[OPGELOST] fout bij het opstarten

knightgangsta · 27 december 2007

ok hij vond de fout idd.

en ook nog een andere fout waar ik last van had het probleem is ik kan ze niet weg doen ik moet het dan kopen

al hard bedankt voor de moeite

kape · 27 december 2007

@ Karel,

ik zie net dat het een behoorlijk lastige spyware is die 167 mogelijke dll files gebruikt XXWVV.DLL, Spyware Remove Met de scanner op de site zou je hem kunnen verwijderen: Prevx CSI Download

Er is hier wel wat spraakverwarring, vrees ik. Je oplossing gaat over de .dll-files met dezelfde naam, maar bij het probleem is er sprake van de .exe-files. Vermits de scanner enkel op .dll-files van spyware gericht is, zal hij geen weg weten met dat .exe-bestand, tenzij de foutmelding van topicstarter niet helemaal correct is. En bovendien zal je het programma Prevx niet gratis kunnen gebruiken om bestanden te verwijderen.

knightgangsta · 27 december 2007

maar de exe file is al weg

en hij vond de fout nu nog weg krijgen

kape · 27 december 2007

Hoe het .exe-bestand dan verdwenen is, blijft me een raadsel (vermits je nog niets via Prevx verwijderd hebt). Vooral omdat Prevx niet gratis foute bestanden verwijderd, wat ook al duidelijk wordt uit je bericht. Maar goed ... Probeer het eens met een combinatie van HiJackThis en Combofix.

Download HiJackThis

Maak een log met HJT.

Download Combofix.exe en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan

En zet dan beide logjes eens in een volgend bericht.

knightgangsta · 27 december 2007

ja ik zei toch dat norton dit verwijdert heeft kijk maar naar mijn eerste bericht

hier is de log

ComboFix 07-12-21.4 - olivier 2007-12-27 12:59:34.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.842 [GMT 1:00]

Gestart vanuit: C:\Users\olivier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F9QOCGBI\ComboFix[1].exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\olivier\AppData\Roaming\inst.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))

.

2007-12-27 12:55 . 2007-12-27 12:55 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-27 12:11 . 2007-12-27 12:37 <DIR> d-------- C:\Program Files\PrevxCSI

2007-12-27 12:05 . 2007-12-27 12:12 <DIR> d-------- C:\Users\olivier\AppData\Roaming\PrevxCSI

2007-12-27 11:47 . 2007-12-27 11:47 <DIR> d-------- C:\Users\olivier\AppData\Roaming\TuneUp Software

2007-12-26 23:45 . 2005-09-23 08:29 626,688 --a------ C:\Windows\System32\msvcr80.dll

2007-12-25 15:25 . 2007-05-29 13:55 22,112 --a------ C:\Windows\System32\drivers\COH_Mon.sys

2007-12-25 15:25 . 2007-05-29 13:55 10,592 --a------ C:\Windows\System32\drivers\COH_Mon.cat

2007-12-25 15:25 . 2007-05-29 13:55 705 --a------ C:\Windows\System32\drivers\COH_Mon.inf

2007-12-25 14:50 . 2007-12-25 15:25 <DIR> d-------- C:\Program Files\Norton Internet Security

2007-12-25 14:48 . 2007-12-25 15:13 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS

2007-12-25 14:48 . 2007-12-25 15:13 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT

2007-12-25 14:48 . 2007-12-25 15:13 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF

2007-12-25 14:47 . 2007-12-25 15:13 <DIR> d-------- C:\Program Files\Symantec

2007-12-25 14:17 . 2007-12-25 14:17 <DIR> d-------- C:\Users\olivier\AppData\Roaming\Symantec

2007-12-25 14:12 . 2007-12-25 15:25 <DIR> d-------- C:\Users\All Users\Symantec

2007-12-25 14:12 . 2007-12-25 15:25 <DIR> d-------- C:\PROGRA~2\Symantec

2007-12-25 13:53 . 2007-12-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

2007-12-25 02:41 . 2007-12-25 02:41 <DIR> d-------- C:\Windows\Sun

2007-12-22 18:58 . 2007-12-22 18:58 117,248 --a------ C:\Windows\System32\mqtgsvc.exe

2007-12-22 18:58 . 2007-12-22 18:58 16,896 --a------ C:\Windows\System32\Norton Updater.exe

2007-12-22 00:55 . 2007-12-22 00:55 1,905 --a------ C:\Windows\diagwrn.xml

2007-12-22 00:55 . 2007-12-22 00:55 1,905 --a------ C:\Windows\diagerr.xml

2007-12-21 23:54 . 2007-12-21 23:54 <DIR> d-------- C:\Program Files\MagicISO

2007-12-18 22:08 . 2007-12-18 22:23 <DIR> d-------- C:\Program Files\Stellar Phoenix Windows Data Recovery

2007-12-18 22:08 . 1999-06-18 22:49 165,888 --a------ C:\Windows\Ckconfig.exe

2007-12-18 22:08 . 2006-03-01 02:10 69,632 --a------ C:\Windows\System32\Crypserv.exe

2007-12-18 22:08 . 2006-01-10 03:47 31,846 --a------ C:\Windows\System32\Ckldrv.sys

2007-12-18 22:08 . 1996-05-03 18:21 27,648 -ra------ C:\Windows\Setup_ck.exe

2007-12-18 22:08 . 1996-05-03 16:36 18,432 --a------ C:\Windows\Setup_ck.dll

2007-12-18 22:08 . 1995-07-04 19:33 11,776 --a------ C:\Windows\Ckrfresh.exe

2007-12-18 22:08 . 2007-12-18 22:16 3,360 --a------ C:\Windows\System32\esnecil.nlp

2007-12-18 22:08 . 2007-12-19 21:34 3,360 --a------ C:\Windows\System32\esnecil.ind

2007-12-18 22:08 . 2007-12-18 22:08 71 --a------ C:\Windows\Crypkey.ini

2007-12-18 22:08 . 2007-12-18 22:16 4 --a------ C:\Windows\vx86036.dat

2007-12-18 20:54 . 2007-12-18 20:57 <DIR> d-------- C:\Users\olivier\AppData\Roaming\DAEMON Tools

2007-12-18 20:53 . 2007-12-18 20:53 <DIR> d-------- C:\Program Files\DAEMON Tools

2007-12-13 14:09 . 2007-12-16 02:10 <DIR> d-------- C:\Program Files\Steam

2007-12-13 14:09 . 2007-12-16 02:09 <DIR> d-------- C:\Program Files\Common Files\Steam

2007-12-13 00:57 . 2007-12-13 00:57 1,327,104 --a------ C:\Windows\System32\quartz.dll

2007-12-13 00:56 . 2007-12-13 00:56 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2007-12-13 00:56 . 2007-12-13 00:56 223,232 --a------ C:\Windows\System32\WMASF.DLL

2007-12-13 00:56 . 2007-12-13 00:56 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2007-12-13 00:56 . 2007-12-13 00:56 2,048 --a------ C:\Windows\System32\asferror.dll

2007-12-13 00:54 . 2007-12-13 00:54 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe

2007-12-13 00:54 . 2007-12-13 00:54 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe

2007-12-13 00:54 . 2007-12-13 00:54 2,048 --a------ C:\Windows\System32\tzres.dll

2007-12-07 17:04 . 2007-12-07 17:07 <DIR> d-------- C:\Program Files\Your Uninstaller 2008

2007-12-07 12:19 . 2007-12-07 12:19 <DIR> d-------- C:\Program Files\DVD Shrink

2007-12-06 17:26 . 2007-12-06 17:26 <DIR> d-------- C:\Windows\Profiles

2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\Windows\System32\divx_xx0c.dll

2007-12-04 02:33 . 2007-12-04 02:33 823,296 --a------ C:\Windows\System32\divx_xx07.dll

2007-12-04 02:33 . 2007-12-04 02:33 802,816 --a------ C:\Windows\System32\divx_xx11.dll

2007-12-04 02:33 . 2007-12-04 02:33 682,496 --a------ C:\Windows\System32\DivX.dll

2007-12-04 02:33 . 2007-12-04 02:33 630,784 --a------ C:\Windows\System32\divxdec.ax

2007-12-02 01:22 . 2007-12-02 01:23 <DIR> d-------- C:\Users\All Users\SSScanAppDataDir

2007-12-02 01:22 . 2007-12-02 01:23 <DIR> d-------- C:\PROGRA~2\SSScanAppDataDir

2007-12-02 01:21 . 2007-12-02 01:21 <DIR> d-------- C:\Users\All Users\MSScanAppDataDir

2007-12-02 01:21 . 2007-12-02 01:21 <DIR> d-------- C:\PROGRA~2\MSScanAppDataDir

2007-12-02 01:18 . 2007-12-02 01:18 <DIR> d-------- C:\Users\All Users\Xerox

2007-12-02 01:18 . 2007-12-02 01:18 <DIR> d-------- C:\PROGRA~2\Xerox

2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\Windows\System32\drivers\srtspl.sys

2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\Windows\System32\drivers\srtsp.sys

2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\Windows\System32\drivers\srtspx.sys

2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspx.cat

2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspl.cat

2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\Windows\System32\drivers\srtsp.cat

2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\Windows\System32\drivers\srtspl.inf

2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\Windows\System32\drivers\srtspx.inf

2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\Windows\System32\drivers\srtsp.inf

2007-11-29 23:30 . 2007-11-29 23:30 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll

2007-11-29 23:30 . 2007-11-29 23:30 1,044,480 --a------ C:\Windows\System32\libdivx.dll

2007-11-29 23:30 . 2007-11-29 23:30 524,288 --a------ C:\Windows\System32\DivXsm.exe

2007-11-29 23:30 . 2007-11-29 23:30 200,704 --a------ C:\Windows\System32\ssldivx.dll

2007-11-29 23:30 . 2007-11-29 23:30 4,816 --a------ C:\Windows\System32\divxsm.tlb

2007-11-29 23:28 . 2007-11-29 23:28 196,608 --a------ C:\Windows\System32\dtu100.dll

2007-11-29 23:28 . 2007-11-29 23:28 81,920 --a------ C:\Windows\System32\dpl100.dll

2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\Windows\System32\dtu100.dll.manifest

2007-11-29 23:28 . 2007-11-29 23:28 416 --a------ C:\Windows\System32\dpl100.dll.manifest

2007-11-29 16:49 . 2007-11-29 16:49 73 --a------ C:\Windows\EurekaLog.ini

2007-11-29 00:19 . 2007-11-29 00:19 <DIR> d-------- C:\Users\All Users\ESET

2007-11-29 00:19 . 2007-11-29 00:19 <DIR> d-------- C:\PROGRA~2\ESET

2007-11-28 22:55 . 2007-11-28 22:55 156,992 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe

2007-11-28 22:53 . 2007-11-28 22:53 593,920 --a------ C:\Windows\System32\dpuGUI11.dll

2007-11-28 22:53 . 2007-11-28 22:53 344,064 --a------ C:\Windows\System32\dpus11.dll

2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\Windows\System32\dpu11.dll

2007-11-28 22:53 . 2007-11-28 22:53 294,912 --a------ C:\Windows\System32\dpu10.dll

2007-11-28 22:53 . 2007-11-28 22:53 57,344 --a------ C:\Windows\System32\dpv11.dll

2007-11-28 22:53 . 2007-11-28 22:53 53,248 --a------ C:\Windows\System32\dpuGUI10.dll

2007-11-28 22:52 . 2007-11-28 22:52 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-27 11:50 --------- d-----w C:\Users\olivier\AppData\Roaming\BitTorrent

2007-12-27 11:36 --------- d---a-w C:\PROGRA~2\TEMP

2007-12-27 00:58 --------- d-----w C:\Users\olivier\AppData\Roaming\Ahead

2007-12-23 15:07 --------- d-----w C:\Users\olivier\AppData\Roaming\BitTorrent DNA

2007-12-18 19:50 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys

2007-12-15 19:53 --------- d-----w C:\Users\olivier\AppData\Roaming\Vso

2007-12-14 19:17 159,744 ----a-w C:\Windows\System32\Netlog24Uninstaller.exe

2007-12-12 23:55 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys

2007-12-12 23:55 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys

2007-12-12 23:55 56,320 ----a-w C:\Windows\System32\iesetup.dll

2007-12-12 23:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2007-12-12 23:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2007-12-12 23:55 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys

2007-12-12 23:55 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys

2007-12-08 12:31 --------- d-----w C:\Program Files\YouTube Downloader

2007-12-07 15:51 --------- d-----w C:\Program Files\DivX

2007-12-07 11:21 --------- d-----w C:\PROGRA~2\DVD Shrink

2007-11-25 13:30 --------- d-----w C:\PROGRA~2\Messenger Plus!

2007-11-25 00:09 --------- d-----w C:\Program Files\Messenger Plus! Live

2007-11-25 00:04 --------- d-----w C:\Program Files\Windows Live

2007-11-25 00:03 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2007-11-25 00:00 --------- d-----w C:\PROGRA~2\WLInstaller

2007-11-19 15:45 --------- d-----w C:\Program Files\Netlog 24

2007-11-17 16:54 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2007-11-16 16:42 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr

2007-11-16 16:42 67,584 ----a-w C:\Windows\System32\wlanhlp.dll

2007-11-16 16:42 542,720 ----a-w C:\Windows\System32\sysmain.dll

2007-11-16 16:42 502,784 ----a-w C:\Windows\System32\wlansvc.dll

2007-11-16 16:42 47,104 ----a-w C:\Windows\System32\wlanapi.dll

2007-11-16 16:42 297,984 ----a-w C:\Windows\System32\wlansec.dll

2007-11-16 16:42 290,816 ----a-w C:\Windows\System32\wlanmsm.dll

2007-11-16 16:42 28,344 ----a-w C:\Windows\system32\drivers\battc.sys

2007-11-16 16:42 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2007-11-16 16:42 24,064 ----a-w C:\Windows\System32\wtsapi32.dll

2007-11-16 16:42 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys

2007-11-16 16:42 2,923,520 ----a-w C:\Windows\explorer.exe

2007-11-16 16:42 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2007-11-16 16:42 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys

2007-11-16 16:42 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys

2007-11-16 16:41 --------- d-----w C:\Program Files\Windows Mail

2007-11-08 15:17 30,728 ----a-w C:\Windows\system32\drivers\epfwtdir.sys

2007-11-08 15:10 27,656 ----a-w C:\Windows\system32\drivers\easdrv.sys

2007-11-08 15:09 33,800 ----a-w C:\Windows\system32\drivers\eamon.sys

2007-10-30 18:55 39,856 ----a-w C:\Windows\system32\drivers\symids.sys

2007-10-30 18:55 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys

2007-10-30 18:55 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys

2007-10-30 18:55 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys

2007-10-30 18:55 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys

2007-10-30 18:55 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys

2007-10-30 18:24 12,963 ----a-w C:\Windows\system32\drivers\SymRedir.cat

2007-10-30 18:24 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf

2007-10-28 13:36 --------- d-----w C:\Program Files\Java

2007-10-18 10:31 51,224 ----a-w C:\Windows\System32\sirenacm.dll

2007-10-10 14:30 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL

2007-10-10 14:30 7,680 ----a-w C:\Windows\System32\spwmp.dll

2007-10-10 14:30 4,096 ----a-w C:\Windows\System32\dxmasf.dll

2007-10-10 14:30 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll

2007-10-10 14:28 84,480 ----a-w C:\Windows\System32\INETRES.dll

2007-10-10 14:28 788,992 ----a-w C:\Windows\System32\rpcrt4.dll

2007-10-10 14:28 737,792 ----a-w C:\Windows\System32\inetcomm.dll

2007-09-25 18:38 47,360 ----a-w C:\Users\olivier\AppData\Roaming\pcouffin.sys

2007-09-19 16:49 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B063A9A-561A-4201-82A1-5731CB7E9BE5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler]

@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]

2007-02-12 13:12 44648 --a------ C:\Windows\system32\AcSignIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05]

"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2007-12-14 20:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-20 10:05]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-06 11:52]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-06 11:52]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-06 11:52]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 12:00]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 C:\Windows\RtHDVCpl.exe]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 17:31]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 21:50]

"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36]

"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-12-14 15:53]

"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 10:23]

"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 13:37]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]

"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-10 02:27]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 06:59]

"PrevxCSI"="C:\Program Files\PrevxCSI\prevxcsi.exe" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll

R1 easdrv;easdrv;C:\Windows\system32\DRIVERS\easdrv.sys [2007-11-08 16:10]

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-11-08 16:17]

R2 eamon;EAMON;C:\Windows\system32\DRIVERS\eamon.sys [2007-11-08 16:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - G:\Setup.exe

*Newly Created Service* - COMHOST

.

Inhoud van de 'Gedeelde Taken' map

"2007-12-27 12:04:24 C:\Windows\Tasks\1-Click Maintenance.job"

- C:\Program Files\TuneUp Utilities 2008\OneClick.exe

"2007-12-25 21:59:17 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - olivier.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-27 13:05:30

Windows 6.0.6000 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2007-12-27 13:07:22 - machine was rebooted

.

2007-12-12 23:57:15 --- E O F ---

knightgangsta · 27 december 2007

en hier van HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:56:18, on 27/12/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSD.exe

C:\Program Files\Launch Manager\WButton.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\explorer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=C:\Users\olivier\AppData\Local\Temp\byxwx.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: (no name) - {3B063A9A-561A-4201-82A1-5731CB7E9BE5} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Netlog 24] C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\olivier\AppData\Local\Temp\jkhec.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\olivier\AppData\Local\Temp\byxwx.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--

End of file - 9212 bytes

knightgangsta · 27 december 2007

Hoe het .exe-bestand dan verdwenen is, blijft me een raadsel (vermits je nog niets via Prevx verwijderd hebt). Vooral omdat Prevx niet gratis foute bestanden verwijderd, wat ook al duidelijk wordt uit je bericht. Maar goed ... Probeer het eens met een combinatie van HiJackThis en Combofix.
Download HiJackThis

Maak een log met HJT.

Download Combofix.exe en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan

En zet dan beide logjes eens in een volgend bericht.

ok de loggen staan er en nu ? ^^

kape · 27 december 2007

Nu je het zegt ... met die antivirus in je eerste bericht bedoelde je dus je Norton. OK. En dan nu ... kan je hier al mee beginnen.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

F3 - REG:win.ini: load=C:\Users\olivier\AppData\Local\Temp\byxwx.exe

O2 - BHO: (no name) - {3B063A9A-561A-4201-82A1-5731CB7E9BE5} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\olivier\AppData\Local\Temp\jkhec.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\olivier\AppData\Local\Temp\byxwx.dll,c

Klik op 'Fix checked' om de items te verwijderen.

Download ATF cleaner

Dubbelklik op ATF cleaner om het programma te starten.

Op het tabblad "Main", plaats je een vinkje bij Select All.

Klik op de knop Empty Selected.

En zet daarna een nieuw log van HJT in een bericht.

knightgangsta · 27 december 2007

Nu je het zegt ... met die antivirus in je eerste bericht bedoelde je dus je Norton. OK. En dan nu ... kan je hier al mee beginnen.
Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

F3 - REG:win.ini: load=C:\Users\olivier\AppData\Local\Temp\byxwx.exe

O2 - BHO: (no name) - {3B063A9A-561A-4201-82A1-5731CB7E9BE5} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\olivier\AppData\Local\Temp\jkhec.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\olivier\AppData\Local\Temp\byxwx.dll,c

Klik op 'Fix checked' om de items te verwijderen.

Download ATF cleaner

Dubbelklik op ATF cleaner om het programma te starten.

Op het tabblad "Main", plaats je een vinkje bij Select All.

Klik op de knop Empty Selected.

En zet daarna een nieuw log van HJT in een bericht.

ok heb ik gedaan hier is de log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:56:00, on 27/12/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe