Mededeling

**Pimmerd** · 21-01-08, 21:46

Download Combofix naar je bureaublad

Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op combofix.exe
Kies voor "Continue" door 1 te typen gevolgd door ENTER.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Plaats in je volgende antwoord het logje van combofix (combofix.txt) tesamen met een vers Hijackthis log.

**m0nkey** · 22-01-08, 17:49

Ik heb combofix gedownload en laten draaien, toen startten mijn computer opnieuw op zoals jij al zei, maar toen kreeg ik een error (DLM.exe toepassingsfour geloof ik) en er werd geen text bestand geopend. Nu heb ik even gezocht en vond ik dit:

'ComboFix 08-01-21.7 - Hameeteman 2008-01-22 17:29:52.1 - NTFSx86
Gestart vanuit: C:\Documents and Settings\Hameeteman\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.'

En hier het nieuwe logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49, on 2008-01-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.basilmarket.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F3 - REG:win.ini: load=C:\WINDOWS\system32\geebx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM .exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Launch ACA Capture Pro - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
O9 - Extra 'Tools' menuitem: Launch ACA Capture Pro - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183585742891
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros-configuratieservice (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9153 bytes

**Pimmerd** · 22-01-08, 18:14

Open een leeg kladblok venster en kopieer/plak onderstaande dikgedrukte tekst daarin:

sc delete AntiVirScheduler
sc delete AntiVirService
sc delete aswUpdSv

Sla het vervolgens op als fix.bat op je Bureaublad
Kies bij Opslaan als type voor Alle bestanden.
Dubbelklik vervolgens op fix.bat, een kort dosscherm springt voorbij, dit is normaal.

Start Hijackthis, kies voor 'Do a system scan only' en vink onderstaande regels aan:

F3 - REG:win.ini: load=C:\WINDOWS\system32\geebx.exe
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)

Sluit nu alle openstaande vensters, behalve Hijackthis en klik op Fix Checked.

Probeer nu nogmaals Combofix te laten draaien. Post het logje hiervan samen met een nieuw Hijackthislogje.

**m0nkey** · 22-01-08, 19:21

Ik heb gedaan wat je zei en combofix nog eens laten draaien maar toen hij opnieuw opstartte kreeg ik ong 10 van deze errors:
http://img135.imageshack.us/my.php?image=explorerexeid4.png

en het bestand combofix.txt is precies hetzelfde

Ik hoop dat jij weet wat er aan de hand is

**Pimmerd** · 22-01-08, 21:23

Kan je Combofix eens laten draaien in veilige modus:

404 Not Found

http://users.telenet.be/marcvn/spyware/1378056.htm

Start wel op in veilige modus zonder netwerkondersteuning!
Daarna, post dat logje, samen met een nieuw Hijackthis logje.

**m0nkey** · 23-01-08, 15:53

Okee het heeft gewerkt
Combofix.txt:

ComboFix 08-01-23.2 - Hameeteman 2008-01-23 15:29:02.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.328 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Hameeteman\Bureaublad\ComboFix.exe

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Download Manager\DLM .exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.exe
C:\WINDOWS\system32\opnopnn.dll
C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xbeeg.ini2
C:\WINDOWS\Fonts\'
.
---- Previous Run -------
.
C:\Acer\ePM\epm-dm .exe
C:\Acer\ePM\epm-dm.exe
C:\Acer\ePM\ePM .exe
C:\Acer\ePM\ePM.exe
C:\Program Files\Atheros\ACU .exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Download Manager\DLM .exe
C:\Program Files\Hitman Pro\xphelper .exe
C:\Program Files\Hitman Pro\xphelper.exe
C:\Program Files\Launch Manager\CtrlVol .exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\HotkeyApp .exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\LaunchAp .exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\OSDCtrl .exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\PowerKey .exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\Wbutton .exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\efcdaay.dll
C:\WINDOWS\system32\geebx.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\opnopnn.dll
C:\WINDOWS\system32\RCX3D.tmp
C:\WINDOWS\system32\RCX42.tmp
C:\WINDOWS\system32\RCX45.tmp
C:\WINDOWS\system32\RCX46.tmp
C:\WINDOWS\system32\RCX47.tmp
C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xbeeg.ini2
D:\Autorun.inf

Code:

 <pre>
C:\Acer\ePM\ePM .exe ---> QooBox
C:\Acer\ePM\epm-dm .exe ---> QooBox
C:\Program Files\Atheros\ACU .exe ---> QooBox
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe ---> QooBox
C:\Program Files\Hitman Pro\xphelper .exe ---> QooBox
C:\Program Files\Launch Manager\CtrlVol .exe ---> QooBox
C:\Program Files\Launch Manager\HotkeyApp .exe ---> QooBox
C:\Program Files\Launch Manager\LaunchAp .exe ---> QooBox
C:\Program Files\Launch Manager\OSDCtrl .exe ---> QooBox
C:\Program Files\Launch Manager\PowerKey .exe ---> QooBox
C:\Program Files\Launch Manager\Wbutton .exe ---> QooBox
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe ---> QooBox
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe ---> QooBox
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe ---> QooBox
C:\Program Files\Windows Defender\MSASCui .exe ---> QooBox
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\hkcmd .exe ---> QooBox
C:\WINDOWS\system32\igfxtray .exe ---> QooBox
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE ---> QooBox
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))
.

2008-01-22 17:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-20 14:29 . 2004-09-22 20:00 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2008-01-20 14:29 . 2004-09-22 20:00 58,048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2008-01-20 14:27 . 2008-01-20 14:29 <DIR> d-------- C:\Program Files\Network Associates
2008-01-20 14:10 . 2008-01-20 14:10 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-20 12:16 . 2008-01-20 12:16 <DIR> d-------- C:\Program Files\CCleaner
2008-01-19 20:26 . 2008-01-19 20:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-18 13:36 . 2008-01-19 20:08 161 --a------ C:\Delme.bat
2008-01-18 13:19 . 2008-01-18 13:19 36,864 --a------ C:\WINDOWS\17PHolmes1188.exe
2008-01-18 13:19 . 2008-01-18 13:19 260 --a------ C:\7603.bat
2008-01-17 18:35 . 2008-01-17 18:37 <DIR> d-------- C:\Program Files\Incomplete
2008-01-17 18:33 . 2008-01-17 18:33 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-17 18:33 . 2008-01-17 18:33 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-01-17 18:33 . 2008-01-17 18:33 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-01-17 18:30 . 2008-01-18 18:43 376,320 --a------ C:\WINDOWS\mrofinu1188.exe.tmp
2008-01-16 20:23 . 2008-01-16 20:23 268 --ah----- C:\sqmdata01.sqm
2008-01-16 20:23 . 2008-01-16 20:23 244 --ah----- C:\sqmnoopt01.sqm
2008-01-16 19:33 . 2008-01-16 19:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-09 16:01 . 2008-01-16 21:46 1,374 --a------ C:\WINDOWS\imsins.BAK

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:40 --------- d-----w C:\Program Files\Download Manager
2008-01-22 16:38 --------- d-----w C:\Program Files\Windows Defender
2008-01-22 16:38 --------- d-----w C:\Program Files\Launch Manager
2008-01-22 16:38 --------- d-----w C:\Program Files\Hitman Pro
2008-01-22 16:38 --------- d-----w C:\Program Files\Atheros
2008-01-20 13:27 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-01-18 15:27 --------- d-----w C:\Program Files\BannedStory
2008-01-18 15:23 --------- d-----w C:\Program Files\Call of Duty
2008-01-18 15:14 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-18 12:48 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-18 12:43 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-16 18:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-16 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 13:24 --------- d-----w C:\Program Files\Google
2007-12-17 17:47 --------- d-----w C:\Program Files\BitTorrent
2007-10-25 14:01 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.

Code:

<pre>
----a-w         1,103,480 2008-01-23 14:40:44  C:\Program Files\Download Manager\DLM .exe
----a-w           218,640 2008-01-20 13:23:25  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"igndlm.exe"="C:\Program Files\Download Manager\DLM .exe" [2008-01-23 15:40 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\System32\WLTRAY" [ ]
"ACU"="C:\Program Files\Atheros\ACU.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 10:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [ ]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [ ]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [ ]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [ ]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [ ]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [ ]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\\WINDOWS\\system32\\geebx

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
--a------ 2007-06-10 18:02 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-01-18 18:42 1482240 C:\Program Files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\System32\drivers\epm-psd.sys [2004-07-19 12:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\System32\drivers\epm-shd.sys [2005-04-07 17:08]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys

S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 06:46]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys

S3 DADriv1;DADriv1;C:\Documents and Settings\Hameeteman\Bureaublad\DAEngine\DAK32.sys

S3 DISK_DRIVE32;DISK_DRIVE32;C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2[1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\Disk drove\disk_1024.sys

S3 GGK;GGK;C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2[1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\ggk.sys

S3 iCheat1;iCheat1;C:\Documents and Settings\Hameeteman\Bureaublad\iCheat13\nvid999.sys

S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Hameeteman\Bureaublad\MoonLight_Engine_1129.1\IlvMoney1129.sys

S3 MzBot.sys;MzBot.sys;C:\WINDOWS\system32\MzBot.sys [2007-04-01 12:41]
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;C:\Documents and Settings\Hameeteman\Bureaublad\VE5_1032\VE5 1032\nvid999.sys

S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 17:29]
S3 puma1;puma1;C:\Documents and Settings\Hameeteman\Bureaublad\Puma

S3 SoRa01;SoRa01;C:\Documents and Settings\Hameeteman\Bureaublad\HaxingkoekjeHack Pack\Engine\SoRa Remak Engine 2.6\SoRa.sys

*Newly Created Service* - ENTDRV51
.
Inhoud van de 'Gedeelde Taken' map
"2008-01-23 14:39:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 15:40:46
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2
[1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\Disk drove\disk_1024.sys"

--
"ImagePath"="\??\C:\Documents and Settings\Hameeteman\Bureaublad\Omega Hack pack 2
[1].0\0mega Hack Pack 2.0\Omega Hack Pack 2.0\ggk.sys"

.

En hier HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.basilmarket.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] "C:\Acer\ePM\ePM.exe" boot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM .exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download alles met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download met Free Download Manager. - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selectie met Free Download Manager. - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Launch ACA Capture Pro - {905A31AA-BDD1-44bd-9920-53D34E5953A4} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
O9 - Extra 'Tools' menuitem: Launch ACA Capture Pro - {9543741D-4E79-4f0d-8E60-A702CDF8B2D2} - C:\Documents and Settings\Hameeteman\Bureaublad\ACACapturePro\SCapPro.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183585742891
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://controls.flatcast-data.com/data/objects/NpFv415.dll
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros-configuratieservice (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8406 bytes

**Pimmerd** · 23-01-08, 20:43

Open Kladblok, kopiëer en plak het volgende (vetgedrukte tekst) in een leeg venster:

RENV::
C:\Program Files\Download Manager\DLM .exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe

File::
C:\Delme.bat
C:\WINDOWS\17PHolmes1188.exe
C:\7603.bat

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.

Hoe is het met je problemen?

**m0nkey** · 23-01-08, 20:59

De snelheid van het opstarten is nog steeds niet hetzelfde als voorheen maar het lijkt er wel beter op te worden

Combofix.txt:

ComboFix 08-01-23.2 - Hameeteman 2008-01-23 20:48:32.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.175 [GMT 1:00]
Gestart vanuit: C:\Documents and Settings\Hameeteman\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hameeteman\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE
C:\7603.bat
C:\Delme.bat
C:\WINDOWS\17PHolmes1188.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\7603.bat
C:\Delme.bat
C:\WINDOWS\17PHolmes1188.exe
.
---- Previous Run -------
.
C:\Acer\ePM\epm-dm .exe
c:\acer\epm\epm-dm.exe
C:\Acer\ePM\ePM .exe
C:\Acer\ePM\ePM.exe
C:\Program Files\Atheros\ACU .exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Download Manager\DLM .exe
C:\Program Files\Hitman Pro\xphelper .exe
C:\Program Files\Hitman Pro\xphelper.exe
C:\Program Files\Launch Manager\CtrlVol .exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\HotkeyApp .exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\LaunchAp .exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\OSDCtrl .exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\PowerKey .exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\Wbutton .exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\Windows Defender\MSASCui .exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\efcdaay.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geebx.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\opnopnn.dll
C:\WINDOWS\system32\RCX3D.tmp
C:\WINDOWS\system32\RCX42.tmp
C:\WINDOWS\system32\RCX45.tmp
C:\WINDOWS\system32\RCX46.tmp
C:\WINDOWS\system32\RCX47.tmp
C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xbeeg.ini2
D:\Autorun.inf
C:\WINDOWS\Fonts\'

Code:

 <pre>
C:\Acer\ePM\ePM .exe ---> QooBox
C:\Acer\ePM\epm-dm .exe ---> QooBox
C:\Program Files\Atheros\ACU .exe ---> QooBox
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon .exe ---> QooBox
C:\Program Files\Hitman Pro\xphelper .exe ---> QooBox
C:\Program Files\Launch Manager\CtrlVol .exe ---> QooBox
C:\Program Files\Launch Manager\HotkeyApp .exe ---> QooBox
C:\Program Files\Launch Manager\LaunchAp .exe ---> QooBox
C:\Program Files\Launch Manager\OSDCtrl .exe ---> QooBox
C:\Program Files\Launch Manager\PowerKey .exe ---> QooBox
C:\Program Files\Launch Manager\Wbutton .exe ---> QooBox
C:\Program Files\Network Associates\Common Framework\UpdaterUI .exe ---> QooBox
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe ---> QooBox
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe ---> QooBox
C:\Program Files\Windows Defender\MSASCui .exe ---> QooBox
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\hkcmd .exe ---> QooBox
C:\WINDOWS\system32\igfxtray .exe ---> QooBox
C:\Program Files\Network Associates\VirusScan\SHSTAT .EXE ---> QooBox
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF

(((((((((((((((((((( Bestanden Gemaakt van 2007-12-23 to 2008-01-23 ))))))))))))))))))))))))))))))
.

2008-01-23 16:18 . 2008-01-23 16:23 <DIR> d-------- C:\Program Files\IrfanView
2008-01-22 17:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-20 14:29 . 2004-09-22 20:00 108,256 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2008-01-20 14:29 . 2004-09-22 20:00 58,048 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2008-01-20 14:27 . 2008-01-20 14:29 <DIR> d-------- C:\Program Files\Network Associates
2008-01-20 14:10 . 2008-01-20 14:10 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-20 12:16 . 2008-01-20 12:16 <DIR> d-------- C:\Program Files\CCleaner
2008-01-19 20:26 . 2008-01-19 20:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 18:35 . 2008-01-17 18:37 <DIR> d-------- C:\Program Files\Incomplete
2008-01-17 18:33 . 2008-01-17 18:33 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-17 18:33 . 2008-01-17 18:33 0 --ah----- C:\WINDOWS\SwSys2.bmp
2008-01-17 18:33 . 2008-01-17 18:33 0 --ah----- C:\WINDOWS\SwSys1.bmp
2008-01-17 18:30 . 2008-01-18 18:43 376,320 --a------ C:\WINDOWS\mrofinu1188.exe.tmp
2008-01-16 20:23 . 2008-01-16 20:23 268 --ah----- C:\sqmdata01.sqm
2008-01-16 20:23 . 2008-01-16 20:23 244 --ah----- C:\sqmnoopt01.sqm
2008-01-16 19:33 . 2008-01-16 19:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-09 16:01 . 2008-01-16 21:46 1,374 --a------ C:\WINDOWS\imsins.BAK

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 19:48 --------- d-----w C:\Program Files\Download Manager
2008-01-23 18:18 --------- d-----w C:\Program Files\Call of Duty
2008-01-23 17:09 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-22 16:38 --------- d-----w C:\Program Files\Windows Defender
2008-01-22 16:38 --------- d-----w C:\Program Files\Launch Manager
2008-01-22 16:38 --------- d-----w C:\Program Files\Hitman Pro
2008-01-22 16:38 --------- d-----w C:\Program Files\Atheros
2008-01-20 13:27 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-01-18 15:27 --------- d-----w C:\Program Files\BannedStory
2008-01-18 12:48 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-18 12:43 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-16 18:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-16 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-18 13:24 --------- d-----w C:\Program Files\Google
2007-12-17 17:47 --------- d-----w C:\Program Files\BitTorrent
2007-10-25 14:01 352,256 ----a-w C:\WINDOWS\eSellerateEngine.dll
.

((((((((((((((((((((((((((((( [email protected]_15.41.59.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 14:27:37 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 19:48:18 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 14:27:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 19:48:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 14:27:41 6,729,728 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-23 19:48:18 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
- 2008-01-23 14:27:41 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 19:48:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 19:48:19 6,778,880 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-23 19:48:19 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-18 15:13:42 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2008-01-23 17:09:25 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"igndlm.exe"="C:\Program Files\Download Manager\DLM .exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\System32\WLTRAY" [ ]
"ACU"="C:\Program Files\Atheros\ACU.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 10:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [ ]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [ ]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [ ]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [ ]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [ ]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [ ]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
--a------ 2007-06-10 18:02 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-01-23 15:40 1103480 C:\Program Files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\System32\drivers\epm-psd.sys [2004-07-19 12:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\System32\drivers\epm-shd.sys [2005-04-07 17:08]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 22:38]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys