PC is wat sloom.

mijn pc na het inloggen in windows heeft nogal een vrij lange laadtijd nodig.

en ik denk dat ik een virus op heb gelopen met iets of iets anders opgelopen.

ik heb een HiJackThis logje gemaakt, alleen het probleem is dat ik er niet zo goed in ben om hem GOED uit te lezen.

als iemand me zou kunnen helpen om het probleem of de problemen te kunnen vinden zou het geweldig zijn.

logje is gemaakt na een scan en herstel van CCleaner. (hiermee is hij al iets sneller geworden)

hier is het logje:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:47:57, on 10-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

D:\Golden FTP Server Pro\GFTPpro.exe

C:\Program Files\Xfire\xfire.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ZeelandNet | de Zeeuwse Internet Provider

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {894E9D0E-78A1-4660-A2BD-844BB8234AA7} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [GoldenFTPServer] "D:\Golden FTP Server Pro\GFTPpro.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O20 - Winlogon Notify: cbxwxwt - C:\WINDOWS\

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6526 bytes

Laat ons hier even mee beginnen, want je hebt inderdaad "vieze russen" aan boord. Bovendien heb je nogal wat nutteloze opstarters, maar die pakken we wel aan nadat je PC clean is.

Download VundoFix naar je bureaublad.

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {894E9D0E-78A1-4660-A2BD-844BB8234AA7} - (no file)

O4 - HKLM\..\Run: [b4e4b227] rundll32.exe "C:\WINDOWS\system32\gfljlcor.dll",b

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O20 - Winlogon Notify: cbxwxwt - C:\WINDOWS\

Klik op 'Fix checked' om de items te verwijderen.

Dubbelklik VundoFix.exe om het te starten.

[*]Klik op de Scan for Vundo knop.

[*]Eenmaal gedaan met scannen, klik op de Remove Vundo knop.

[*]Je zal een melding krijgen of je de bestanden wilt laten verwijderen, klik YES

[*]Nadat je Yes hebt geklikt, zullen de icoontjes op je Bureaublad verdwijnen tijdens het verwijderen van Vundo.

[*]Wanneer voltooid zal je de melding krijgen dat het je PC zal afsluiten, klik OK.

[*]Start je pc terug opnieuw op.

Nota: Het is mogelijk dat VundoFix een bestand vindt dat niet kan verwijderd worden.

In dit geval zal VundoFix na het heropstarten van je pc nog eens opstarten. Dan moet je de instructies van hierboven nog eens uitvoeren vanaf: "Klik op Scan for Vundo."

Post de inhoud van C:\vundofix.txt en een nieuwe log van HJT in je volgende bericht.

vundofix kon geen geinfecteerde bestanden vinden... dus dit lijkt me toch goed.

Dat is inderdaad al iets ... maar nog niet alles Stap twee, dan maar.

Download Combofix en zet het op je Bureaublad.

Dubbelklik op Combofix.exe en volg de instructies, aanvaard de disclaimer door y te typen. Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, moet je dit toestaan.

Hang je log van Combofix in een volgend bericht, samen met een nieuw log van HJT.

logje combofix:

ComboFix 08-04-09.9 - Leroy 2008-04-10 21:19:25.1 - NTFSx86

Gestart vanuit: G:\downloads firefox\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\cookies.ini

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))

.

2008-04-10 20:08 . 2008-04-10 20:08 <DIR> d-------- C:\VundoFix Backups

2008-04-10 19:36 . 2008-04-10 20:17 <DIR> d--hs---- C:\Documents and Settings\Leroy\Onlangs geopend

2008-04-10 19:31 . 2008-04-10 19:31 <DIR> d-------- C:\Program Files\CCleaner

2008-04-10 18:42 . 2008-04-10 18:42 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-06 22:55 . 2008-04-06 22:55 <DIR> d-------- C:\Program Files\Easy Video Joiner

2008-04-04 22:25 . 2008-04-04 22:25 <DIR> d-------- C:\Program Files\Team17

2008-04-04 22:12 . 2000-08-22 15:09 532,480 --a------ C:\WINDOWS\system32\imagx5.dll

2008-04-04 22:12 . 2000-08-14 12:38 503,808 --a------ C:\WINDOWS\system32\imagr5.dll

2008-04-04 22:12 . 2000-08-29 13:08 275,312 --a------ C:\WINDOWS\system32\ImagXpr5.dll

2008-04-04 22:12 . 2000-10-11 11:49 201,568 --a------ C:\WINDOWS\system32\CapPRO.dll

2008-04-04 22:12 . 2000-08-09 16:30 66,509 --a------ C:\WINDOWS\system32\Picn1220.ssm

2008-04-04 22:12 . 2000-08-09 16:10 37,553 --a------ C:\WINDOWS\system32\Picn1520.ssm

2008-04-04 22:12 . 2000-08-11 10:35 35,328 --a------ C:\WINDOWS\system32\picn20.dll

2008-04-04 21:59 . 2008-04-04 21:59 247,247 --a------ C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe

2008-04-04 21:59 . 2002-07-31 19:55 108 ---hs---- C:\WINDOWS\WSYS049.SYS

2008-04-04 21:59 . 2001-09-05 12:28 41 ---h----- C:\WINDOWS\trfntw32.cfg

2008-04-04 21:24 . 2008-04-04 22:17 <DIR> d-------- C:\Program Files\CoffeeCup Software

2008-04-04 21:24 . 2006-01-27 02:56 938,272 --a------ C:\WINDOWS\system32\wodFtpDLX.OCX

2008-04-03 01:26 . 2008-04-03 01:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-03-30 21:12 . 2008-03-30 21:12 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Ubisoft

2008-03-30 21:12 . 2008-03-30 21:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft

2008-03-30 21:05 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll

2008-03-30 21:05 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll

2008-03-30 21:05 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll

2008-03-30 21:05 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll

2008-03-30 21:05 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

2008-03-30 05:40 . 2008-03-30 05:40 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files

2008-03-30 03:13 . 2008-03-30 03:13 <DIR> d-------- C:\Program Files\Pegasys Inc

2008-03-30 03:13 . 2008-03-30 03:13 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Pegasys Inc

2008-03-30 03:13 . 2005-05-05 22:50 151,552 --------- C:\WINDOWS\system32\pxwma.dll

2008-03-30 03:13 . 2005-04-25 11:03 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe

2008-03-30 03:13 . 2004-09-27 10:00 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe

2008-03-29 23:35 . 2008-03-29 23:46 <DIR> d-------- C:\Program Files\TMPGEnc

2008-03-29 23:30 . 2008-03-29 23:30 <DIR> d-------- C:\Program Files\ffdshow

2008-03-29 23:30 . 2008-03-15 13:12 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-03-29 23:30 . 2008-03-15 14:07 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-03-29 23:30 . 2008-03-15 13:12 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-03-27 22:16 . 2008-03-31 23:41 230,424 --a------ C:\img1-001.raw

2008-03-27 09:54 . 2008-03-27 09:54 244 --ah----- C:\sqmnoopt03.sqm

2008-03-27 09:54 . 2008-03-27 09:54 232 --ah----- C:\sqmdata03.sqm

2008-03-24 20:27 . 2008-03-24 20:27 <DIR> d-------- C:\Documents and Settings\Leroy\io41a_oefeningen

2008-03-24 18:45 . 2004-08-04 02:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-03-24 18:45 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-03-24 18:45 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-03-24 18:45 . 2001-09-06 22:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-03-24 10:41 . 2008-03-24 10:41 230,424 --a------ C:\img1-002.raw

2008-03-23 22:09 . 2008-03-23 22:09 230,424 --a------ C:\img1-003.raw

2008-03-22 01:42 . 2008-03-22 01:42 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp

2008-03-22 01:34 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp

2008-03-22 01:33 . 2008-03-22 01:33 <DIR> d-------- C:\Program Files\Common Files\Stardock

2008-03-22 01:33 . 2008-04-04 21:37 <DIR> d-------- C:\Program Files\AlienGUIse

2008-03-22 01:33 . 2003-02-26 23:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll

2008-03-22 01:33 . 2008-03-22 01:33 56 --a------ C:\WINDOWS\wb.ini

2008-03-18 19:23 . 2008-03-18 19:23 <DIR> d-------- C:\Program Files\Evisoft

2008-03-18 19:20 . 2008-03-18 19:22 <DIR> d-------- C:\Program Files\iNeeda Password & Tracker

2008-03-18 19:19 . 2008-03-18 19:19 17,408 --a------ C:\psapi.dll

2008-03-17 23:46 . 2008-03-17 23:51 <DIR> d-------- C:\Program Files\PHP Expert Editor

2008-03-13 21:04 . 2008-03-13 21:04 20 --a------ C:\WINDOWS\system32\system.gfs

2008-03-11 19:38 . 2008-04-10 17:59 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\AVG7

2008-03-11 19:37 . 2008-03-11 19:37 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7

2008-03-11 19:37 . 2008-03-11 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft

2008-03-11 19:37 . 2008-03-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7

2008-03-11 10:49 . 2008-03-11 10:49 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Microsoft Games

2008-03-10 21:20 . 2008-03-10 21:20 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\TVU networks

2008-03-10 21:20 . 2008-03-10 21:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU networks

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-10 16:01 --------- d-----w C:\Program Files\Xfire

2008-04-08 14:51 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Xfire

2008-04-07 23:19 --------- d-----w C:\Documents and Settings\Leroy\Application Data\uTorrent

2008-04-06 21:07 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Ahead

2008-04-06 20:10 --------- d-----w C:\Program Files\Dl_cats

2008-04-06 18:15 --------- d-----w C:\Documents and Settings\Leroy\Application Data\mIRC

2008-04-06 17:40 --------- d-----w C:\Program Files\mIRC

2008-04-04 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-04 19:37 --------- d-----w C:\Program Files\IMVU

2008-04-04 19:37 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10

2008-04-04 19:37 --------- d-----w C:\Program Files\DivX

2008-04-04 19:37 --------- d-----w C:\Program Files\Bulent's Screen Recorder

2008-04-04 19:37 --------- d-----w C:\Program Files\AllWebMenus4

2008-04-04 19:37 --------- d-----w C:\Program Files\Active GIF Creator 2.22

2008-03-30 13:08 --------- d-----w C:\Program Files\MSN Messenger

2008-03-30 13:08 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-30 03:41 --------- d-----w C:\Program Files\SmartFTP Client

2008-03-30 00:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-03-30 00:35 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-03-29 16:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-18 16:43 --------- d-----w C:\Program Files\Java

2008-03-12 19:08 --------- d-----w C:\Program Files\uTorrent

2008-03-11 17:43 1,315,170 --sh--w C:\WINDOWS\system32\rocljlfg.ini2

2008-03-10 19:08 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-28 21:43 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Youdagames

2008-02-28 16:18 --------- d-----w C:\Program Files\Trojan Remover

2008-02-28 16:17 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2008-02-27 15:36 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-02-27 14:42 22,328 ----a-w C:\Documents and Settings\Leroy\Application Data\PnkBstrK.sys

2008-02-27 14:11 --------- d-----w C:\Program Files\NewsReactor

2008-02-25 00:33 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Likno

2008-02-24 18:56 --------- d-----w C:\Program Files\Image-Line

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-17 14:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft

2008-02-17 14:51 --------- d-----w C:\Program Files\SlySoft

2008-02-17 14:44 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll

2008-02-17 14:44 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll

2008-02-17 14:44 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll

2008-02-17 04:11 --------- d-----w C:\Documents and Settings\Leroy\Application Data\InstallShield Installation Information

2008-02-17 03:29 --------- d-----w C:\Documents and Settings\Leroy\Application Data\dvdcss

2008-02-16 23:25 --------- d-----w C:\Program Files\SoftMachine

2008-02-16 13:08 852,298 --sh--w C:\WINDOWS\system32\rocljlfg.tmp

2008-02-16 09:05 662,528 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-14 20:13 --------- d-----w C:\Program Files\eRightSoft

2008-02-14 00:14 --------- d-----w C:\Documents and Settings\Leroy\Application Data\vlc

2008-02-14 00:10 --------- d-----w C:\Program Files\VideoLAN

2008-02-13 23:59 --------- d-----w C:\Program Files\Quick Screen Capture

2008-02-12 22:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5

2008-02-12 22:04 --------- d-----w C:\Documents and Settings\Leroy\Application Data\River Past G5

2008-02-12 22:00 --------- d-----w C:\Program Files\Gabest

2008-02-12 22:00 --------- d-----w C:\Program Files\AviSynth 2.5

2008-02-12 21:54 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe

2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll

2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

2007-12-05 13:21 64,916 --sha-w C:\WINDOWS\system32\onnmp.ini.ren

2007-12-18 14:19 100,343 --sha-w C:\WINDOWS\system32\onnmp.ini2

2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"GoldenFTPServer"="D:\Golden FTP Server Pro\GFTPpro.exe" [2008-03-13 21:05 941056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-12 07:51 8523776]

"nwiz"="nwiz.exe" [2007-11-12 07:51 1626112 C:\WINDOWS\system32\nwiz.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]

"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 20:55 73728]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-12 07:51 81920]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-11 19:40 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-11 19:40 219136]

C:\Documents and Settings\leroytjuh\Menu Start\Programma's\Opstarten\

IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-03-02 22:18:04 44064]

C:\Documents and Settings\Leroy\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-03 01:25:58 2987856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=

"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"D:\\UsbWebserver\\Mysql\\bin\\mysqld-nt_usb.exe"=

"D:\\UsbWebserver\\Apache\\bin\\httpd_usb.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"G:\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"G:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"G:\\downloads firefox\\uTorrent-1.-6-Build-474.exe"=

"D:\\Golden FTP Server Pro\\GFTPpro.exe"=

"C:\\Program Files\\PHP Expert Editor\\phpxedit.exe"=

"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"G:\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb5671d4-f738-11dc-b2a6-00112fbde430}]

\Shell\AutoRun\command - I:\setupSNK.exe

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-10 21:25:38

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2008-04-10 21:30:25 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-10 19:30:19

Pre-Run: 24,282,079,232 bytes beschikbaar

Post-Run: 24,208,306,176 bytes beschikbaar

.

2008-04-10 16:11:15 --- E O F ---

logje HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:34:18, on 10-4-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

D:\Golden FTP Server Pro\GFTPpro.exe

C:\Program Files\Xfire\xfire.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ZeelandNet | de Zeeuwse Internet Provider

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [GoldenFTPServer] "D:\Golden FTP Server Pro\GFTPpro.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 6222 bytes

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\WINDOWS\system32\rocljlfg.ini2

C:\sqmnoopt03.sqm

C:\sqmdata03.sqm

C:\img1-001.raw

C:\img1-002.raw

C:\img1-003.raw

C:\WINDOWS\system32\rocljlfg.tmp

C:\WINDOWS\system32\onnmp.ini.ren

C:\WINDOWS\system32\onnmp.ini2

C:\WINDOWS\system32\Smab0.dll

Folder::

C:\VundoFix Backups

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.. En laat ook eens weten of er al wat meer "snelheid" in je machientje zit ?

over die snelheid heb ik in het aller eerste berichtje al iets geplaatst... want die had ik aangepast en daar had ik met CCleaner al me register en me pc opgeschoont... en toen wastie al ietsje sneller....

nu merk ik wel met die combofix en die vundofix dat hij ietsje sneller nog is... en dat hij ook ietsje stiller is.

combofix logje

ComboFix 08-04-09.9 - Leroy 2008-04-10 22:45:09.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.493 [GMT 2:00]Gestart vanuit: C:\Documents and Settings\Leroy\Bureaublad\ComboFix.exe

Command switches used :: C:\Documents and Settings\Leroy\Bureaublad\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::

C:\img1-001.raw

C:\img1-002.raw

C:\img1-003.raw

C:\sqmdata03.sqm

C:\sqmnoopt03.sqm

C:\WINDOWS\system32\onnmp.ini.ren

C:\WINDOWS\system32\onnmp.ini2

C:\WINDOWS\system32\rocljlfg.ini2

C:\WINDOWS\system32\rocljlfg.tmp

C:\WINDOWS\system32\Smab0.dll

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\img1-001.raw

C:\img1-002.raw

C:\img1-003.raw

C:\sqmdata03.sqm

C:\sqmnoopt03.sqm

C:\VundoFix Backups

C:\WINDOWS\system32\onnmp.ini.ren

C:\WINDOWS\system32\onnmp.ini2

C:\WINDOWS\system32\rocljlfg.ini2

C:\WINDOWS\system32\rocljlfg.tmp

C:\WINDOWS\system32\Smab0.dll

.

(((((((((((((((((((( Bestanden Gemaakt van 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))

.

2008-04-10 22:16 . 2008-04-10 22:16 <DIR> d-------- C:\Program Files\Cheat Engine

2008-04-10 22:16 . 2006-09-04 19:16 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll

2008-04-10 22:16 . 2006-09-04 19:16 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll

2008-04-10 19:36 . 2008-04-10 22:41 <DIR> d--hs---- C:\Documents and Settings\Leroy\Onlangs geopend

2008-04-10 19:31 . 2008-04-10 19:31 <DIR> d-------- C:\Program Files\CCleaner

2008-04-10 18:42 . 2008-04-10 18:42 <DIR> d-------- C:\Program Files\Trend Micro

2008-04-06 22:55 . 2008-04-06 22:55 <DIR> d-------- C:\Program Files\Easy Video Joiner

2008-04-04 22:25 . 2008-04-04 22:25 <DIR> d-------- C:\Program Files\Team17

2008-04-04 22:12 . 2000-08-22 15:09 532,480 --a------ C:\WINDOWS\system32\imagx5.dll

2008-04-04 22:12 . 2000-08-14 12:38 503,808 --a------ C:\WINDOWS\system32\imagr5.dll

2008-04-04 22:12 . 2000-08-29 13:08 275,312 --a------ C:\WINDOWS\system32\ImagXpr5.dll

2008-04-04 22:12 . 2000-10-11 11:49 201,568 --a------ C:\WINDOWS\system32\CapPRO.dll

2008-04-04 22:12 . 2000-08-09 16:30 66,509 --a------ C:\WINDOWS\system32\Picn1220.ssm

2008-04-04 22:12 . 2000-08-09 16:10 37,553 --a------ C:\WINDOWS\system32\Picn1520.ssm

2008-04-04 22:12 . 2000-08-11 10:35 35,328 --a------ C:\WINDOWS\system32\picn20.dll

2008-04-04 21:59 . 2008-04-04 21:59 247,247 --a------ C:\WINDOWS\CoffeeCup Visual Site Designer Uninstaller.exe

2008-04-04 21:59 . 2002-07-31 19:55 108 ---hs---- C:\WINDOWS\WSYS049.SYS

2008-04-04 21:59 . 2001-09-05 12:28 41 ---h----- C:\WINDOWS\trfntw32.cfg

2008-04-04 21:24 . 2008-04-04 22:17 <DIR> d-------- C:\Program Files\CoffeeCup Software

2008-04-04 21:24 . 2006-01-27 02:56 938,272 --a------ C:\WINDOWS\system32\wodFtpDLX.OCX

2008-04-03 01:26 . 2008-04-03 01:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

2008-03-30 21:12 . 2008-03-30 21:12 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Ubisoft

2008-03-30 21:12 . 2008-03-30 21:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft

2008-03-30 21:05 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll

2008-03-30 21:05 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll

2008-03-30 21:05 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll

2008-03-30 21:05 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll

2008-03-30 21:05 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll

2008-03-30 05:40 . 2008-03-30 05:40 <DIR> d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files

2008-03-30 03:13 . 2008-03-30 03:13 <DIR> d-------- C:\Program Files\Pegasys Inc

2008-03-30 03:13 . 2008-03-30 03:13 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Pegasys Inc

2008-03-30 03:13 . 2005-05-05 22:50 151,552 --------- C:\WINDOWS\system32\pxwma.dll

2008-03-30 03:13 . 2005-04-25 11:03 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe

2008-03-30 03:13 . 2004-09-27 10:00 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe

2008-03-29 23:35 . 2008-03-29 23:46 <DIR> d-------- C:\Program Files\TMPGEnc

2008-03-29 23:30 . 2008-03-29 23:30 <DIR> d-------- C:\Program Files\ffdshow

2008-03-29 23:30 . 2008-03-15 13:12 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll

2008-03-29 23:30 . 2008-03-15 14:07 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-03-29 23:30 . 2008-03-15 13:12 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-03-24 20:27 . 2008-03-24 20:27 <DIR> d-------- C:\Documents and Settings\Leroy\io41a_oefeningen

2008-03-24 18:45 . 2004-08-04 02:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-03-24 18:45 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-03-24 18:45 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-03-24 18:45 . 2001-09-06 22:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-03-22 01:42 . 2008-03-22 01:42 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp

2008-03-22 01:34 . 2005-02-01 15:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp

2008-03-22 01:33 . 2008-03-22 01:33 <DIR> d-------- C:\Program Files\Common Files\Stardock

2008-03-22 01:33 . 2008-04-04 21:37 <DIR> d-------- C:\Program Files\AlienGUIse

2008-03-22 01:33 . 2003-02-26 23:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll

2008-03-22 01:33 . 2008-03-22 01:33 56 --a------ C:\WINDOWS\wb.ini

2008-03-18 19:23 . 2008-03-18 19:23 <DIR> d-------- C:\Program Files\Evisoft

2008-03-18 19:20 . 2008-03-18 19:22 <DIR> d-------- C:\Program Files\iNeeda Password & Tracker

2008-03-18 19:19 . 2008-03-18 19:19 17,408 --a------ C:\psapi.dll

2008-03-17 23:46 . 2008-03-17 23:51 <DIR> d-------- C:\Program Files\PHP Expert Editor

2008-03-13 21:04 . 2008-03-13 21:04 20 --a------ C:\WINDOWS\system32\system.gfs

2008-03-11 19:38 . 2008-04-10 17:59 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\AVG7

2008-03-11 19:37 . 2008-03-11 19:37 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7

2008-03-11 19:37 . 2008-03-11 19:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft

2008-03-11 19:37 . 2008-03-11 19:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7

2008-03-11 10:49 . 2008-03-11 10:49 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\Microsoft Games

2008-03-10 21:20 . 2008-03-10 21:20 <DIR> d-------- C:\Documents and Settings\Leroy\Application Data\TVU networks

2008-03-10 21:20 . 2008-03-10 21:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU networks

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-10 16:01 --------- d-----w C:\Program Files\Xfire

2008-04-08 14:51 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Xfire

2008-04-07 23:19 --------- d-----w C:\Documents and Settings\Leroy\Application Data\uTorrent

2008-04-06 21:07 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Ahead

2008-04-06 20:10 --------- d-----w C:\Program Files\Dl_cats

2008-04-06 18:15 --------- d-----w C:\Documents and Settings\Leroy\Application Data\mIRC

2008-04-06 17:40 --------- d-----w C:\Program Files\mIRC

2008-04-04 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-04 19:37 --------- d-----w C:\Program Files\IMVU

2008-04-04 19:37 --------- d-----w C:\Program Files\Easy CD-DA Extractor 10

2008-04-04 19:37 --------- d-----w C:\Program Files\DivX

2008-04-04 19:37 --------- d-----w C:\Program Files\Bulent's Screen Recorder

2008-04-04 19:37 --------- d-----w C:\Program Files\AllWebMenus4

2008-04-04 19:37 --------- d-----w C:\Program Files\Active GIF Creator 2.22

2008-03-30 13:08 --------- d-----w C:\Program Files\MSN Messenger

2008-03-30 13:08 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-03-30 03:41 --------- d-----w C:\Program Files\SmartFTP Client

2008-03-30 00:35 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-03-30 00:35 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-03-29 16:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink

2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-18 16:43 --------- d-----w C:\Program Files\Java

2008-03-12 19:08 --------- d-----w C:\Program Files\uTorrent

2008-03-10 19:08 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-28 21:43 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Youdagames

2008-02-28 16:18 --------- d-----w C:\Program Files\Trojan Remover

2008-02-28 16:17 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2008-02-27 15:36 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-02-27 14:42 22,328 ----a-w C:\Documents and Settings\Leroy\Application Data\PnkBstrK.sys

2008-02-27 14:11 --------- d-----w C:\Program Files\NewsReactor

2008-02-25 00:33 --------- d-----w C:\Documents and Settings\Leroy\Application Data\Likno

2008-02-24 18:56 --------- d-----w C:\Program Files\Image-Line

2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-17 14:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft

2008-02-17 14:51 --------- d-----w C:\Program Files\SlySoft

2008-02-17 14:44 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll

2008-02-17 14:44 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll

2008-02-17 14:44 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll

2008-02-17 04:11 --------- d-----w C:\Documents and Settings\Leroy\Application Data\InstallShield Installation Information

2008-02-17 03:29 --------- d-----w C:\Documents and Settings\Leroy\Application Data\dvdcss

2008-02-16 23:25 --------- d-----w C:\Program Files\SoftMachine

2008-02-16 09:05 662,528 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-14 20:13 --------- d-----w C:\Program Files\eRightSoft

2008-02-14 00:14 --------- d-----w C:\Documents and Settings\Leroy\Application Data\vlc

2008-02-14 00:10 --------- d-----w C:\Program Files\VideoLAN

2008-02-13 23:59 --------- d-----w C:\Program Files\Quick Screen Capture

2008-02-12 22:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5

2008-02-12 22:04 --------- d-----w C:\Documents and Settings\Leroy\Application Data\River Past G5

2008-02-12 22:00 --------- d-----w C:\Program Files\Gabest

2008-02-12 22:00 --------- d-----w C:\Program Files\AviSynth 2.5

2008-02-12 21:54 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe

2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll

2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

.

((((((((((((((((((((((((((((( snapshot@2008-04-10_21.30.08.78 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-10 19:25:08 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE

+ 2008-04-10 20:46:55 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

"GoldenFTPServer"="D:\Golden FTP Server Pro\GFTPpro.exe" [2008-03-13 21:05 941056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-12 07:51 8523776]

"nwiz"="nwiz.exe" [2007-11-12 07:51 1626112 C:\WINDOWS\system32\nwiz.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"snpstd"="C:\WINDOWS\vsnpstd.exe" [2006-08-23 14:36 339968]

"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 20:55 73728]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-12 07:51 81920]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-11 19:40 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-11 19:40 219136]

C:\Documents and Settings\leroytjuh\Menu Start\Programma's\Opstarten\

IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [2007-03-02 22:18:04 44064]

C:\Documents and Settings\Leroy\Menu Start\Programma's\Opstarten\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-03 01:25:58 2987856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]

C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=

"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=

"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

"D:\\UsbWebserver\\Mysql\\bin\\mysqld-nt_usb.exe"=

"D:\\UsbWebserver\\Apache\\bin\\httpd_usb.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"G:\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"G:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

"G:\\downloads firefox\\uTorrent-1.-6-Build-474.exe"=

"D:\\Golden FTP Server Pro\\GFTPpro.exe"=

"C:\\Program Files\\PHP Expert Editor\\phpxedit.exe"=

"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=

"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"G:\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"G:\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb5671d4-f738-11dc-b2a6-00112fbde430}]

\Shell\AutoRun\command - I:\setupSNK.exe

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-10 22:47:00

Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2008-04-10 22:48:27

ComboFix-quarantined-files.txt 2008-04-10 20:47:56

ComboFix2.txt 2008-04-10 19:30:25

Pre-Run: 25,054,707,712 bytes beschikbaar

Post-Run: 25,044,869,120 bytes beschikbaar

.

2008-04-10 16:11:15 --- E O F ---

Ziet er goed uit : Combofix heeft zijn werk degelijk gedaan

Er zijn nog twee twijfelgevallen die je eens moeten controleren op (eventuele) besmettingen bij Jotti.

C:\WINDOWS\system32\Picn1220.ssm

C:\WINDOWS\system32\Picn1520.ssm

Laat me het resultaat ervan daarna even weten.

En wat ik je eerder al aankondigde : meer dan 3/4 van de programma's die mee opstarten met Windows zijn onnodige opstarters. Om dit recht te zetten gebruiken we best Codestuff Starter.

Start Codestuff Starter op

Selecteer het tabblad Automatisch Opstarten en vink volgende items uit.

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

Volgende twee mag je ook uitschakelen (dat beslis je zelf), maar dan op hun eigen wijze :

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Om deze uit te schakelen start je de Windows Messenger (Niet de MSN of Windows Live Messenger) op, ga naar Extra -> Opties -> tabblad Voorkeuren en haal de vinkjes weg bij de vier vakjes onder "Algemeen".

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

Deze start MSN bij iedere systeemstart mee op. Persoonlijk zou ik deze uitschakelen in MSN zelf (bij Extra -> Opties -> tabblad "Algemeen" vinkjes weghalen onder "Aanmelden").

In Codestuff Starter zie je deze programma's wel zonder het nummer (04) en de letters (HKLM), maar enkel met de programmanaam of een afkorting ervan.

Mocht blijken dat je - om één of andere reden - later toch één van deze programma's mee wil laten opstarten, kan je dit steeds terug aanvinken in Codestuff Starter.

Als je dit achter de rug hebt, geef je maar een seintje. Dan beginnen we aan de "grote schoonmaak".

die automatische opstarters van windows mogen gewoon opstarten.... die gebruik ik vaak... en vindt het wel makkelijk als die direct opgestart zijn...

zoals daemontools Xfire SMtray (is mijn audio driver) NMBgMonitor adobe reader

dus ik laat ze gewoon allemaal opstarten bij windows start

die 2 twijfel gevallen... weet ik ook niet precies wat het is... ik denk iets van videobewerkings programma's... maar ik scan ze even..

**edit/toevoeging: die 2 zijn niet geinfecteerd.

die automatische opstarters van windows mogen gewoon opstarten.... die gebruik ik vaak... dus ik laat ze gewoon allemaal opstarten bij windows start

Geen probleem, dat is je eigen keuze (al kunnen ze natuurlijk wél een invloed hebben op de startsnelheid (al zal die al met al redelijk beperkt zijn, afhankelijk van het systeem dat je draait).

die 2 twijfel gevallen...die 2 zijn niet geinfecteerd.

OK, dan kunnen die op je machientje blijven staan.

Misschien is je echte probleem - de slome PC - nog niet helemaal van de baan, maar dan lijkt het me alvast geen softwareprobleem te zijn. De besmettingen zijn opgelost, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Combofix wordt verwijderd en een nieuw systeemherstelpunt wordt aangemaakt.

Verwijder Vundofix (als je daar nog sporen van terugvindt op je PC).

Download CCleaner.

Installeer het en start het op. Klik in de linkse kolom op “Opties”. Selecteer het tabblad ‘Geavanceerd’ en haal het vinkje weg voor “Verwijder alleen tijdelijke bestanden in de Windows systeemmap die ouder zijn dan 48 uur” en sluit hierna het programma.

Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten).

Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken -> "toepassen" en OK. PC herstarten en het vinkje terug weghalen.

That’s it !