Mededeling

Collapse
No announcement yet.

trojan.vundo.dvs verwijderd?

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • trojan.vundo.dvs verwijderd?

    Sinds gisteren had ik ongelofelijk veel last van een virus genaamd trojan.vundo.dvs. Elke keer als ik in Explorer navigeerde (bij elke klik) kreeg ik van men BitDefender een melding van een virus. Het ging om een bestand dat zich telkens maar opnieuw bleef aanmaken in de System32 folder van Windows.
    Ik heb meteen BitDefender laten scannen maar die vond niets, ook Ad-Aware en Spybot Search and Destroy vonden alleen kleine dingen. Hierna kwam ik op het idee de online scan van ESET (Nod32) te proberen. Deze heeft meer dan 4 uur gescant, maar ik had er ook wat aan. Want sinds een herstart (Die de scan aangaf om een deel van een virus te verwijderen), werkt alles weer normaal en krijg ik van BitDefender geen virus meldingen meer.
    Toch had ik graag men HijackThis logje even laten checken om zeker te zijn dat dit ook echt weg is.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:21:19, on 4/04/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\YPOPs\ypops.exe
    C:\Program Files\Firefox 3\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=73&bd=Pavilion&pf=laptop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_BE&c=73&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {0BB91625-DE69-41B0-B65A-D16E2369636F} - C:\Windows\system32\rqRjgdCU.dll (file missing)
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
    O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 9387 bytes

  • #2
    Download dit bestand: zoek.exe
    Dubbelklik het, na een tijdje opent er een logje.
    Post de inhoud van dit logje in je volgende bericht

    Comment


    • #3
      ======C:\Windows====
      ----a-w 121 2008-04-04 01:30:48 C:\Windows\bdagent.INI
      --s-a-w 67,584 2008-04-04 07:00:56 C:\Windows\bootstat.dat
      ----a-w 3,308 2008-04-04 01:31:11 C:\Windows\bthservsdp.dat
      ----a-w 419,724 2008-04-04 07:00:51 C:\Windows\PFRO.log
      ----a-w 0 2008-03-16 21:56:30 C:\Windows\savenchat.txt
      ------w 249,856 2008-03-25 19:46:42 C:\Windows\Setup1.exe
      ----a-w 0 2008-04-04 00:44:18 C:\Windows\setupact.log
      ----a-w 0 2008-04-04 00:44:18 C:\Windows\setuperr.log
      ----a-w 73,216 2008-03-25 19:46:40 C:\Windows\ST6UNST.EXE
      ----a-w 1,748,821 2008-04-04 07:40:37 C:\Windows\WindowsUpdate.log
      ----a-w 2,560 2008-03-14 22:37:52 C:\Windows\_MSRSTRT.EXE

      Entries: 11 (10)
      Directories: 0 Files: 11
      Bytes: 2,565,190 Blocks: 5,012
      ======C:\Windows\system32=====
      ---ha-w 3,200 2008-04-04 09:00:58 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
      ---ha-w 3,200 2008-04-04 09:00:58 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
      ----a-w 98,304 2008-03-25 12:56:35 C:\Windows\System32\CmdLineExt.dll
      ----a-w 1,772,928 2008-04-03 16:06:43 C:\Windows\System32\FNTCACHE.DAT
      ----a-w 35,840 2008-04-03 16:29:55 C:\Windows\System32\opnoLebA.dll
      ----a-w 108,458 2008-04-04 09:14:04 C:\Windows\System32\perfc009.dat
      ----a-w 128,462 2008-04-04 09:14:04 C:\Windows\System32\perfc013.dat
      ----a-w 621,374 2008-04-04 09:14:04 C:\Windows\System32\perfh009.dat
      ----a-w 702,232 2008-04-04 09:14:04 C:\Windows\System32\perfh013.dat
      ----a-w 1,551,062 2008-04-04 09:14:04 C:\Windows\System32\PerfStringBackup.INI
      ----a-w 12 2008-04-03 23:20:34 C:\Windows\System32\USERDATA.DAT

      Entries: 11 (9)
      Directories: 0 Files: 11
      Bytes: 5,025,072 Blocks: 9,819
      ======C:\Windows\system32\drivers=====
      ----a-w 85,520 2008-03-19 19:38:11 C:\Windows\System32\drivers\bdfndisf.sys
      ----a-w 223,424 2008-03-17 20:27:28 C:\Windows\System32\drivers\truecrypt.sys

      Entries: 2 (2)
      Directories: 0 Files: 2
      Bytes: 308,944 Blocks: 605
      =======C:\Program Files=====
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      =======C:=====
      --sha-w 2,145,837,056 2008-04-04 07:00:53 C:\hiberfil.sys
      --sha-r 0 2008-04-03 16:30:00 C:\IO.SYS
      --sha-r 0 2008-04-03 16:30:00 C:\MSDOS.SYS
      --sha-w 2,459,762,688 2008-04-04 07:00:52 C:\pagefile.sys

      Entries: 4 (0)
      Directories: 0 Files: 4
      Bytes: 4,605,599,744 Blocks: 8,995,312
      ======C:\Users\Carl\AppData\Roaming======
      ----a-w 67,368 2008-04-04 09:22:13 C:\Users\Carl\AppData\Roaming\nvModes.001
      ----a-w 67,368 2008-04-04 00:01:42 C:\Users\Carl\AppData\Roaming\nvModes.dat

      Entries: 2 (2)
      Directories: 0 Files: 2
      Bytes: 134,736 Blocks: 264
      ======C:\Temp======
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      ======C:\Users\Carl======
      --sha-w 4,980,736 2008-04-04 09:50:09 C:\Users\Carl\NTUSER.DAT
      ---ha-w 262,144 2008-04-04 09:50:09 C:\Users\Carl\ntuser.dat.LOG1
      --sha-w 4,980,736 2008-04-03 18:07:24 C:\Users\Carl\ntuser.dat_previous
      ----a-w 1,006,080 2008-04-03 16:30:23 C:\Users\Carl\winlogon.exe

      Entries: 4 (1)
      Directories: 0 Files: 4
      Bytes: 11,229,696 Blocks: 21,933
      ======C:\Windows\Downloaded Program Files====
      Entries: 0 (0)
      Directories: 0 Files: 0
      Bytes: 0 Blocks: 0
      =============

      Comment


      • #4
        Die scan van NOD heeft blijkbaar goed werk geleverd, ik vind geen foute bestanden meer

        Deze regel mag je nog weg halen met Hijackthis:
        O2 - BHO: (no name) - {0BB91625-DE69-41B0-B65A-D16E2369636F} - C:\Windows\system32\rqRjgdCU.dll (file missing)

        Comment


        • #5
          Ok, heel erg bedankt!
          Kan ik weer met een gerust hart verder werken

          Comment


          • #6
            Graag gedaan hoor

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X