Mededeling

Collapse
No announcement yet.

Bekijk alstublieft mijn logje

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Bekijk alstublieft mijn logje

    Ik heb de laatste tijd last van langzaam opstarten en probleempjes dat ik eerst niet had. Hier mijn Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:50:28, on 20-1-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\WLTRAY.exe
    C:\Program Files\Atheros\ACU.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\LaunchAp .exe
    C:\Program Files\Atheros\ACU .exe
    C:\WINDOWS\System32\igfxtray .exe
    C:\WINDOWS\System32\hkcmd .exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Launch Manager\HotkeyApp .exe
    C:\Program Files\Launch Manager\PowerKey .exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Launch Manager\OSDCtrl .exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Launch Manager\Wbutton .exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    C:\acer\epm\epm-dm .exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    C:\Program Files\Windows Defender\MSASCui .exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
    C:\WINDOWS\system32\ctfmon .exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.basilmarket.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F3 - REG:win.ini: load=C:\WINDOWS\system32\geebx.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM .exe /windowsstart /startifwork
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: Launch ACA Capture Pro - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
    O9 - Extra 'Tools' menuitem: Launch ACA Capture Pro - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183585742891
    O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
    O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Atheros-configuratieservice (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 10819 bytes

  • #2
    Download Combofix naar je bureaublad

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.
    Groet,
    Pimmerd

    Comment


    • #3
      Ik heb combofix gedownload en laten draaien, toen startten mijn computer opnieuw op zoals jij al zei, maar toen kreeg ik een error (DLM.exe toepassingsfour geloof ik) en er werd geen text bestand geopend. Nu heb ik even gezocht en vond ik dit:

      'ComboFix 08-01-21.7 - Hameeteman 2008-01-22 17:29:52.1 - NTFSx86
      Gestart vanuit: C:\Documents and Settings\Hameeteman\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt

      WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
      .'

      En hier het nieuwe logje:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:49, on 2008-01-22
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16574)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Acer\eManager\anbmServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\System32\WLTRAY.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.basilmarket.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F3 - REG:win.ini: load=C:\WINDOWS\system32\geebx.exe
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
      O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
      O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
      O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
      O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
      O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
      O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
      O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
      O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
      O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
      O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM .exe /windowsstart /startifwork
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm
      O8 - Extra context menu item: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm
      O8 - Extra context menu item: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm
      O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
      O9 - Extra button: Launch ACA Capture Pro - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
      O9 - Extra 'Tools' menuitem: Launch ACA Capture Pro - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
      O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183585742891
      O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
      O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Atheros-configuratieservice (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
      O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
      O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

      --
      End of file - 9153 bytes

      Comment


      • #4
        Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:

        sc delete AntiVirScheduler
        sc delete AntiVirService
        sc delete aswUpdSv

        Sla het vervolgens op als fix.bat op je Bureaublad
        Kies bij Opslaan als type voor Alle bestanden.
        Dubbelklik vervolgens op fix.bat, een kort dosscherm springt voorbij, dit is normaal.

        Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

        F3 - REG:win.ini: load=C:\WINDOWS\system32\geebx.exe
        O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)

        Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

        Probeer nu nogmaals Combofix te laten draaien. Post het logje hiervan samen met een nieuw Hijackthislogje.
        Groet,
        Pimmerd

        Comment


        • #5
          Ik heb gedaan wat je zei en combofix nog eens laten draaien maar toen hij opnieuw opstartte kreeg ik ong 10 van deze errors:
          http://img135.imageshack.us/my.php?image=explorerexeid4.png

          en het bestand combofix.txt is precies hetzelfde

          Ik hoop dat jij weet wat er aan de hand is

          Comment


          • #6
            Kan je Combofix eens laten draaien in veilige modus:


            Start wel op in veilige modus zonder netwerkondersteuning!
            Daarna, post dat logje, samen met een nieuw Hijackthis logje.
            Groet,
            Pimmerd

            Comment


            • #7
              Okee het heeft gewerkt
              Combofix.txt:

              ComboFix 08-01-23.2 - Hameeteman 2008-01-23 15:29:02.3 - NTFSx86 MINIMAL
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.328 [GMT 1:00]
              Gestart vanuit: C:\Documents and Settings\Hameeteman\Bureaublad\ComboFix.exe

              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
              .

              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              C:\Program Files\Download Manager\DLM .exe
              C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
              C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
              C:\WINDOWS\system32\ctfmon .exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\WINDOWS\system32\geebx.dll
              C:\WINDOWS\system32\geebx.exe
              C:\WINDOWS\system32\opnopnn.dll
              C:\WINDOWS\system32\xbeeg.ini
              C:\WINDOWS\system32\xbeeg.ini2
              C:\WINDOWS\Fonts\'
              .
              ---- Previous Run -------
              .
              C:\Acer\ePM\epm-dm .exe
              C:\Acer\ePM\epm-dm.exe
              C:\Acer\ePM\ePM .exe
              C:\Acer\ePM\ePM.exe
              C:\Program Files\Atheros\ACU .exe
              C:\Program Files\Atheros\ACU.exe
              C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe
              C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
              C:\Program Files\Download Manager\DLM .exe
              C:\Program Files\Hitman Pro\xphelper .exe
              C:\Program Files\Hitman Pro\xphelper.exe
              C:\Program Files\Launch Manager\CtrlVol .exe
              C:\Program Files\Launch Manager\CtrlVol.exe
              C:\Program Files\Launch Manager\HotkeyApp .exe
              C:\Program Files\Launch Manager\HotkeyApp.exe
              C:\Program Files\Launch Manager\LaunchAp .exe
              C:\Program Files\Launch Manager\LaunchAp.exe
              C:\Program Files\Launch Manager\OSDCtrl .exe
              C:\Program Files\Launch Manager\OSDCtrl.exe
              C:\Program Files\Launch Manager\PowerKey .exe
              C:\Program Files\Launch Manager\PowerKey.exe
              C:\Program Files\Launch Manager\Wbutton .exe
              C:\Program Files\Launch Manager\Wbutton.exe
              C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
              C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
              C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
              C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
              C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
              C:\Program Files\Temporary
              C:\Program Files\Temporary\kernInst.exe
              C:\Program Files\Windows Defender\MSASCui .exe
              C:\Program Files\Windows Defender\MSASCui.exe
              C:\WINDOWS\b122.exe
              C:\WINDOWS\Fonts\a.zip
              C:\WINDOWS\system32\ctfmon .exe
              C:\WINDOWS\system32\ctfmon.exe.tmp
              C:\WINDOWS\system32\efcdaay.dll
              C:\WINDOWS\system32\geebx.exe
              C:\WINDOWS\system32\hkcmd .exe
              C:\WINDOWS\System32\hkcmd.exe
              C:\WINDOWS\system32\igfxtray .exe
              C:\WINDOWS\System32\igfxtray.exe
              C:\WINDOWS\system32\opnopnn.dll
              C:\WINDOWS\system32\RCX3D.tmp
              C:\WINDOWS\system32\RCX42.tmp
              C:\WINDOWS\system32\RCX45.tmp
              C:\WINDOWS\system32\RCX46.tmp
              C:\WINDOWS\system32\RCX47.tmp
              C:\WINDOWS\system32\xbeeg.ini
              C:\WINDOWS\system32\xbeeg.ini2
              D:\Autorun.inf

              Code:
               <pre>
              C:\Acer\ePM\ePM .exe ---> QooBox
              C:\Acer\ePM\epm-dm .exe ---> QooBox
              C:\Program Files\Atheros\ACU .exe ---> QooBox
              C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe ---> QooBox
              C:\Program Files\Hitman Pro\xphelper .exe ---> QooBox
              C:\Program Files\Launch Manager\CtrlVol .exe ---> QooBox
              C:\Program Files\Launch Manager\HotkeyApp .exe ---> QooBox
              C:\Program Files\Launch Manager\LaunchAp .exe ---> QooBox
              C:\Program Files\Launch Manager\OSDCtrl .exe ---> QooBox
              C:\Program Files\Launch Manager\PowerKey .exe ---> QooBox
              C:\Program Files\Launch Manager\Wbutton .exe ---> QooBox
              C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe ---> QooBox
              C:\Program Files\Synaptics\SynTP\SynTPEnh .exe ---> QooBox
              C:\Program Files\Synaptics\SynTP\SynTPLpr .exe ---> QooBox
              C:\Program Files\Windows Defender\MSASCui .exe ---> QooBox
              C:\WINDOWS\system32\ctfmon .exe ---> QooBox
              C:\WINDOWS\system32\hkcmd .exe ---> QooBox
              C:\WINDOWS\system32\igfxtray .exe ---> QooBox
              C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE ---> QooBox
              C:\WINDOWS\system32\ctfmon .exe ---> QooBox
              </pre>
              .
              .
              ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

              .
              -------\LEGACY_NPF






              (((((((((((((((((((( Bestanden Gemaakt van 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))
              .

              2008-01-22 17:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
              2008-01-20 14:29 . 2004-09-22 20:00 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
              2008-01-20 14:29 . 2004-09-22 20:00 58,048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
              2008-01-20 14:27 . 2008-01-20 14:29 <DIR> d-------- C:\Program Files\Network Associates
              2008-01-20 14:10 . 2008-01-20 14:10 <DIR> d-------- C:\Program Files\Kaspersky Lab
              2008-01-20 12:16 . 2008-01-20 12:16 <DIR> d-------- C:\Program Files\CCleaner
              2008-01-19 20:26 . 2008-01-19 20:26 <DIR> d-------- C:\Program Files\Trend Micro
              2008-01-18 13:36 . 2008-01-19 20:08 161 --a------ C:\Delme.bat
              2008-01-18 13:19 . 2008-01-18 13:19 36,864 --a------ C:\WINDOWS\17PHolmes1188.exe
              2008-01-18 13:19 . 2008-01-18 13:19 260 --a------ C:\7603.bat
              2008-01-17 18:35 . 2008-01-17 18:37 <DIR> d-------- C:\Program Files\Incomplete
              2008-01-17 18:33 . 2008-01-17 18:33 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
              2008-01-17 18:33 . 2008-01-17 18:33 0 --ah----- C:\WINDOWS\SwSys2.bmp
              2008-01-17 18:33 . 2008-01-17 18:33 0 --ah----- C:\WINDOWS\SwSys1.bmp
              2008-01-17 18:30 . 2008-01-18 18:43 376,320 --a------ C:\WINDOWS\mrofinu1188.exe.tmp
              2008-01-16 20:23 . 2008-01-16 20:23 268 --ah----- C:\sqmdata01.sqm
              2008-01-16 20:23 . 2008-01-16 20:23 244 --ah----- C:\sqmnoopt01.sqm
              2008-01-16 19:33 . 2008-01-16 19:33 <DIR> d-------- C:\Program Files\MSXML 4.0
              2008-01-09 16:01 . 2008-01-16 21:46 1,374 --a------ C:\WINDOWS\imsins.BAK

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-01-23 14:40 --------- d-----w C:\Program Files\Download Manager
              2008-01-22 16:38 --------- d-----w C:\Program Files\Windows Defender
              2008-01-22 16:38 --------- d-----w C:\Program Files\Launch Manager
              2008-01-22 16:38 --------- d-----w C:\Program Files\Hitman Pro
              2008-01-22 16:38 --------- d-----w C:\Program Files\Atheros
              2008-01-20 13:27 --------- d-----w C:\Program Files\Common Files\Network Associates
              2008-01-18 15:27 --------- d-----w C:\Program Files\BannedStory
              2008-01-18 15:23 --------- d-----w C:\Program Files\Call of Duty
              2008-01-18 15:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
              2008-01-18 12:48 --------- d-----w C:\Program Files\SpywareBlaster
              2008-01-18 12:43 --------- d-----w C:\Program Files\Spyware Doctor
              2008-01-16 18:34 --------- d-----w C:\Program Files\Common Files\Adobe
              2008-01-16 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2007-12-18 13:24 --------- d-----w C:\Program Files\Google
              2007-12-17 17:47 --------- d-----w C:\Program Files\BitTorrent
              2007-10-25 14:01 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
              .
              Code:
              <pre>
              ----a-w         1,103,480 2008-01-23 14:40:44  C:\Program Files\Download Manager\DLM .exe
              ----a-w           218,640 2008-01-20 13:23:25  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
              </pre>

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
              "igndlm.exe"="C:\Program Files\Download Manager\DLM .exe" [2008-01-23 15:40 1103480]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Broadcom Wireless Manager UI"="C:\WINDOWS\System32\WLTRAY" [ ]
              "ACU"="C:\Program Files\Atheros\ACU.exe" [ ]
              "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
              "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
              "SoundMan"="SOUNDMAN.EXE" [2005-04-15 10:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
              "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [ ]
              "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [ ]
              "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [ ]
              "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
              "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [ ]
              "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [ ]
              "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
              "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
              "EPM-DM"="c:\acer\epm\epm-dm.exe" [ ]
              "ePowerManagement"="C:\Acer\ePM\ePM.exe" [ ]
              "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
              "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [ ]
              "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [ ]
              "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
              "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [ ]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]

              [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
              Authentication Packages REG_MULTI_SZ msv1_0 C:\\WINDOWS\\system32\\geebx

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
              C:\Program Files\BitTorrent\bittorrent.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
              --a------ 2007-06-10 18:02 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
              --a------ 2008-01-18 18:42 1482240 C:\Program Files\Download Manager\DLM.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
              C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

              R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
              R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\System32\drivers\epm-psd.sys [2004-07-19 12:10]
              R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\System32\drivers\epm-shd.sys [2005-04-07 17:08]
              R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
              S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
              S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 06:46]
              S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys
              S3 DADriv1;DADriv1;C:\Documents and Settings\Hameeteman\Bureaublad\DAEngine\DAK32.sys
              S3 DISK_DRIVE32;DISK_DRIVE32;C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2[1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\Disk drove\disk_1024.sys
              S3 GGK;GGK;C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2[1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\ggk.sys
              S3 iCheat1;iCheat1;C:\Documents and Settings\Hameeteman\Bureaublad\iCheat13\nvid999.sys
              S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Hameeteman\Bureaublad\MoonLight_Engine_1129.1\IlvMoney1129.sys
              S3 MzBot.sys;MzBot.sys;C:\WINDOWS\system32\MzBot.sys [2007-04-01 12:41]
              S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Documents and Settings\Hameeteman\Bureaublad\VE5_1032\VE5 1032\nvid999.sys
              S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 17:29]
              S3 puma1;puma1;C:\Documents and Settings\Hameeteman\Bureaublad\Puma
              S3 SoRa01;SoRa01;C:\Documents and Settings\Hameeteman\Bureaublad\HaxingkoekjeHack Pack\Engine\SoRa Remak Engine 2.6\SoRa.sys

              *Newly Created Service* - ENTDRV51
              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-01-23 14:39:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
              - C:\Program Files\Windows Defender\MpCmdRun.exe
              .
              **************************************************************************

              catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-01-23 15:40:46
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              "ImagePath"="\??\C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2
              [1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\Disk drove\disk_1024.sys"

              --
              "ImagePath"="\??\C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2
              [1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\ggk.sys"

              .


              En hier HJT log:


              Logfile of Trend Micro HijackThis v2.0.2
              Scan saved at 15:53, on 2008-01-23
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.6000.16574)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Windows Defender\MsMpEng.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              C:\Acer\eManager\anbmServ.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
              C:\Program Files\Network Associates\VirusScan\Mcshield.exe
              C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
              C:\WINDOWS\system32\PnkBstrA.exe
              C:\Program Files\Viewpoint\Common\ViewpointService.exe
              C:\WINDOWS\System32\wltrysvc.exe
              C:\WINDOWS\System32\bcmwltry.exe
              C:\WINDOWS\System32\WLTRAY.exe
              C:\WINDOWS\SOUNDMAN.EXE
              C:\WINDOWS\system32\wuauclt.exe
              C:\WINDOWS\system32\NOTEPAD.EXE
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.basilmarket.com/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
              O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
              O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
              O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
              O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
              O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
              O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
              O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
              O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
              O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
              O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
              O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
              O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
              O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
              O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
              O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
              O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
              O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
              O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
              O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
              O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
              O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM .exe /windowsstart /startifwork
              O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
              O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
              O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
              O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
              O8 - Extra context menu item: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm
              O8 - Extra context menu item: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm
              O8 - Extra context menu item: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm
              O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: Launch ACA Capture Pro - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
              O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
              O9 - Extra 'Tools' menuitem: Launch ACA Capture Pro - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
              O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183585742891
              O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
              O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
              O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
              O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://controls.flatcast-data.com/data/objects/NpFv415.dll
              O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
              O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
              O23 - Service: Atheros-configuratieservice (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
              O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
              O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
              O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
              O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
              O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
              O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
              O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
              O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
              O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

              --
              End of file - 8406 bytes

              Comment


              • #8
                Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

                RENV::
                C:\Program Files\Download Manager\DLM .exe
                C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe

                File::
                C:\Delme.bat
                C:\WINDOWS\17PHolmes1188.exe
                C:\7603.bat

                Registry::
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
                "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

                Sla dit op op je Bureaublad als CFScript.txt

                Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



                Dit zal ComboFix doen herstarten.
                Start opnieuw op als daarom gevraagd wordt,
                en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

                Hoe is het met je problemen?
                Groet,
                Pimmerd

                Comment


                • #9
                  De snelheid van het opstarten is nog steeds niet hetzelfde als voorheen maar het lijkt er wel beter op te worden

                  Combofix.txt:

                  ComboFix 08-01-23.2 - Hameeteman 2008-01-23 20:48:32.4 - NTFSx86
                  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.175 [GMT 1:00]
                  Gestart vanuit: C:\Documents and Settings\Hameeteman\Bureaublad\ComboFix.exe
                  Command switches used :: C:\Documents and Settings\Hameeteman\Bureaublad\CFScript.txt
                  * Nieuw herstelpunt werd aangemaakt

                  WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

                  FILE
                  C:\7603.bat
                  C:\Delme.bat
                  C:\WINDOWS\17PHolmes1188.exe
                  .

                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .

                  C:\7603.bat
                  C:\Delme.bat
                  C:\WINDOWS\17PHolmes1188.exe
                  .
                  ---- Previous Run -------
                  .
                  C:\Acer\ePM\epm-dm .exe
                  c:\acer\epm\epm-dm.exe
                  C:\Acer\ePM\ePM .exe
                  C:\Acer\ePM\ePM.exe
                  C:\Program Files\Atheros\ACU .exe
                  C:\Program Files\Atheros\ACU.exe
                  C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe
                  C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
                  C:\Program Files\Download Manager\DLM .exe
                  C:\Program Files\Hitman Pro\xphelper .exe
                  C:\Program Files\Hitman Pro\xphelper.exe
                  C:\Program Files\Launch Manager\CtrlVol .exe
                  C:\Program Files\Launch Manager\CtrlVol.exe
                  C:\Program Files\Launch Manager\HotkeyApp .exe
                  C:\Program Files\Launch Manager\HotkeyApp.exe
                  C:\Program Files\Launch Manager\LaunchAp .exe
                  C:\Program Files\Launch Manager\LaunchAp.exe
                  C:\Program Files\Launch Manager\OSDCtrl .exe
                  C:\Program Files\Launch Manager\OSDCtrl.exe
                  C:\Program Files\Launch Manager\PowerKey .exe
                  C:\Program Files\Launch Manager\PowerKey.exe
                  C:\Program Files\Launch Manager\Wbutton .exe
                  C:\Program Files\Launch Manager\Wbutton.exe
                  C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
                  C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
                  C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
                  C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
                  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
                  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
                  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
                  C:\Program Files\Temporary
                  C:\Program Files\Temporary\kernInst.exe
                  C:\Program Files\Windows Defender\MSASCui .exe
                  C:\Program Files\Windows Defender\MSASCui.exe
                  C:\WINDOWS\b122.exe
                  C:\WINDOWS\Fonts\a.zip
                  C:\WINDOWS\system32\ctfmon .exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\WINDOWS\system32\ctfmon.exe.tmp
                  C:\WINDOWS\system32\efcdaay.dll
                  C:\WINDOWS\system32\geebx.dll
                  C:\WINDOWS\system32\geebx.exe
                  C:\WINDOWS\system32\hkcmd .exe
                  C:\WINDOWS\system32\hkcmd.exe
                  C:\WINDOWS\system32\igfxtray .exe
                  C:\WINDOWS\System32\igfxtray.exe
                  C:\WINDOWS\system32\opnopnn.dll
                  C:\WINDOWS\system32\RCX3D.tmp
                  C:\WINDOWS\system32\RCX42.tmp
                  C:\WINDOWS\system32\RCX45.tmp
                  C:\WINDOWS\system32\RCX46.tmp
                  C:\WINDOWS\system32\RCX47.tmp
                  C:\WINDOWS\system32\xbeeg.ini
                  C:\WINDOWS\system32\xbeeg.ini2
                  D:\Autorun.inf
                  C:\WINDOWS\Fonts\'

                  Code:
                   <pre>
                  C:\Acer\ePM\ePM .exe ---> QooBox
                  C:\Acer\ePM\epm-dm .exe ---> QooBox
                  C:\Program Files\Atheros\ACU .exe ---> QooBox
                  C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe ---> QooBox
                  C:\Program Files\Hitman Pro\xphelper .exe ---> QooBox
                  C:\Program Files\Launch Manager\CtrlVol .exe ---> QooBox
                  C:\Program Files\Launch Manager\HotkeyApp .exe ---> QooBox
                  C:\Program Files\Launch Manager\LaunchAp .exe ---> QooBox
                  C:\Program Files\Launch Manager\OSDCtrl .exe ---> QooBox
                  C:\Program Files\Launch Manager\PowerKey .exe ---> QooBox
                  C:\Program Files\Launch Manager\Wbutton .exe ---> QooBox
                  C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe ---> QooBox
                  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe ---> QooBox
                  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe ---> QooBox
                  C:\Program Files\Windows Defender\MSASCui .exe ---> QooBox
                  C:\WINDOWS\system32\ctfmon .exe ---> QooBox
                  C:\WINDOWS\system32\hkcmd .exe ---> QooBox
                  C:\WINDOWS\system32\igfxtray .exe ---> QooBox
                  C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE ---> QooBox
                  C:\WINDOWS\system32\ctfmon .exe ---> QooBox
                  </pre>
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

                  .
                  -------\LEGACY_NPF








                  (((((((((((((((((((( Bestanden Gemaakt van 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))
                  .

                  2008-01-23 16:18 . 2008-01-23 16:23 <DIR> d-------- C:\Program Files\IrfanView
                  2008-01-22 17:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
                  2008-01-20 14:29 . 2004-09-22 20:00 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
                  2008-01-20 14:29 . 2004-09-22 20:00 58,048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
                  2008-01-20 14:27 . 2008-01-20 14:29 <DIR> d-------- C:\Program Files\Network Associates
                  2008-01-20 14:10 . 2008-01-20 14:10 <DIR> d-------- C:\Program Files\Kaspersky Lab
                  2008-01-20 12:16 . 2008-01-20 12:16 <DIR> d-------- C:\Program Files\CCleaner
                  2008-01-19 20:26 . 2008-01-19 20:26 <DIR> d-------- C:\Program Files\Trend Micro
                  2008-01-17 18:35 . 2008-01-17 18:37 <DIR> d-------- C:\Program Files\Incomplete
                  2008-01-17 18:33 . 2008-01-17 18:33 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
                  2008-01-17 18:33 . 2008-01-17 18:33 0 --ah----- C:\WINDOWS\SwSys2.bmp
                  2008-01-17 18:33 . 2008-01-17 18:33 0 --ah----- C:\WINDOWS\SwSys1.bmp
                  2008-01-17 18:30 . 2008-01-18 18:43 376,320 --a------ C:\WINDOWS\mrofinu1188.exe.tmp
                  2008-01-16 20:23 . 2008-01-16 20:23 268 --ah----- C:\sqmdata01.sqm
                  2008-01-16 20:23 . 2008-01-16 20:23 244 --ah----- C:\sqmnoopt01.sqm
                  2008-01-16 19:33 . 2008-01-16 19:33 <DIR> d-------- C:\Program Files\MSXML 4.0
                  2008-01-09 16:01 . 2008-01-16 21:46 1,374 --a------ C:\WINDOWS\imsins.BAK

