Archief - W32.SillyFDC

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.

Epyon

Legacy Member
Blijkbaar is er in een of ander bestand een wormpje meegekomen, meer bepaald W32.SillyFDC. Mijn Norton maakte er korte metten mee, maar toch nog even een HJT logje voor de zekerheid. Ik heb van de gelegenheid gebruik gemaakt om even de Flexnet Licensing en Bonjour services uit te zetten en sindsdien kan ik niet meer aan het procesoverzicht (C:\Windows\system32\services.msc Access Denied). Ook zijn er in het HJT logje twee regels die ik niet vertrouw (rood gemerkt).

*edit*
Het services.msc probleem heb ik ondertussen al opgelost door de .msc extensie terug aan de Microsoft Management Console te binden. Blijkbaar had overijverige Norton dat gewijzigd.

Logfile of HijackThis v1.99.1
Scan saved at 17:00:25, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
G:\Appz\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: D - {835F52A2-C31C-3185-B2D4-63AF97CE59CD} - C:\WINDOWS\system32\xwr35200.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdzaf.exe] C:\WINDOWS\system32\kdzaf.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{18692B39-19E5-4CEB-939D-AFC6D006DD1C}: NameServer = 85.255.112.102;85.255.112.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{18692B39-19E5-4CEB-939D-AFC6D006DD1C}: NameServer = 85.255.112.102;85.255.112.168

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

Juisterr

Legacy Member
Klopt die twee wijzen op een wareout infectie.

ik zet er nog even een rode regel bij.

Logfile of HijackThis v1.99.1



Klik met de rechtermuis op het programma Hijackthis en Kies
'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdzaf.exe] C:\WINDOWS\system32\kdzaf.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{18692B39-19E5-4CEB-939D-AFC6D006DD1C}: NameServer = 85.255.112.102;85.255.112.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{18692B39-19E5-4CEB-939D-AFC6D006DD1C}: NameServer = 85.255.112.102;85.255.112.168





Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.


Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Plaats dit logje samen met een nieuw logje van HijackThis.


Download Trend Micro Hijack This™
Dubbelklik HJTInstall.exe om HijackThis te installeren.
Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
HijackThis zal openen na het installeren.
Klik de Scan knop onderaan.
Dit zal de scan starten en een log openen.
Kopieer en plak deze log in je volgende post.

Epyon

Legacy Member
Malwarebytes' Anti-Malware 1.30
Database versie: 1419
Windows 5.1.2600 Service Pack 3

24/11/2008 20:10:47
mbam-log-2008-11-24 (20-10-47).txt

Scan type: Snelle Scan
Objecten gescand: 52680
Verstreken tijd: 2 minute(s), 51 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 3
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 4
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 7

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{835f52a2-c31c-3185-b2d4-63af97ce59cd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{835f52a2-c31c-3185-b2d4-63af97ce59cd} (Trojan.BHO) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdzaf.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18692b39-19e5-4ceb-939d-afc6d006dd1c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.102;85.255.112.168 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18692b39-19e5-4ceb-939d-afc6d006dd1c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.102;85.255.112.168 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{18692b39-19e5-4ceb-939d-afc6d006dd1c}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.102;85.255.112.168 -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
C:\WINDOWS\system32\kdzaf.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\WINDOWS\Temp\tempo-3ED.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-7EF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-ADF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-C4B.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-C93.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xwr35200.dll (Trojan.BHO) -> Quarantined and deleted successfully.

-----------
Logfile of HijackThis v1.99.1
Scan saved at 20:15:14, on 24/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
G:\Appz\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdzaf.exe] C:\WINDOWS\system32\kdzaf.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

Dit ziet er idd al beter uit. Wat deed die wareout infectie precies?

Mijn laptop was ook met dit virus geinfecteerd (verspreidt zich blijkbaar via geheugenkaartjes), ik heb hier dezelfde stappen op gedaan.

Jurgenv1

Legacy Member
Post alvast eens een nieuw logje hier met de nieuwere versie van hijackthis zoals Juisterr zei. (zie sticky voor de instructies)

Epyon

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:33, on 24/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Mirc\mirc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdzaf.exe] C:\WINDOWS\system32\kdzaf.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 6358 bytes

Daar is die kdzaf.exe weer :oink: .

Juisterr

Legacy Member
Krijgen we wel weg hoor.

Download Combofix naar je Bureaublad.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
  • Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
  • Klik op OK in het "NirCmd" venstertje.
  • Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster.
  • Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
  • Klik na afloop terug op Ja om het scannen op malware te starten.
  • Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
  • Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.
Post dit logje in je volgende antwoord.

Epyon

Legacy Member
ComboFix 08-11-24.03 - Epyon 2008-11-25 13:06:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1426 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Epyon\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-10-25 to 2008-11-25 ))))))))))))))))))))))))))))))
.

2008-11-24 21:43 . 2008-11-24 21:43 <DIR> d-------- c:\program files\Trend Micro
2008-11-24 21:39 . 2008-11-24 21:39 4,444 --a------ c:\windows\system32\pid.PNF
2008-11-24 19:15 . 2008-11-24 19:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-24 19:15 . 2008-11-24 19:15 <DIR> d-------- c:\documents and settings\Epyon\Application Data\Malwarebytes
2008-11-24 19:15 . 2008-11-24 19:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-24 19:15 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-24 19:15 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 23:55 . 2008-11-02 13:56 <DIR> d--h----- c:\documents and settings\Administrator.EPY\Sjablonen
2008-11-23 23:55 . 2008-11-02 14:43 <DIR> d--h----- c:\documents and settings\Administrator.EPY\Onlangs geopend
2008-11-23 23:55 . 2008-11-02 14:43 <DIR> d--h----- c:\documents and settings\Administrator.EPY\Netwerkprinteromgeving
2008-11-23 23:55 . 2008-11-02 14:43 <DIR> d-------- c:\documents and settings\Administrator.EPY\Mijn documenten
2008-11-23 23:55 . 2008-11-02 14:43 <DIR> dr------- c:\documents and settings\Administrator.EPY\Menu Start
2008-11-23 23:55 . 2008-11-02 14:43 <DIR> d-------- c:\documents and settings\Administrator.EPY\Favorieten
2008-11-23 23:55 . 2008-11-02 14:43 <DIR> d-------- c:\documents and settings\Administrator.EPY\Bureaublad
2008-11-23 23:55 . 2008-11-23 23:55 <DIR> d-------- c:\documents and settings\Administrator.EPY
2008-11-23 23:47 . 2008-11-02 13:56 <DIR> d--h----- c:\documents and settings\Administrator\Sjablonen
2008-11-23 23:47 . 2008-11-02 14:43 <DIR> d--h----- c:\documents and settings\Administrator\Onlangs geopend
2008-11-23 23:47 . 2008-11-02 14:43 <DIR> d--h----- c:\documents and settings\Administrator\Netwerkprinteromgeving
2008-11-23 23:47 . 2008-11-02 14:43 <DIR> d-------- c:\documents and settings\Administrator\Mijn documenten
2008-11-23 23:47 . 2008-11-02 14:43 <DIR> dr------- c:\documents and settings\Administrator\Menu Start
2008-11-23 23:47 . 2008-11-02 14:43 <DIR> d-------- c:\documents and settings\Administrator\Favorieten
2008-11-23 23:47 . 2008-11-02 14:43 <DIR> d-------- c:\documents and settings\Administrator\Bureaublad
2008-11-23 23:47 . 2008-11-23 23:47 <DIR> d-------- c:\documents and settings\Administrator
2008-11-23 23:46 . 2008-11-23 23:46 167 --a------ c:\windows\system32\drivers\fwdrv.err
2008-11-23 15:34 . 2008-11-23 15:34 <DIR> d-------- c:\documents and settings\Epyon\Application Data\ACD Systems
2008-11-23 15:32 . 2008-11-23 15:32 <DIR> d-------- c:\program files\Common Files\ACD Systems
2008-11-23 15:32 . 2008-11-23 15:32 <DIR> d-------- c:\program files\ACD Systems
2008-11-23 15:32 . 2008-11-23 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-11-23 15:31 . 2008-11-23 15:31 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-22 18:20 . 2008-11-22 20:22 69 --a------ c:\windows\NeroDigital.ini
2008-11-21 15:41 . 2008-11-21 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-20 21:15 . 2008-11-20 21:15 <DIR> d-------- c:\program files\Bonjour
2008-11-20 21:09 . 2008-11-20 21:09 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-20 21:07 . 2008-11-20 21:15 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-20 21:04 . 2008-11-20 21:04 <DIR> d-------- c:\temp\Adobe CS3
2008-11-19 18:35 . 2004-07-20 17:24 1,568,768 --------- c:\windows\system32\ImagX7.dll
2008-11-19 18:35 . 2004-07-20 17:24 476,320 --------- c:\windows\system32\ImagXpr7.dll
2008-11-19 18:35 . 2004-07-20 17:24 471,040 --------- c:\windows\system32\ImagXRA7.dll
2008-11-19 18:35 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2008-11-19 18:35 . 2004-07-20 17:24 262,144 --------- c:\windows\system32\ImagXR7.dll
2008-11-19 18:35 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2008-11-19 18:35 . 2001-06-26 08:15 38,912 --------- c:\windows\system32\picn20.dll
2008-11-19 18:34 . 2008-11-19 18:37 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-19 18:34 . 2008-11-19 18:35 <DIR> d-------- c:\program files\Ahead
2008-11-19 18:34 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-11-19 18:27 . 2008-11-19 18:34 <DIR> d-------- c:\documents and settings\Epyon\dwhelper
2008-11-18 14:09 . 2008-11-18 14:09 <DIR> d-------- c:\program files\PLATINUM Tools
2008-11-18 14:09 . 2008-11-18 14:10 <DIR> d-------- c:\documents and settings\Epyon\Application Data\PLATINUM PV-Monitor
2008-11-18 14:07 . 2008-11-18 14:07 <DIR> d-------- c:\program files\SolarConfig
2008-11-12 16:07 . 2008-11-12 16:07 <DIR> d-------- c:\windows\Sun
2008-11-11 20:02 . 2008-07-27 09:42 91,520 --a------ c:\windows\system32\drivers\SysPlant.sys
2008-11-11 20:01 . 2008-11-11 20:02 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-11 20:01 . 2008-11-11 20:02 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-11 20:01 . 2008-11-11 20:02 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-11 20:01 . 2008-11-11 20:02 10,563 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-11 20:01 . 2008-11-11 20:02 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-11 16:40 . 2008-11-11 16:41 <DIR> d-------- C:\Fotos
2008-11-08 20:48 . 2008-11-24 18:21 <DIR> d-------- c:\program files\PeerGuardian2
2008-11-08 11:58 . 2008-11-08 11:58 <DIR> d-------- c:\program files\Java
2008-11-08 11:58 . 2008-11-08 11:58 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-08 11:58 . 2008-11-08 11:58 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-08 11:52 . 2008-11-08 11:52 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Softland
2008-11-08 11:51 . 2008-11-08 11:51 <DIR> d-------- c:\program files\Softland
2008-11-08 11:51 . 2008-10-08 13:43 20,120 --a------ c:\windows\system32\dopdfmn6.dll
2008-11-08 11:51 . 2008-10-08 13:43 18,072 --a------ c:\windows\system32\dopdfmi6.dll
2008-11-08 11:51 . 2008-09-08 12:44 7,481 --a------ c:\windows\system32\dopdf6.ctm
2008-11-06 21:45 . 2008-11-06 21:45 180,224 --a------ c:\windows\system32\wr35200.dll
2008-11-06 21:45 . 2008-11-06 21:45 49,152 --a------ c:\windows\system32\xa447968.exe
2008-11-06 21:45 . 2008-11-06 21:45 49,152 --a------ c:\windows\system32\xa447765.exe
2008-11-06 21:45 . 2008-11-06 21:45 49,152 --a------ c:\windows\system32\xa426609.exe
2008-11-06 21:45 . 2008-11-06 21:45 49,152 --a------ c:\windows\system32\xa426406.exe
2008-11-06 21:45 . 2008-11-06 21:45 49,152 --a------ c:\windows\system32\xa417203.exe
2008-11-06 21:45 . 2008-11-06 21:45 49,152 --a------ c:\windows\system32\xa417000.exe
2008-11-05 15:00 . 2008-11-05 15:00 <DIR> d-------- c:\documents and settings\Epyon\Application Data\MathWorks
2008-11-05 14:38 . 2008-11-05 14:38 645,120 --a------ c:\windows\system32\config.gms
2008-11-05 14:28 . 2008-11-05 14:28 <DIR> d-------- c:\program files\MATLAB
2008-11-05 13:56 . 2008-11-05 13:56 <DIR> d-------- c:\program files\Macromedia
2008-11-05 13:56 . <DIR> c:\program files\Common Files\Macromedia
2008-11-05 13:56 . 2008-11-05 13:56 <DIR> d-------- c:\program files\Bradbury
2008-11-05 13:55 . 2008-11-05 13:55 <DIR> d-------- c:\temp\homesite
2008-11-04 22:10 . 2008-11-04 22:10 <DIR> d-------- c:\documents and settings\Epyon\Application Data\Locktime
2008-11-04 21:57 . 2008-11-04 21:57 <DIR> d-------- c:\program files\NetLimiter 2 Pro
2008-11-04 21:57 . 2008-11-04 21:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Locktime
2008-11-04 21:45 . 2008-11-24 01:40 <DIR> d-------- c:\documents and settings\Epyon\Application Data\uTorrent
2008-11-04 14:46 . 2008-11-04 14:46 <DIR> d-------- c:\program files\FileZilla
2008-11-04 14:45 . 2008-11-04 14:45 <DIR> d-------- c:\documents and settings\Epyon\Application Data\teamspeak2
2008-11-04 14:17 . 2008-11-04 14:17 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-04 14:17 . 2008-09-16 01:14 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2008-11-04 14:17 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2008-11-04 14:17 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-11-04 14:17 . 2008-09-16 01:11 683,520 --a------ c:\windows\system32\divx.dll
2008-11-04 14:17 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-11-04 14:17 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-11-04 14:17 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-11-04 14:17 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2008-11-04 14:17 . 2008-09-16 01:12 81,920 --a------ c:\windows\system32\dpl100.dll
2008-11-04 14:17 . 2008-06-12 19:36 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-04 14:17 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-04 14:17 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2008-11-04 14:17 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini
2008-11-04 14:08 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax
2008-11-04 14:02 . 2008-11-04 14:02 <DIR> d-------- c:\documents and settings\Epyon\Application Data\Media Player Classic
2008-11-04 13:50 . 2008-11-04 13:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative
2008-11-03 22:28 . 2008-11-03 22:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\GRETECH
2008-11-03 22:27 . 2008-11-03 22:27 <DIR> d-------- c:\program files\GRETECH
2008-11-03 22:27 . 2008-11-03 22:27 <DIR> d-------- c:\documents and settings\Epyon\Application Data\GRETECH
2008-11-03 22:20 . 2008-11-03 22:20 <DIR> d-------- c:\program files\Real Alternative
2008-11-03 22:19 . 2008-11-03 22:19 <DIR> d-------- c:\program files\QuickTime Alternative
2008-11-03 22:19 . 2008-11-03 22:20 <DIR> d-------- c:\program files\Media Player Classic
2008-11-03 22:19 . 2008-11-03 22:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-03 22:19 . 2005-10-17 20:58 65,536 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-03 22:19 . 2005-10-17 20:57 49,152 --a------ c:\windows\system32\QuickTime.qts
2008-11-03 21:50 . 2008-11-03 21:50 <DIR> d--h----- c:\program files\Creative Installation Information
2008-11-03 21:50 . 2008-11-03 21:50 <DIR> d-------- c:\program files\Common Files\Creative
2008-11-03 21:50 . 1999-12-13 09:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-11-03 21:50 . 1999-11-18 09:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-11-03 21:48 . 2008-11-03 21:50 <DIR> d-------- c:\program files\Creative
2008-11-03 21:46 . 2008-11-03 21:46 <DIR> d-------- c:\program files\Winamp
2008-11-03 21:46 . 2008-11-03 22:15 <DIR> d-------- c:\documents and settings\Epyon\Application Data\Winamp
2008-11-03 12:40 . 2008-04-14 22:32 219,136 --a------ c:\windows\system32\uxtheme.uxtender
2008-11-03 12:06 . 2008-11-02 13:54 211 --ahs---- C:\BOOT.BKK
2008-11-03 11:58 . 2008-04-14 22:32 219,136 --a--c--- c:\windows\system32\dllcache\uxtheme.dll
2008-11-02 23:25 . 2008-11-02 23:25 <DIR> d-------- c:\windows\system32\xlive
2008-11-02 23:23 . 2008-11-02 23:23 <DIR> d-------- c:\program files\MSBuild

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 19:04 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-11 19:02 --------- d-----w c:\program files\Symantec
2008-11-03 11:40 219,136 ----a-w c:\windows\system32\uxtheme.dll
2008-11-02 13:53 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-02 13:52 --------- d-----w c:\program files\Sunbelt Software
2008-11-02 13:39 24,064 ----a-w c:\windows\autoload.exe
2008-11-02 12:59 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-02 22:50 81,920 ----a-w c:\windows\system32\frapsvid.dll
2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-09-24 02:17 311,296 ----a-w c:\windows\system32\ati2dvag.dll
2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll
2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe
2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-09-24 01:54 4,008,864 ----a-w c:\windows\system32\ati3duag.dll
2008-09-24 01:38 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll
2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll
2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll
2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-09-24 01:12 573,440 ----a-w c:\windows\system32\ati2cqag.dll
2008-09-23 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-10-17 979968]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Fraps"="c:\fraps\FRAPS.EXE" [2008-10-02 3309224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-12 304640]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Epyon^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
path=c:\documents and settings\Epyon\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk
backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 c:\program files\Creative\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 11:03 868352 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 19:31 1372160 c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-08 11:58 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18-7-2006 12:02:50 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18-7-2006 12:02:52 91672]
R1 nltdi;nltdi;\??\c:\windows\system32\drivers\nltdi.sys [23-4-2007 12:03:04 82200]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService [2-11-2008 15:56:19 1382672]
R2 UltraMonUtility;UltraMon Utility Driver;\??\c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [24-9-2006 21:22:52 11776]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [23-2-2005 7:47:50 584512]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\Drivers\LCcFltr.Sys [2-11-2008 16:11:53 14095]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [24-9-2006 21:23:14 3584]
S0 stwlfbus;stwlfbus;c:\windows\system32\DRIVERS\stwlfbus.sys [27-4-2003 12:39:16 8704]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [29-5-2007 13:55:36 23888]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [23-11-2008 15:31:05 27904]
S3 st3wolf;st3wolf;c:\windows\system32\DRIVERS\st3wolf.sys [27-4-2003 11:43:06 99360]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-c:\windows\system32\kdzaf.exe - c:\windows\system32\kdzaf.exe
SafeBoot-Symantec Antvirus
MSConfigStartUp-kdzaf - c:\windows\system32\kdzaf.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Bijkomende Scan -------
.
FireFox -: Profile - c:\documents and settings\Epyon\Application Data\Mozilla\Firefox\Profiles\0zrbw1nv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://https://www.beyondgaming.be/forums
.
.
------- Bestandsassociaties -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-25 13:14:30
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1140)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(3400)
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
.
Voltooingstijd: 2008-11-25 13:17:13
ComboFix-quarantined-files.txt 2008-11-25 12:17:07

Pre-Run: 56.704.872.448 bytes beschikbaar
Post-Run: 56,740,974,592 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

304

Juisterr

Legacy Member
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-c:\windows\system32\kdzaf.exe - c:\windows\system32\kdzaf.exe
MSConfigStartUp-kdzaf - c:\windows\system32\kdzaf.exe


Mag ik nogmaals vragen om een nieuw HJT logje aub.

Epyon

Legacy Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:07:01, on 26/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Mirc\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 6396 bytes

Ziet er ok uit, i guess.

Juisterr

Legacy Member
Yeah, klachten over nu.

Dit was een "wareout infectie"

Gebruikt U usb data sticks ?

Epyon

Legacy Member
Nee, enkel een geheugenkaart voor mijn digitale camera. Daar heb ik de verborgen autorun.inf en Resycled map al van verwijderd (die W32.SillyFDC erop gezet had). Ik weet hoe SillyFDC op mijn systeem gekomen is, ik neem aan dat die wareout infectie met SillyFDC meegekomen is?

Creater

Legacy Member
Hallo,

Ik heb dit probleem helaas ook en een niew topic erover maken lijkt mij zinloos ik krijg steeds een melding van Norton: "AutoProtect blokkeerde beveiligingsrisico W32.SillyFDC. Uw computer is veilig. Ik heb al het proberen te verwijderen door middel van deze site: W32.SillyFDC - Symantec.com Ik heb alles gedaan wat er stond maar dat lukte helaas niet. Als ik dat bestandje autorun.inf verwijder dan komen er steeds weer nieuwe autorun.inf's. Iemand die mij kan helpen :cry:

PS: Hoe kan ik een HiJack log maken?

edit: Het rare is ook dat er bij Norton staat (bij Geschiedenis weergeven) dat hij in i:\ zit. Er staat i:\autorun.inf het rare is dat dat bestand op alle schijven zit behalve i:\ bij mij. Misschien heeft hij zich daar verstopt ofsow maar dat weet ik dus niet :cry:

Juisterr

Legacy Member
@ Epyon Epyon
Forum Supervisor

Inderdaad die is daar voor verantwoordelijk, is weer wat nieuws trouwens.



@Creater

U vind het zinloos, ik niet. Aub een nieuw topic maken en Uw problemen beschrijven, verwijs eventueel naar dit topic.

Een Hijackthis log maakt U zo.
* Download Trend Micro Hijack This™
Dubbelklik HJTInstall.exe om HijackThis te installeren.
Standaard zal HijackThis in de Program Files\Trendmicro map geïnstalleerd worden en een snelkoppeling zal op je bureaublad komen te staan.
HijackThis zal openen na het installeren.
Klik de Scan knop onderaan.
Dit zal de scan starten en een log openen.
Kopieer en plak deze log in je volgende post.

Maar maak aub een nieuw topic.
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan