PC is wat sloom.

**leroy** · 10 april 2008 17:52

mijn pc na het inloggen in windows heeft nogal een vrij lange laadtijd nodig.
en ik denk dat ik een virus op heb gelopen met iets of iets anders opgelopen.
ik heb een HiJackThis logje gemaakt, alleen het probleem is dat ik er niet zo goed in ben om hem GOED uit te lezen.

als iemand me zou kunnen helpen om het probleem of de problemen te kunnen vinden zou het geweldig zijn.

logje is gemaakt na een scan en herstel van CCleaner. (hiermee is hij al iets sneller geworden)

hier is het logje:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:57, on 10-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Golden FTP Server Pro\GFTPpro.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ZeelandNet | de Zeeuwse Internet Provider
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {894E9D0E-78A1-4660-A2BD-844BB8234AA7} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GoldenFTPServer] "D:\Golden FTP Server Pro\GFTPpro.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
O20 - Winlogon Notify: cbxwxwt - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6526 bytes

**kape** · 10 april 2008 18:58

Laat ons hier even mee beginnen, want je hebt inderdaad "vieze russen" aan boord. Bovendien heb je nogal wat nutteloze opstarters, maar die pakken we wel aan nadat je PC clean is.

Download VundoFix naar je bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {894E9D0E-78A1-4660-A2BD-844BB8234AA7} - (no file)
O4 - HKLM\..\Run: [b4e4b227] rundll32.exe "C:\WINDOWS\system32\gfljlcor.dll",b
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O20 - Winlogon Notify: cbxwxwt - C:\WINDOWS\

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik VundoFix.exe om het te starten.
[*]Klik op de Scan for Vundo knop. [*]Eenmaal gedaan met scannen, klik op de Remove Vundo knop. [*]Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES [*]Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo. [*]Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK. [*]Start je pc terug opnieuw op.

Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden.
In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo."

Post de inhoud van C:\vundofix.txt en een nieuwe log van HJT in je volgende bericht.

**leroy** · 10 april 2008 19:29

vundofix kon geen geinfecteerde bestanden vinden... dus dit lijkt me toch goed. :biggrin:

**kape** · 10 april 2008 20:15

Dat is inderdaad al iets ... maar nog niet alles :) Stap twee, dan maar.

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang je log van Combofix in een volgend bericht, samen met een nieuw log van HJT.

**leroy** · 10 april 2008 20:40

logje combofix:

ComboFix 08-04-09.9 - Leroy 2008-04-10 21:19:25.1 - NTFSx86
Gestart vanuit: G:\downloads firefox\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))
.

2008-04-10 20:08 . 2008-04-10 20:08 <DIR> d-------- C:\VundoFix Backups
2008-04-10 19:36 . 2008-04-10 20:17 <DIR> d--hs---- C:\Documents and Settings\Leroy\Onlangs geopend
2008-04-10 19:31 . 2008-04-10 19:31 <DIR> d-------- C:\Program Files\CCleaner
2008-04-10 18:42 . 2008-04-10 18:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 22:55 . 2008-04-06 22:55 <DIR> d-------- C:\Program Files\Easy Video Joiner
2008-04-04 22:25 . 2008-04-04 22:25 <DIR> d-------- C:\Program Files\Team17
2008-04-04 22:12 . 2000-08-22 15:09 532,480 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-04 22:12 . 2000-08-14 12:38 503,808 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-04 22:12 . 2000-08-29 13:08 275,312 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-04 22:12 . 2000-10-11 11:49 201,568 --a------ C:\WINDOWS\system32\CapPRO.dll
2008-04-04 22:12 . 2000-08-09 16:30 66,509 --a------ C:\WINDOWS\system32\Picn1220.ssm
2008-04-04 22:12 . 2000-08-09 16:10 37,553 --a------ C:\WINDOWS\system32\Picn1520.ssm
2008-04-04 22:12 . 2000-08-11 10:35 35,328 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-04 21:59 . 2008-04-04 21:59 247,247 --a------ C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe
2008-04-04 21:59 . 2002-07-31 19:55 108 ---hs---- C:\WINDOWS\WSYS049.SYS
2008-04-04 21:59 . 2001-09-05 12:28 41 ---h----- C:\WINDOWS\trfntw32.cfg
2008-04-04 21:24 . 2008-04-04 22:17 <DIR> d-------- C:\Program Files\CoffeeCup Software
2008-04-04 21:24 . 2006-01-27 02:56 938,272 --a------ C:\WINDOWS\system32\wodFtpDLX.OCX
2008-04-03 01:26 . 2008-04-03 01:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-30 21:12 . 2008-03-30 21:12 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Ubisoft
2008-03-30 21:12 . 2008-03-30 21:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
2008-03-30 21:05 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-30 21:05 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-30 21:05 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-30 21:05 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-30 21:05 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-03-30 05:40 . 2008-03-30 05:40 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-30 03:13 . 2008-03-30 03:13 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-03-30 03:13 . 2008-03-30 03:13 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Pegasys Inc
2008-03-30 03:13 . 2005-05-05 22:50 151,552 --------- C:\WINDOWS\system32\pxwma.dll
2008-03-30 03:13 . 2005-04-25 11:03 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-03-30 03:13 . 2004-09-27 10:00 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-03-29 23:35 . 2008-03-29 23:46 <DIR> d-------- C:\Program Files\TMPGEnc
2008-03-29 23:30 . 2008-03-29 23:30 <DIR> d-------- C:\Program Files\ffdshow
2008-03-29 23:30 . 2008-03-15 13:12 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-03-29 23:30 . 2008-03-15 14:07 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-29 23:30 . 2008-03-15 13:12 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-27 22:16 . 2008-03-31 23:41 230,424 --a------ C:\img1-001.raw
2008-03-27 09:54 . 2008-03-27 09:54 244 --ah----- C:\sqmnoopt03.sqm
2008-03-27 09:54 . 2008-03-27 09:54 232 --ah----- C:\sqmdata03.sqm
2008-03-24 20:27 . 2008-03-24 20:27 <DIR> d-------- C:\Documents and Settings\Leroy\io41a_oefeningen
2008-03-24 18:45 . 2004-08-04 02:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-24 18:45 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-24 18:45 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-24 18:45 . 2001-09-06 22:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-24 10:41 . 2008-03-24 10:41 230,424 --a------ C:\img1-002.raw
2008-03-23 22:09 . 2008-03-23 22:09 230,424 --a------ C:\img1-003.raw
2008-03-22 01:42 . 2008-03-22 01:42 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-03-22 01:34 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-03-22 01:33 . 2008-03-22 01:33 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-03-22 01:33 . 2008-04-04 21:37 <DIR> d-------- C:\Program Files\AlienGUIse
2008-03-22 01:33 . 2003-02-26 23:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-03-22 01:33 . 2008-03-22 01:33 56 --a------ C:\WINDOWS\wb.ini
2008-03-18 19:23 . 2008-03-18 19:23 <DIR> d-------- C:\Program Files\Evisoft
2008-03-18 19:20 . 2008-03-18 19:22 <DIR> d-------- C:\Program Files\iNeeda Password & Tracker
2008-03-18 19:19 . 2008-03-18 19:19 17,408 --a------ C:\psapi.dll
2008-03-17 23:46 . 2008-03-17 23:51 <DIR> d-------- C:\Program Files\PHP Expert Editor
2008-03-13 21:04 . 2008-03-13 21:04 20 --a------ C:\WINDOWS\system32\system.gfs
2008-03-11 19:38 . 2008-04-10 17:59 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\AVG7
2008-03-11 19:37 . 2008-03-11 19:37 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-03-11 19:37 . 2008-03-11 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-11 19:37 . 2008-03-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-03-11 10:49 . 2008-03-11 10:49 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Microsoft Games
2008-03-10 21:20 . 2008-03-10 21:20 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\TVU networks
2008-03-10 21:20 . 2008-03-10 21:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU networks

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 16:01 --------- d-----w C:\Program Files\Xfire
2008-04-08 14:51 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Xfire
2008-04-07 23:19 --------- d-----w C:\Documents and Settings\Leroy\Application Data\uTorrent
2008-04-06 21:07 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Ahead
2008-04-06 20:10 --------- d-----w C:\Program Files\Dl_cats
2008-04-06 18:15 --------- d-----w C:\Documents and Settings\Leroy\Application Data\mIRC
2008-04-06 17:40 --------- d-----w C:\Program Files\mIRC
2008-04-04 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 19:37 --------- d-----w C:\Program Files\IMVU
2008-04-04 19:37 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10
2008-04-04 19:37 --------- d-----w C:\Program Files\DivX
2008-04-04 19:37 --------- d-----w C:\Program Files\Bulent's Screen Recorder
2008-04-04 19:37 --------- d-----w C:\Program Files\AllWebMenus4
2008-04-04 19:37 --------- d-----w C:\Program Files\Active GIF Creator 2.22
2008-03-30 13:08 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 13:08 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-30 03:41 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-30 00:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-30 00:35 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-29 16:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 16:43 --------- d-----w C:\Program Files\Java
2008-03-12 19:08 --------- d-----w C:\Program Files\uTorrent
2008-03-11 17:43 1,315,170 --sh--w C:\WINDOWS\system32\rocljlfg.ini2
2008-03-10 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-28 21:43 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Youdagames
2008-02-28 16:18 --------- d-----w C:\Program Files\Trojan Remover
2008-02-28 16:17 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-27 15:36 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-27 14:42 22,328 ----a-w C:\Documents and Settings\Leroy\Application Data\PnkBstrK.sys
2008-02-27 14:11 --------- d-----w C:\Program Files\NewsReactor
2008-02-25 00:33 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Likno
2008-02-24 18:56 --------- d-----w C:\Program Files\Image-Line
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 14:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
2008-02-17 14:51 --------- d-----w C:\Program Files\SlySoft
2008-02-17 14:44 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-02-17 14:44 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-02-17 14:44 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-02-17 04:11 --------- d-----w C:\Documents and Settings\Leroy\Application Data\InstallShield Installation Information
2008-02-17 03:29 --------- d-----w C:\Documents and Settings\Leroy\Application Data\dvdcss
2008-02-16 23:25 --------- d-----w C:\Program Files\SoftMachine
2008-02-16 13:08 852,298 --sh--w C:\WINDOWS\system32\rocljlfg.tmp
2008-02-16 09:05 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-14 20:13 --------- d-----w C:\Program Files\eRightSoft
2008-02-14 00:14 --------- d-----w C:\Documents and Settings\Leroy\Application Data\vlc
2008-02-14 00:10 --------- d-----w C:\Program Files\VideoLAN
2008-02-13 23:59 --------- d-----w C:\Program Files\Quick Screen Capture
2008-02-12 22:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
2008-02-12 22:04 --------- d-----w C:\Documents and Settings\Leroy\Application Data\River Past G5
2008-02-12 22:00 --------- d-----w C:\Program Files\Gabest
2008-02-12 22:00 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-12 21:54 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-05 13:21 64,916 --sha-w C:\WINDOWS\system32\onnmp.ini.ren
2007-12-18 14:19 100,343 --sha-w C:\WINDOWS\system32\onnmp.ini2
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"GoldenFTPServer"="D:\Golden FTP Server Pro\GFTPpro.exe" [2008-03-13 21:05 941056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-12 07:51 8523776]
"nwiz"="nwiz.exe" [2007-11-12 07:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 20:55 73728]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-12 07:51 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-11 19:40 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-11 19:40 219136]

C:\Documents and Settings\leroytjuh\Menu Start\Programma's\Opstarten\
IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-03-02 22:18:04 44064]

C:\Documents and Settings\Leroy\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-03 01:25:58 2987856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"D:\\UsbWebserver\\Mysql\\bin\\mysqld-nt_usb.exe"=
"D:\\UsbWebserver\\Apache\\bin\\httpd_usb.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"G:\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"G:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"G:\\downloads firefox\\uTorrent-1.-6-Build-474.exe"=
"D:\\Golden FTP Server Pro\\GFTPpro.exe"=
"C:\\Program Files\\PHP Expert Editor\\phpxedit.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"G:\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb5671d4-f738-11dc-b2a6-00112fbde430}]
\Shell\AutoRun\command - I:\setupSNK.exe

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 21:25:38
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Voltooingstijd: 2008-04-10 21:30:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 19:30:19
Pre-Run: 24,282,079,232 bytes beschikbaar
Post-Run: 24,208,306,176 bytes beschikbaar
.
2008-04-10 16:11:15 --- E O F ---

logje HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:18, on 10-4-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Golden FTP Server Pro\GFTPpro.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ZeelandNet | de Zeeuwse Internet Provider
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GoldenFTPServer] "D:\Golden FTP Server Pro\GFTPpro.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6222 bytes

**kape** · 10 april 2008 21:18

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::
C:\WINDOWS\system32\rocljlfg.ini2
C:\sqmnoopt03.sqm
C:\sqmdata03.sqm
C:\img1-001.raw
C:\img1-002.raw
C:\img1-003.raw
C:\WINDOWS\system32\rocljlfg.tmp
C:\WINDOWS\system32\onnmp.ini.ren
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\Smab0.dll

Folder::
C:\VundoFix Backups

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe
Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.. En laat ook eens weten of er al wat meer "snelheid" in je machientje zit ?

**leroy** · 10 april 2008 21:59

over die snelheid heb ik in het aller eerste berichtje al iets geplaatst... want die had ik aangepast en daar had ik met CCleaner al me register en me pc opgeschoont... en toen wastie al ietsje sneller....

nu merk ik wel met die combofix en die vundofix dat hij ietsje sneller nog is... en dat hij ook ietsje stiller is.

combofix logje
ComboFix 08-04-09.9 - Leroy 2008-04-10 22:45:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.493 [GMT 2:00]Gestart vanuit: C:\Documents and Settings\Leroy\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Leroy\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::
C:\img1-001.raw
C:\img1-002.raw
C:\img1-003.raw
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\WINDOWS\system32\onnmp.ini.ren
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\rocljlfg.ini2
C:\WINDOWS\system32\rocljlfg.tmp
C:\WINDOWS\system32\Smab0.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\img1-001.raw
C:\img1-002.raw
C:\img1-003.raw
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\VundoFix Backups
C:\WINDOWS\system32\onnmp.ini.ren
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\rocljlfg.ini2
C:\WINDOWS\system32\rocljlfg.tmp
C:\WINDOWS\system32\Smab0.dll

.
(((((((((((((((((((( Bestanden Gemaakt van 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))
.

2008-04-10 22:16 . 2008-04-10 22:16 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-10 22:16 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-10 22:16 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-10 19:36 . 2008-04-10 22:41 <DIR> d--hs---- C:\Documents and Settings\Leroy\Onlangs geopend
2008-04-10 19:31 . 2008-04-10 19:31 <DIR> d-------- C:\Program Files\CCleaner
2008-04-10 18:42 . 2008-04-10 18:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 22:55 . 2008-04-06 22:55 <DIR> d-------- C:\Program Files\Easy Video Joiner
2008-04-04 22:25 . 2008-04-04 22:25 <DIR> d-------- C:\Program Files\Team17
2008-04-04 22:12 . 2000-08-22 15:09 532,480 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-04 22:12 . 2000-08-14 12:38 503,808 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-04 22:12 . 2000-08-29 13:08 275,312 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-04 22:12 . 2000-10-11 11:49 201,568 --a------ C:\WINDOWS\system32\CapPRO.dll
2008-04-04 22:12 . 2000-08-09 16:30 66,509 --a------ C:\WINDOWS\system32\Picn1220.ssm
2008-04-04 22:12 . 2000-08-09 16:10 37,553 --a------ C:\WINDOWS\system32\Picn1520.ssm
2008-04-04 22:12 . 2000-08-11 10:35 35,328 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-04 21:59 . 2008-04-04 21:59 247,247 --a------ C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe
2008-04-04 21:59 . 2002-07-31 19:55 108 ---hs---- C:\WINDOWS\WSYS049.SYS
2008-04-04 21:59 . 2001-09-05 12:28 41 ---h----- C:\WINDOWS\trfntw32.cfg
2008-04-04 21:24 . 2008-04-04 22:17 <DIR> d-------- C:\Program Files\CoffeeCup Software
2008-04-04 21:24 . 2006-01-27 02:56 938,272 --a------ C:\WINDOWS\system32\wodFtpDLX.OCX
2008-04-03 01:26 . 2008-04-03 01:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-30 21:12 . 2008-03-30 21:12 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Ubisoft
2008-03-30 21:12 . 2008-03-30 21:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
2008-03-30 21:05 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-30 21:05 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-30 21:05 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-30 21:05 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-30 21:05 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-03-30 05:40 . 2008-03-30 05:40 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-30 03:13 . 2008-03-30 03:13 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-03-30 03:13 . 2008-03-30 03:13 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Pegasys Inc
2008-03-30 03:13 . 2005-05-05 22:50 151,552 --------- C:\WINDOWS\system32\pxwma.dll
2008-03-30 03:13 . 2005-04-25 11:03 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-03-30 03:13 . 2004-09-27 10:00 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-03-29 23:35 . 2008-03-29 23:46 <DIR> d-------- C:\Program Files\TMPGEnc
2008-03-29 23:30 . 2008-03-29 23:30 <DIR> d-------- C:\Program Files\ffdshow
2008-03-29 23:30 . 2008-03-15 13:12 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-03-29 23:30 . 2008-03-15 14:07 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-29 23:30 . 2008-03-15 13:12 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-24 20:27 . 2008-03-24 20:27 <DIR> d-------- C:\Documents and Settings\Leroy\io41a_oefeningen
2008-03-24 18:45 . 2004-08-04 02:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-24 18:45 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-24 18:45 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-24 18:45 . 2001-09-06 22:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-22 01:42 . 2008-03-22 01:42 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-03-22 01:34 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-03-22 01:33 . 2008-03-22 01:33 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-03-22 01:33 . 2008-04-04 21:37 <DIR> d-------- C:\Program Files\AlienGUIse
2008-03-22 01:33 . 2003-02-26 23:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-03-22 01:33 . 2008-03-22 01:33 56 --a------ C:\WINDOWS\wb.ini
2008-03-18 19:23 . 2008-03-18 19:23 <DIR> d-------- C:\Program Files\Evisoft
2008-03-18 19:20 . 2008-03-18 19:22 <DIR> d-------- C:\Program Files\iNeeda Password & Tracker
2008-03-18 19:19 . 2008-03-18 19:19 17,408 --a------ C:\psapi.dll
2008-03-17 23:46 . 2008-03-17 23:51 <DIR> d-------- C:\Program Files\PHP Expert Editor
2008-03-13 21:04 . 2008-03-13 21:04 20 --a------ C:\WINDOWS\system32\system.gfs
2008-03-11 19:38 . 2008-04-10 17:59 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\AVG7
2008-03-11 19:37 . 2008-03-11 19:37 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-03-11 19:37 . 2008-03-11 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-11 19:37 . 2008-03-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-03-11 10:49 . 2008-03-11 10:49 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Microsoft Games
2008-03-10 21:20 . 2008-03-10 21:20 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\TVU networks
2008-03-10 21:20 . 2008-03-10 21:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU networks

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 16:01 --------- d-----w C:\Program Files\Xfire
2008-04-08 14:51 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Xfire
2008-04-07 23:19 --------- d-----w C:\Documents and Settings\Leroy\Application Data\uTorrent
2008-04-06 21:07 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Ahead
2008-04-06 20:10 --------- d-----w C:\Program Files\Dl_cats
2008-04-06 18:15 --------- d-----w C:\Documents and Settings\Leroy\Application Data\mIRC
2008-04-06 17:40 --------- d-----w C:\Program Files\mIRC
2008-04-04 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 19:37 --------- d-----w C:\Program Files\IMVU
2008-04-04 19:37 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10
2008-04-04 19:37 --------- d-----w C:\Program Files\DivX
2008-04-04 19:37 --------- d-----w C:\Program Files\Bulent's Screen Recorder
2008-04-04 19:37 --------- d-----w C:\Program Files\AllWebMenus4
2008-04-04 19:37 --------- d-----w C:\Program Files\Active GIF Creator 2.22
2008-03-30 13:08 --------- d-----w C:\Program Files\MSN Messenger
2008-03-30 13:08 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-30 03:41 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-30 00:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-30 00:35 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-29 16:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 16:43 --------- d-----w C:\Program Files\Java
2008-03-12 19:08 --------- d-----w C:\Program Files\uTorrent
2008-03-10 19:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-28 21:43 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Youdagames
2008-02-28 16:18 --------- d-----w C:\Program Files\Trojan Remover
2008-02-28 16:17 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-02-27 15:36 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-27 14:42 22,328 ----a-w C:\Documents and Settings\Leroy\Application Data\PnkBstrK.sys
2008-02-27 14:11 --------- d-----w C:\Program Files\NewsReactor
2008-02-25 00:33 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Likno
2008-02-24 18:56 --------- d-----w C:\Program Files\Image-Line
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-17 14:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
2008-02-17 14:51 --------- d-----w C:\Program Files\SlySoft
2008-02-17 14:44 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-02-17 14:44 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-02-17 14:44 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-02-17 04:11 --------- d-----w C:\Documents and Settings\Leroy\Application Data\InstallShield Installation Information
2008-02-17 03:29 --------- d-----w C:\Documents and Settings\Leroy\Application Data\dvdcss
2008-02-16 23:25 --------- d-----w C:\Program Files\SoftMachine
2008-02-16 09:05 662,528 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-14 20:13 --------- d-----w C:\Program Files\eRightSoft
2008-02-14 00:14 --------- d-----w C:\Documents and Settings\Leroy\Application Data\vlc
2008-02-14 00:10 --------- d-----w C:\Program Files\VideoLAN
2008-02-13 23:59 --------- d-----w C:\Program Files\Quick Screen Capture
2008-02-12 22:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
2008-02-12 22:04 --------- d-----w C:\Documents and Settings\Leroy\Application Data\River Past G5
2008-02-12 22:00 --------- d-----w C:\Program Files\Gabest
2008-02-12 22:00 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-12 21:54 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-10_21.30.08.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-10 19:25:08 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-10 20:46:55 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"GoldenFTPServer"="D:\Golden FTP Server Pro\GFTPpro.exe" [2008-03-13 21:05 941056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-12 07:51 8523776]
"nwiz"="nwiz.exe" [2007-11-12 07:51 1626112 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 20:55 73728]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-12 07:51 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-11 19:40 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-11 19:40 219136]

C:\Documents and Settings\leroytjuh\Menu Start\Programma's\Opstarten\
IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-03-02 22:18:04 44064]

C:\Documents and Settings\Leroy\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-03 01:25:58 2987856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"D:\\UsbWebserver\\Mysql\\bin\\mysqld-nt_usb.exe"=
"D:\\UsbWebserver\\Apache\\bin\\httpd_usb.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"G:\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"G:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"G:\\downloads firefox\\uTorrent-1.-6-Build-474.exe"=
"D:\\Golden FTP Server Pro\\GFTPpro.exe"=
"C:\\Program Files\\PHP Expert Editor\\phpxedit.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"G:\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb5671d4-f738-11dc-b2a6-00112fbde430}]
\Shell\AutoRun\command - I:\setupSNK.exe

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 22:47:00
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2008-04-10 22:48:27
ComboFix-quarantined-files.txt 2008-04-10 20:47:56
ComboFix2.txt 2008-04-10 19:30:25
Pre-Run: 25,054,707,712 bytes beschikbaar
Post-Run: 25,044,869,120 bytes beschikbaar
.
2008-04-10 16:11:15 --- E O F ---

**kape** · 11 april 2008 07:54

Ziet er goed uit : Combofix heeft zijn werk degelijk gedaan :)

Er zijn nog twee twijfelgevallen die je eens moeten controleren op (eventuele) besmettingen bij Jotti.

C:\WINDOWS\system32\Picn1220.ssm
C:\WINDOWS\system32\Picn1520.ssm

Laat me het resultaat ervan daarna even weten.
En wat ik je eerder al aankondigde : meer dan 3/4 van de programma's die mee opstarten met Windows zijn onnodige opstarters. Om dit recht te zetten gebruiken we best Codestuff Starter.

Start Codestuff Starter op
Selecteer het tabblad Automatisch Opstarten en vink volgende items uit.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

Volgende twee mag je ook uitschakelen (dat beslis je zelf), maar dan op hun eigen wijze :

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Om deze uit te schakelen start je de Windows Messenger (Niet de MSN of Windows Live Messenger) op, ga naar Extra -> Opties -> tabblad Voorkeuren en haal de vinkjes weg bij de vier vakjes onder "Algemeen".

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
Deze start MSN bij iedere systeemstart mee op. Persoonlijk zou ik deze uitschakelen in MSN zelf (bij Extra -> Opties -> tabblad "Algemeen" vinkjes weghalen onder "Aanmelden").

In Codestuff Starter zie je deze programma's wel zonder het nummer (04) en de letters (HKLM), maar enkel met de programmanaam of een afkorting ervan.

Mocht blijken dat je - om één of andere reden - later toch één van deze programma's mee wil laten opstarten, kan je dit steeds terug aanvinken in Codestuff Starter.

Als je dit achter de rug hebt, geef je maar een seintje. Dan beginnen we aan de "grote schoonmaak".

**leroy** · 11 april 2008 08:12

die automatische opstarters van windows mogen gewoon opstarten.... die gebruik ik vaak... en vindt het wel makkelijk als die direct opgestart zijn...
zoals daemontools Xfire SMtray (is mijn audio driver) NMBgMonitor adobe reader

dus ik laat ze gewoon allemaal opstarten bij windows start

die 2 twijfel gevallen... weet ik ook niet precies wat het is... ik denk iets van videobewerkings programma's... maar ik scan ze even..

**edit/toevoeging: die 2 zijn niet geinfecteerd.

**kape** · 11 april 2008 08:36

Oorspronkelijk geplaatst door leroy

die automatische opstarters van windows mogen gewoon opstarten.... die gebruik ik vaak... dus ik laat ze gewoon allemaal opstarten bij windows start

Geen probleem, dat is je eigen keuze (al kunnen ze natuurlijk wél een invloed hebben op de startsnelheid (al zal die al met al redelijk beperkt zijn, afhankelijk van het systeem dat je draait).

die 2 twijfel gevallen...die 2 zijn niet geinfecteerd.

OK, dan kunnen die op je machientje blijven staan.

Misschien is je echte probleem - de slome PC - nog niet helemaal van de baan, maar dan lijkt het me alvast geen softwareprobleem te zijn. De besmettingen zijn opgelost, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u
Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Verwijder Vundofix (als je daar nog sporen van terugvindt op je PC).

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten).

Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken -> "toepassen" en OK. PC herstarten en het vinkje terug weghalen.

That’s it !

Discussie: PC is wat sloom.

LinkBack

Discussietools

PC is wat sloom.

De volgende gebruikers bedanken kape voor deze nuttige post:

Labels voor deze discussie

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten