 . 2007-12-15 01:10 <DIR> d——– C:\Documents and Settings\EUROMAXItest\Application Data\vlc
    2007-12-15 01:02 . 2004-03-29 16:23 90,112 –a—— C:\WINDOWS\unvise32.exe
    2007-12-14 02:45 . 2007-12-13 21:39 13,421 –a—— C:\WINDOWS\Ascd_tmp.ini
    2007-12-14 02:45 . 2004-08-14 17:00 5,810 -ra—— C:\WINDOWS\system32\drivers\ASACPI.sys
    2007-12-14 02:44 . 2006-10-11 12:33 10,288 –a—— C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
    2007-12-14 00:18 . 2007-12-14 00:18 <DIR> d——– C:\Documents and Settings\EUROMAXItest\Application Data\Shareaza
    2007-12-13 23:17 . 2007-12-15 02:00 <DIR> d——– C:\Program Files\SpeedFan
    2007-12-13 23:17 . 2007-12-13 23:17 45 –a—— C:\WINDOWS\system32\initdebug.nfo
    2007-12-13 22:08 . 2007-12-13 22:08 <DIR> d——– C:\Program Files\Video Card Stability Test
    2007-12-13 22:08 . 2007-12-13 22:08 664 –a—— C:\WINDOWS\system32\d3d9caps.dat
    2007-12-13 22:06 . 2001-08-17 22:59 3,072 –a—— C:\WINDOWS\system32\drivers\audstub.sys
    2007-12-13 22:05 . 2004-08-04 02:03 76,288 –a—— C:\WINDOWS\system32\usbui.dll
    2007-12-13 22:05 . 2004-08-04 01:54 57,856 –a—— C:\WINDOWS\system32\drivers\redbook.sys
    2007-12-13 22:05 . 2001-08-17 21:13 27,165 –a—— C:\WINDOWS\system32\drivers\fetnd5.sys
    2007-12-13 22:03 . 2007-12-13 21:43 <DIR> d–h—– C:\Documents and Settings\Default User\Sjablonen
    2007-12-13 22:03 . 2007-12-13 22:03 <DIR> d–h—– C:\Documents and Settings\Default User\Onlangs geopend
    2007-12-13 22:03 . 2007-12-13 22:03 <DIR> d–h—– C:\Documents and Settings\Default User\Netwerkprinteromgeving
    2007-12-13 22:03 . 2007-12-13 22:03 <DIR> d——– C:\Documents and Settings\Default User\Mijn documenten
    2007-12-13 22:03 . 2007-12-13 22:03 <DIR> dr——- C:\Documents and Settings\Default User\Menu Start
    2007-12-13 22:03 . 2007-12-13 22:03 <DIR> d——– C:\Documents and Settings\Default User\Favorieten
    2007-12-13 22:03 . 2007-12-13 22:03 <DIR> d——– C:\Documents and Settings\Default User\Bureaublad
    2007-12-13 22:03 . 2007-12-13 22:03 <DIR> d–h—– C:\Documents and Settings\All Users\Sjablonen
    2007-12-13 22:03 . 2007-12-19 19:48 <DIR> dr——- C:\Documents and Settings\All Users\Menu Start
    2007-12-13 22:03 . 2007-12-13 22:03 <DIR> d——– C:\Documents and Settings\All Users\Favorieten
    2007-12-13 22:03 . 2007-12-13 21:44 <DIR> dr——- C:\Documents and Settings\All Users\Documenten
    2007-12-13 22:03 . 2007-12-28 15:10 <DIR> d——– C:\Documents and Settings\All Users\Bureaublad
    2007-12-13 22:03 . 2001-09-07 11:00 176,157 –a–c— C:\WINDOWS\system32\dllcache\dgrpsetu.dll
    2007-12-13 22:02 . 2004-08-04 00:51 1,896,400 –a–c— C:\WINDOWS\system32\dllcache\NT5.CAT
    2007-12-13 22:01 . 2007-12-28 15:06 <DIR> d——– C:\WINDOWS\system32\CatRoot2
    2007-12-13 22:01 . 2007-12-13 22:01 <DIR> d——– C:\WINDOWS\system32\CatRoot
    2007-12-13 22:01 . 2007-12-13 21:48 532 –a—— C:\WINDOWS\system32\$winnt$.inf
    2007-12-13 22:01 . 2007-12-25 02:23 211 -rahs—- C:\boot.ini
    2007-12-13 20:57 . 2007-12-20 22:58 <DIR> d–h—– C:\Program Files\InstallShield Installation Information
    2007-12-13 20:56 . 2007-12-13 20:57 <DIR> d——– C:\partition magic
    2007-12-13 20:53 . 2004-08-03 23:08 26,496 –a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-12-13 19:55 . 2007-12-13 19:55 <DIR> d——– C:\WINDOWS\nview
    2007-12-13 19:55 . 2007-12-13 19:55 <DIR> d——– C:\Documents and Settings\NetworkService\Application Data\Symantec
    2007-12-13 19:55 . 2007-10-04 17:14 356,352 –a—— C:\WINDOWS\system32\nvudisp.exe
    2007-12-13 19:55 . 2007-12-13 19:56 140,158 –a—— C:\WINDOWS\system32\nvapps.xml
    2007-12-13 19:55 . 2007-10-04 17:14 17,525 –a—— C:\WINDOWS\system32\nvdisp.nvu
    2007-12-13 19:54 . 2007-12-13 20:55 <DIR> d——– C:\Program Files\Common Files\InstallShield
    2007-12-13 19:54 . 2007-12-13 19:54 <DIR> d——– C:\NVIDIA
    2007-12-13 19:54 . 2007-10-04 18:16 356,352 –a—— C:\WINDOWS\system32\NVUNINST.EXE
    2007-12-13 19:49 . 2007-12-13 19:49 32 –ahs—- C:\WINDOWS\system32\{EDC3C58A-C1CB-4301-ACCD-F791EB2C9C87}.dat
    2007-12-13 19:49 . 2007-12-13 19:49 32 –ahs—- C:\WINDOWS\{834A22D0-E244-448F-A619-3548B67118C6}.dat
    2007-12-13 19:48 . 2007-12-13 19:48 <DIR> d——– C:\Documents and Settings\EUROMAXItest\WINDOWS
    2007-12-13 19:48 . 2002-08-14 06:03 34,578 –a—— C:\WINDOWS\system32\drivers\NPDRIVER.SYS
    2007-12-13 19:48 . 2002-08-14 06:03 31,744 –a—— C:\WINDOWS\system32\S32STAT.DLL
    2007-12-13 19:48 . 2007-12-13 19:48 32 –ahs—- C:\WINDOWS\system32\{DCE9696D-86A2-4BA8-AE92-5F67B8EC6A11}.dat
    2007-12-13 19:48 . 2007-12-13 19:48 32 –ahs—- C:\WINDOWS\system32\{07D46019-B385-4A92-BA4D-0F71683FFA1D}.dat
    2007-12-13 19:48 . 2007-12-13 19:48 32 –ahs—- C:\WINDOWS\{2A68A4BB-1CC3-434E-A9BA-CEE067EA373F}.dat
    2007-12-13 19:48 . 2007-12-13 19:48 32 –ahs—- C:\WINDOWS\{25248B9A-6394-4550-AA3F-BC85BAF08429}.dat
    2007-12-13 19:46 . 2007-12-13 19:50 <DIR> d——– C:\Program Files\Norton SystemWorks
    2007-12-13 19:46 . 2002-08-28 17:41 123,619 –a—— C:\WINDOWS\system32\SYMEVNT.386
    2007-12-13 19:46 . 2002-08-28 17:41 83,672 –a—— C:\WINDOWS\system32\S32EVNT1.DLL
    2007-12-13 19:46 . 2002-08-28 17:41 73,224 –a—— C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-12-13 19:46 . 2007-12-13 19:46 32 –ahs—- C:\WINDOWS\system32\{FF0AA8BA-E918-4FEA-A142-036C1FAEE4F6}.dat
    2007-12-13 19:46 . 2007-12-13 19:46 32 –ahs—- C:\WINDOWS\{7C54A722-CC4A-4D73-96F5-F0BC7A34CCA0}.dat
    2007-12-13 19:46 . 2007-12-13 19:46 14 –a—— C:\WINDOWS\system32\SR2.dat
    2007-12-13 19:45 . 2007-12-13 19:48 <DIR> d——– C:\Program Files\Symantec
    2007-12-13 19:45 . 2007-12-28 17:46 <DIR> d——– C:\Program Files\Common Files\Symantec Shared
    2007-12-13 19:45 . 2007-12-13 19:45 <DIR> d——– C:\Documents and Settings\EUROMAXItest\Application Data\Symantec
    2007-12-13 19:45 . 2007-12-13 19:46 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Symantec
    2007-12-13 19:45 . 1998-06-24 00:00 609,584 –a—— C:\WINDOWS\system32\COMCTL32.OCX
    2007-12-13 19:45 . 1998-10-29 16:45 306,688 –a—— C:\WINDOWS\IsUninst.exe
    2007-12-13 19:45 . 1998-06-18 11:58 94,208 –a—— C:\WINDOWS\system32\msstkprp.dll
    2007-12-13 19:45 . 1998-06-26 00:00 89,600 –a—— C:\WINDOWS\system32\MSCAL.OCX

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-28 01:24 ——— d—–w C:\Documents and Settings\EUROMAXItest\Application Data\GetRightToGo
    2007-12-28 00:26 ——— d—–w C:\Documents and Settings\EUROMAXItest\Application Data\Xfire
    2007-12-27 23:29 22,328 —-a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-12-27 23:29 107,832 —-a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-12-27 22:06 ——— d—–w C:\Documents and Settings\EUROMAXItest\Application Data\teamspeak2
    2007-12-13 20:48 66,872 —-a-w C:\WINDOWS\system32\PnkBstrA.exe
    2007-12-13 20:48 ——— d—–w C:\Documents and Settings\LocalService\Application Data\Xfire
    2007-12-13 20:46 ——— d—–w C:\Program Files\microsoft frontpage
    2007-12-13 20:45 ——— d—–w C:\Documents and Settings\NetworkService\Application Data\Xfire
    2007-12-13 20:39 315,392 —-a-w C:\WINDOWS\HideWin.exe
    2007-12-13 20:39 ——— d—–w C:\Program Files\Realtek
    2007-12-13 20:27 22,328 —-a-w C:\Documents and Settings\EUROMAXItest\Application Data\PnkBstrK.sys
    2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32\nvwddi.dll
    2007-10-04 16:14 81,920 —-a-w C:\WINDOWS\system32\nvmctray.dll
    2007-10-04 16:14 8,491,008 —-a-w C:\WINDOWS\system32\nvcpl.dll
    2007-10-04 16:14 753,664 —-a-w C:\WINDOWS\system32\nvcplui.exe
    2007-10-04 16:14 6,750,208 —-a-w C:\WINDOWS\system32\nvoglnt.dll
    2007-10-04 16:14 6,344,704 —-a-w C:\WINDOWS\system32\nvdisps.dll
    2007-10-04 16:14 5,783,424 —-a-w C:\WINDOWS\system32\nv4_disp.dll
    2007-10-04 16:14 466,944 —-a-w C:\WINDOWS\system32\nvshell.dll
    2007-10-04 16:14 45,056 —-a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-10-04 16:14 442,368 —-a-w C:\WINDOWS\system32\nvappbar.exe
    2007-10-04 16:14 425,984 —-a-w C:\WINDOWS\system32\keystone.exe
    2007-10-04 16:14 364,544 —-a-w C:\WINDOWS\system32\nvapi.dll
    2007-10-04 16:14 36,864 —-a-w C:\WINDOWS\system32\nvcodins.dll
    2007-10-04 16:14 36,864 —-a-w C:\WINDOWS\system32\nvcod.dll
    2007-10-04 16:14 307,200 —-a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-10-04 16:14 3,551,232 —-a-w C:\WINDOWS\system32\nvvitvs.dll
    2007-10-04 16:14 3,334,144 —-a-w C:\WINDOWS\system32\nvgames.dll
    2007-10-04 16:14 286,720 —-a-w C:\WINDOWS\system32\nvnt4cpl.dll
    2007-10-04 16:14 229,376 —-a-w C:\WINDOWS\system32\nvmccs.dll
    2007-10-04 16:14 2,371,584 —-a-w C:\WINDOWS\system32\nvwss.dll
    2007-10-04 16:14 188,416 —-a-w C:\WINDOWS\system32\nvmccss.dll
    2007-10-04 16:14 155,716 —-a-w C:\WINDOWS\system32\nvsvc32.exe
    2007-10-04 16:14 147,456 —-a-w C:\WINDOWS\system32\nvcolor.exe
    2007-10-04 16:14 1,703,936 —-a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-10-04 16:14 1,626,112 —-a-w C:\WINDOWS\system32\nwiz.exe
    2007-10-04 16:14 1,478,656 —-a-w C:\WINDOWS\system32\nview.dll
    2007-10-04 16:14 1,339,392 —-a-w C:\WINDOWS\system32\nvdspsch.exe
    2007-10-04 16:14 1,150,976 —-a-w C:\WINDOWS\system32\nvmobls.dll
    2007-10-04 16:14 1,019,904 —-a-w C:\WINDOWS\system32\nvwimg.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{333F6D03-4C5F-4FD1-9FDF-ECE487F9532A}]
    C:\WINDOWS\system32\ddcyv.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:15]
    "PopUpStopperProfessional"="F:\POP-UP~1\POPUPS~1.EXE" [2003-09-10 13:45]
    "SpyEmergency"="F:\NETGATE\Spy Emergency 2007\SpyEmergency.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22]
    "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:03 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-02-03 11:54 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-20 11:04 C:\WINDOWS\SkyTel.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03]

    R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2002-08-14 06:03]

    .
    Inhoud van de 'Gedeelde Taken' map
    "2007-12-13 18:50:33 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
    "2007-12-13 18:49:10 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
    - C:\Program Files\Norton SystemWorks\OBC.exe
    "2007-12-28 16:50:51 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-28 17:50:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2007-12-28 17:52:57 - machine was rebooted


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:56:13, on 28-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    F:\POP-UP~1\POPUPS~1.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    f:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: (no name) - {333F6D03-4C5F-4FD1-9FDF-ECE487F9532A} - C:\WINDOWS\system32\ddcyv.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [PopUpStopperProfessional] "F:\POP-UP~1\POPUPS~1.EXE"
    O4 - HKCU\..\Run: [SpyEmergency] "F:\NETGATE\Spy Emergency 2007\SpyEmergency.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe


    End of file - 4918 bytes


    M.vr.Richard
  • Probeer het volgende programma ook eens:

    VundoFix

    Ik weet niet zeker meer of er ook een logfile gemaakt wordt, maar zo ja post hem dan even.
  • Hoi Citomaster ,

    Allereerst heb ik na gebruik van combifix geen last meer van de pop-up?
    Ik zag wel het betreffende bestandje (de file ddcyv die norton ook aangaf) staan tijdens scannen in het scherm met een melding.
    De file is nu ook verdwenen uit mijn system32 map.

    Ik heb als eerste vundofix en vixfundo beide gedaan en daar werd 1 ander virus wel ontdekt (ddcyyab.dll) en verwijderd echter werd het virus met de naam ddcyv.dll niet herkend.

    Ik heb nu wederom beide gedaan en er werd wel 1 file vermeld
    Vundofix:
    VundoFix V6.7.7

    Checking Java version…

    Sun Java not detected
    Scan started at 20:16:01 28-12-2007

    Listing files found while scanning….

    No infected files were found.

    Fixvundo:
    Trojan.Vundo has been successfully removed from your computer!

    Here is the report:

    The total number of the scanned files: 148871
    The number of deleted files: 0
    The number of viral processes terminated: 1
    The number of viral processes suspended: 1
    The number of viral threads terminated: 0
    The number of registry entries fixed: 0

    Ik heb nog wel het eerste bestandje wat werd verwijderd in de
    vundofix backups map staan kan ik deze gewoon verwijderen?
    dit is een ddcyyab.dll file met de vermelding bad erachter.

    Weet niet of het nu in orde is zo , maar wil in ieder geval beide alvast bedanken voor de hulp.
    Mocht ik toch nog iets doen hoor ik het graag.

    Richard

    Net even gechecked en in de comfix log en en quarantine map staat
    de vemelde filde die norton aangaf.
    2007-12-28 15:27 7102 –a—— C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.ini2.vir
    2007-12-28 15:28 7102 –a—— C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.ini.vir
    2007-12-28 17:49 1765 –a—— C:\Qoobox\Quarantine\C\ComboFix\errdbg.dat.vir

    wat doe ik hiermee?
  • Sluit alle open vensters.
    Start HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:770f8adf47]O2 - BHO: (no name) - {333F6D03-4C5F-4FD1-9FDF-ECE487F9532A} - C:\WINDOWS\system32\ddcyv.dll (file missing)[/b:770f8adf47]

    Klik daarna op "Fix checked" en sluit HijackThis af.

    Ga naar Start - Uitvoeren en tik in: [b:770f8adf47]ComboFix /u[/b:770f8adf47]
    Druk op Enter.

    Update je virusscanner, en laat de volledige computer controleren op aanwezigheid van malware.
    Wordt er wat gevonden, dan laat je dit verwijderen.

    Meldt daarna of er nog problemen zijn.
  • Hoi ,

    Er is iets misgegaan met mijn laatste post geloof ik.
    Hierin had ik vermeld dat ik alles heb gedaan wat je hebt gevraagd.
    Na het scannen gaf mijn virus scanner aan dat er geen fouten waren. :D
    Heel erg bedankt voor jullie snelle reactie :wink:

    M.vr.gr.Richard

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.