                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2008-01-23 19:48 --------- d-----w C:\Program Files\Download Manager
                  2008-01-23 18:18 --------- d-----w C:\Program Files\Call of Duty
                  2008-01-23 17:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
                  2008-01-22 16:38 --------- d-----w C:\Program Files\Windows Defender
                  2008-01-22 16:38 --------- d-----w C:\Program Files\Launch Manager
                  2008-01-22 16:38 --------- d-----w C:\Program Files\Hitman Pro
                  2008-01-22 16:38 --------- d-----w C:\Program Files\Atheros
                  2008-01-20 13:27 --------- d-----w C:\Program Files\Common Files\Network Associates
                  2008-01-18 15:27 --------- d-----w C:\Program Files\BannedStory
                  2008-01-18 12:48 --------- d-----w C:\Program Files\SpywareBlaster
                  2008-01-18 12:43 --------- d-----w C:\Program Files\Spyware Doctor
                  2008-01-16 18:34 --------- d-----w C:\Program Files\Common Files\Adobe
                  2008-01-16 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
                  2007-12-18 13:24 --------- d-----w C:\Program Files\Google
                  2007-12-17 17:47 --------- d-----w C:\Program Files\BitTorrent
                  2007-10-25 14:01 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
                  .

                  ((((((((((((((((((((((((((((( [email protected]_15.41.59.18 )))))))))))))))))))))))))))))))))))))))))
                  .
                  - 2008-01-23 14:27:37 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
                  + 2008-01-23 19:48:18 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
                  - 2008-01-23 14:27:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
                  + 2008-01-23 19:48:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
                  - 2008-01-23 14:27:41 6,729,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
                  + 2008-01-23 19:48:18 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
                  - 2008-01-23 14:27:41 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
                  + 2008-01-23 19:48:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
                  + 2008-01-23 19:48:19 6,778,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
                  + 2008-01-23 19:48:19 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
                  - 2008-01-18 15:13:42 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
                  + 2008-01-23 17:09:25 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  REGEDIT4
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
                  "igndlm.exe"="C:\Program Files\Download Manager\DLM .exe" [ ]

                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Broadcom Wireless Manager UI"="C:\WINDOWS\System32\WLTRAY" [ ]
                  "ACU"="C:\Program Files\Atheros\ACU.exe" [ ]
                  "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
                  "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
                  "SoundMan"="SOUNDMAN.EXE" [2005-04-15 10:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
                  "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [ ]
                  "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [ ]
                  "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [ ]
                  "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
                  "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [ ]
                  "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [ ]
                  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
                  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
                  "EPM-DM"="c:\acer\epm\epm-dm.exe" [ ]
                  "ePowerManagement"="C:\Acer\ePM\ePM.exe" [ ]
                  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
                  "Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [ ]
                  "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [ ]
                  "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
                  "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [ ]

                  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                  "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
                  C:\Program Files\BitTorrent\bittorrent.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
                  --a------ 2007-06-10 18:02 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
                  --a------ 2008-01-23 15:40 1103480 C:\Program Files\Download Manager\DLM.exe

                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
                  C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

                  R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
                  R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\System32\drivers\epm-psd.sys [2004-07-19 12:10]
                  R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\System32\drivers\epm-shd.sys [2005-04-07 17:08]
                  R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
                  S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys
                  S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 06:46]
                  S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys
                  S3 DADriv1;DADriv1;C:\Documents and Settings\Hameeteman\Bureaublad\DAEngine\DAK32.sys
                  S3 DISK_DRIVE32;DISK_DRIVE32;C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2[1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\Disk drove\disk_1024.sys
                  S3 GGK;GGK;C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2[1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\ggk.sys
                  S3 iCheat1;iCheat1;C:\Documents and Settings\Hameeteman\Bureaublad\iCheat13\nvid999.sys
                  S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Hameeteman\Bureaublad\MoonLight_Engine_1129.1\IlvMoney1129.sys
                  S3 MzBot.sys;MzBot.sys;C:\WINDOWS\system32\MzBot.sys [2007-04-01 12:41]
                  S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Documents and Settings\Hameeteman\Bureaublad\VE5_1032\VE5 1032\nvid999.sys
                  S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 17:29]
                  S3 puma1;puma1;C:\Documents and Settings\Hameeteman\Bureaublad\Puma
                  S3 SoRa01;SoRa01;C:\Documents and Settings\Hameeteman\Bureaublad\HaxingkoekjeHack Pack\Engine\SoRa Remak Engine 2.6\SoRa.sys

                  .
                  Inhoud van de 'Gedeelde Taken' map
                  "2008-01-23 14:42:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
                  - C:\Program Files\Windows Defender\MpCmdRun.exe
                  .
                  **************************************************************************

                  catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-01-23 20:53:40
                  Windows 5.1.2600 Service Pack 2 NTFS

                  scannen van verborgen processen ...

                  scannen van verborgen autostart items ...

                  scannen van verborgen bestanden ...

                  Scan succesvol afgerond
                  verborgen bestanden: 0

                  **************************************************************************
                  "ImagePath"="\??\C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2
                  [1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\Disk drove\disk_1024.sys"

                  --
                  "ImagePath"="\??\C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2
                  [1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\ggk.sys"

                  .

                  HJT log:

                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 20:58, on 2008-01-23
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16574)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Windows Defender\MsMpEng.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  C:\Acer\eManager\anbmServ.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                  C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                  C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                  C:\WINDOWS\system32\PnkBstrA.exe
                  C:\Program Files\Viewpoint\Common\ViewpointService.exe
                  C:\WINDOWS\System32\wltrysvc.exe
                  C:\WINDOWS\System32\bcmwltry.exe
                  C:\WINDOWS\System32\WLTRAY.exe
                  C:\WINDOWS\SOUNDMAN.EXE
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.basilmarket.com/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
                  O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
                  O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
                  O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
                  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
                  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
                  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                  O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
                  O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
                  O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
                  O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
                  O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
                  O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
                  O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
                  O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
                  O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
                  O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
                  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                  O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
                  O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
                  O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
                  O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM .exe /windowsstart /startifwork
                  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
                  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
                  O8 - Extra context menu item: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm
                  O8 - Extra context menu item: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm
                  O8 - Extra context menu item: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm
                  O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
                  O9 - Extra button: Launch ACA Capture Pro - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
                  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
                  O9 - Extra 'Tools' menuitem: Launch ACA Capture Pro - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
                  O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183585742891
                  O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
                  O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
                  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
                  O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://controls.flatcast-data.com/data/objects/NpFv415.dll
                  O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
                  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                  O23 - Service: Atheros-configuratieservice (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
                  O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
                  O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
                  O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
                  O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
                  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
                  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
                  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
                  O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
                  O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

                  --
                  End of file - 8406 bytes

                  Comment


                  • #10
                    Deinstalleer Combofix:
                    Ga naar start --> uitvoeren en typ daar: combofix /u
                    Combofix wordt nu verwijderd en er wordt een nieuw herstelpunt aangemaakt.

                    Download ATF Cleaner (by Atribune)

                    Dubbelklik op ATF cleaner om het programma te starten.
                    Op het tabblad "Main", plaats je een vinkje bij Select All.
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook FireFox als browser hebt:
                    Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                    Klik op de knop Empty Selected.

                    Het volgende doen als je ook Opera als browser hebt:
                    Klik op tabblad "Opera", plaats een vinkje bij Select All.
                    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                    Klik op de knop Empty Selected.
                    Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                    Nog problemen?
                    Groet,
                    Pimmerd

                    Comment


                    • #11
                      Ik weet niet hoe maar het is je gelukt
                      Dankjewel voor je hulp! Hij start nu weer snel op en geen rare errors meer

                      groeten,
                      m0nkey

                      Comment


                      • #12
                        Graag gedaan
                        Groet,
                        Pimmerd

                        Comment

                        Sorry, you are not authorized to view this page
                        Working...
                        X