Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Traag opstarten

None
20 antwoorden
  • Zou iemand onderstaand log eens willen beoordelen? Het opstarten en afsluiten van m'n pc, het installeren van de McAfee updates duurt ontzettend lang. Als er na het opstarten een update is voor McAfee kan ik gerust de eerste 20 minuten wat anders gaan doen. Via McAfee heb ik al wel een zeer omslachtige herinstallatiemethode ontvangen, maar ik zou vooraf hier even willen vragen of iemand iets bijzonders in de log ziet.

    In de log staat 3 maal svchost.exe vermeld, hoewel ik dat programma in Taakbeheer 7 maal tegenkom. 'k Weet niet of dat ook nog van belang is.

    Alvast bedankt voor de moeite.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:26:39, on 21-1-2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\2xExplorer\2xExplorer.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    unkey
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcinsctl.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe


    End of file - 7870 bytes
  • Eigenlijk zie ik weinig interessants in je log, maar als je zekerheid wilt:


    Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:d0f8c325e7]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =[/b:d0f8c325e7]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.



    Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
    Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
    Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
    Post de inhoud van dit bestandje.
  • Bedankt voor je reactie. Het eerste gedeelte heb ik uitgevoerd. Over het tweede gedeelte (Combofix) had ik een vraagje: Ik krijg de melding dat de antivirusscan en firewall uitgeschakeld dienen te worden. Is dat juist?
  • Ja, dat klopt volledig.
  • [quote:f7ccb06277="Othuroyo"]Ja, dat klopt volledig.[/quote:f7ccb06277]

    Is dat niet erg risicovol? Of moet ik zorgen dat ik dan geen verbinding heb met het internet?
  • Nee dat valt wel mee, combofix duurt maximaal 20 minuen dus dat kan wel
  • Bij deze de log die gemaakt is door Combofix:

    ComboFix 09-01-21.02 - Mijzelf 2009-01-23 19:31:36.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.767.460 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\MW
    c:\program files\MW\TGATool2\TGATool2A.exe
    c:\program files\MW\TGATool2\unins000.dat
    c:\program files\MW\TGATool2\unins000.exe
    c:\windows\system\msvbvm60.dll

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-23 to 2009-01-23 ))))))))))))))))))))))))))))))
    .

    2009-01-22 16:33 . 2009-01-22 21:12 <DIR> dr-h—– c:\documents and settings\Mijzelf\Onlangs geopend

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-22 18:39 ——— d—–w c:\program files\Conbuilder
    2009-01-22 15:26 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Apple Computer
    2009-01-21 20:05 ——— d—–w c:\program files\Mozilla Thunderbird
    2009-01-11 12:37 ——— d—–w c:\program files\Route_Riter
    2009-01-04 15:30 ——— d—–w c:\program files\SlimBrowser
    2008-12-20 08:53 ——— d—–w c:\program files\Java
    2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-10 04:43 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-10-23 13:02 283,648 —-a-w c:\windows\system32\gdi32.dll
    2008-10-12 09:18 41,791 —-a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin
    2005-09-27 11:22 313,283 -c–a-w c:\program files\cwshredder.zip
    2004-10-20 09:42 328,488 -c–a-w c:\program files\CWSInstall.exe
    2004-04-14 15:38 186,368 -c–a-w c:\program files\LSPFix.exe
    2004-04-13 17:23 3,662,787 -c–a-w c:\program files\spybotsd12.exe
    2005-09-03 08:20 56 –sh–r c:\windows\system32\11C6C02442.sys
    2008-06-21 16:54 15,646 –sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
    "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32
    wiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664]
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095]
    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280]
    S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys –> c:\program files\Foxie Suite\firewall.sys [?]
    S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104]
    .
    Inhoud van de 'Gedeelde Taken' map

    2007-07-14 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

    2009-01-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Google Search
    IE: Alle links in deze pagina openen…
    IE: Backward &Links
    IE: Blokkeer alle plaatjes afkomstig van dezelfde server
    IE: Cac&hed Snapshot of Page
    IE: Markeren
    IE: Si&milar Pages
    IE: Toevoegen aan Reclame Black List
    IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Zoeken
    Trusted Zone: europeesche.nl\eol
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
    FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    ppl3260.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prjplug.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-23 19:35:03
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-01-23 19:42:14
    ComboFix-quarantined-files.txt 2009-01-23 18:41:48
    ComboFix2.txt 2007-01-21 17:24:43

    Pre-Run: 616,185,856 bytes beschikbaar
    Post-Run: 605,198,848 bytes beschikbaar

    WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    151 — E O F — 2009-01-14 16:17:54
  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

    [b:bab568201b]File::
    c:\windows\system32\11C6C02442.sys
    [/b:bab568201b][/color:bab568201b]

    Sla het kladblokbestand op als CFScript.txt

    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder:

    [img:bab568201b]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:bab568201b]

    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.
  • Hierbij het nieuwe log van Combofix:

    ComboFix 09-01-21.02 - Mijzelf 2009-01-24 22:09:23.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.767.456 [GMT 1:00]
    Gestart vanuit: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe
    gebruikte Opdracht switches :: c:\documents and settings\Mijzelf\Bureaublad\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*

    FILE ::
    c:\windows\system32\11C6C02442.sys
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\11C6C02442.sys

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
    .

    2009-01-24 16:06 . 2003-12-17 09:50 19,968 ——— c:\windows\LOGI_MWX.EXE
    2009-01-24 14:19 . 2009-01-24 14:19 <DIR> d——– c:\program files\MUSICMATCH
    2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\windows\Java
    2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\program files\PC Wizard 2008
    2009-01-23 22:48 . 2007-09-15 15:11 27,136 –a—— c:\windows\system32\PCWizard.cpl
    2009-01-22 16:33 . 2009-01-24 22:02 <DIR> dr-h—– c:\documents and settings\Mijzelf\Onlangs geopend

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-24 11:50 ——— d—–w c:\program files\Conbuilder
    2009-01-22 15:26 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Apple Computer
    2009-01-21 20:05 ——— d—–w c:\program files\Mozilla Thunderbird
    2009-01-11 12:37 ——— d—–w c:\program files\Route_Riter
    2009-01-04 15:30 ——— d—–w c:\program files\SlimBrowser
    2008-12-20 08:53 ——— d—–w c:\program files\Java
    2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-10 04:43 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-10-12 09:18 41,791 —-a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin
    2005-09-27 11:22 313,283 -c–a-w c:\program files\cwshredder.zip
    2004-10-20 09:42 328,488 -c–a-w c:\program files\CWSInstall.exe
    2004-04-14 15:38 186,368 -c–a-w c:\program files\LSPFix.exe
    2004-04-13 17:23 3,662,787 -c–a-w c:\program files\spybotsd12.exe
    2008-06-21 16:54 15,646 –sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-23_19.37.04.67 )))))))))))))))))))))))))))))))))))))))))
    .
    - 1998-10-29 14:45:06 306,688 —-a-w c:\windows\IsUninst.exe
    + 1998-10-29 15:45:06 306,688 —-a-w c:\windows\IsUninst.exe
    + 2001-03-02 19:52:40 15,360 —-a-w c:\windows\system32\asfsipc.dll
    - 2001-09-19 07:41:00 164,352 —-a-w c:\windows\system32\COMNCTR.DLL
    + 2004-01-08 08:50:00 104,960 —-a-w c:\windows\system32\COMNCTR.DLL
    - 2009-01-23 17:45:39 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-23 17:45:39 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2004-08-04 08:53:36 23,552 -c–a-w c:\windows\system32\dllcache\mouclass.sys
    - 2001-09-06 17:04:40 12,288 -c–a-w c:\windows\system32\dllcache\mouhid.sys
    + 2001-09-06 18:04:40 12,288 -c–a-w c:\windows\system32\dllcache\mouhid.sys
    - 2001-09-19 09:41:00 50,432 —-a-w c:\windows\system32\drivers\L8042Pr2.sys
    + 2003-12-17 08:50:00 51,729 ——w c:\windows\system32\drivers\L8042PR2.SYS
    - 2004-03-03 07:50:00 14,095 —-a-w c:\windows\system32\drivers\LCcfltr.sys
    + 2003-12-17 08:50:00 14,095 —-a-w c:\windows\system32\drivers\LCcfltr.sys
    - 2001-09-19 09:41:00 22,064 ——w c:\windows\system32\drivers\LHIDFLT2.SYS
    + 2003-12-17 08:50:00 25,505 —-a-w c:\windows\system32\drivers\LHidFlt2.Sys
    - 2004-03-03 07:50:00 37,887 —-a-w c:\windows\system32\drivers\LHidUsb.sys
    + 2003-12-17 08:50:00 37,887 —-a-w c:\windows\system32\drivers\LHidUsb.sys
    - 2001-09-19 09:41:00 67,440 —-a-w c:\windows\system32\drivers\LMouFlt2.sys
    + 2003-12-17 08:50:00 70,801 —-a-w c:\windows\system32\drivers\LMouFlt2.Sys
    - 2004-08-04 07:53:36 23,552 —-a-w c:\windows\system32\drivers\mouclass.sys
    + 2004-08-04 08:53:36 23,552 —-a-w c:\windows\system32\drivers\mouclass.sys
    - 2001-09-06 17:04:40 12,288 —-a-w c:\windows\system32\drivers\mouhid.sys
    + 2001-09-06 18:04:40 12,288 —-a-w c:\windows\system32\drivers\mouhid.sys
    - 2001-09-19 07:41:00 155,648 —-a-w c:\windows\system32\ifc21.dll
    + 2002-11-21 08:50:00 155,648 —-a-w c:\windows\system32\ifc21.dll
    - 2001-09-19 09:41:00 19,182 —-a-w c:\windows\system32\LCoInst.dll
    + 2003-12-17 08:50:00 23,375 ——w c:\windows\system32\LCOINST.DLL
    - 2001-09-19 07:41:00 109,056 —-a-w c:\windows\system32\LGUICOM.DLL
    + 2004-01-08 08:50:00 97,792 —-a-w c:\windows\system32\LGUICOM.DLL
    - 2001-09-19 09:41:00 140,800 ——w c:\windows\system32\lmoufrc.dll
    + 2003-12-17 08:50:00 152,064 ——w c:\windows\system32\lmoufrc.dll
    - 2001-09-19 07:41:00 3,792 —-a-w c:\windows\system32\LMOUSE16.DLL
    + 2004-01-08 08:50:00 3,568 —-a-w c:\windows\system32\LMOUSE16.DLL
    - 2001-09-19 07:41:00 17,408 —-a-w c:\windows\system32\LMOUSE32.DLL
    + 2004-01-08 08:50:00 16,896 —-a-w c:\windows\system32\LMOUSE32.DLL
    + 2002-11-08 09:50:00 14,156 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]007\DriverFiles\LCcfltr.sys
    + 2003-12-17 08:50:00 37,887 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]007\DriverFiles\LHidUsb.sys
    + 2003-12-17 08:50:00 37,887 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]017\DriverFiles\LHidUsb.sys
    + 2004-08-04 08:53:36 23,552 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]018\DriverFiles\i386\mouclass.sys
    + 2001-09-06 18:04:40 12,288 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]018\DriverFiles\i386\mouhid.sys
    - 2008-05-04 10:26:16 358,436 -c–a-w c:\windows\system32\Restore\rstrlog.dat
    + 2009-01-24 14:42:26 1,191,544 -c–a-w c:\windows\system32\Restore\rstrlog.dat
    + 2009-01-24 19:32:47 16,384 —-atw c:\windows\temp\Perflib_Perfdata_7e0.dat
    .
    – Snapshot teruggezet naar huidige datum –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32
    wiz.exe]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664]
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095]
    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280]
    S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys –> c:\program files\Foxie Suite\firewall.sys [?]
    S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104]
    .
    Inhoud van de 'Gedeelde Taken' map

    2007-07-14 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

    2009-01-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Google Search
    IE: Alle links in deze pagina openen…
    IE: Backward &Links
    IE: Blokkeer alle plaatjes afkomstig van dezelfde server
    IE: Cac&hed Snapshot of Page
    IE: Markeren
    IE: Si&milar Pages
    IE: Toevoegen aan Reclame Black List
    IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Zoeken
    Trusted Zone: europeesche.nl\eol
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
    FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    ppl3260.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prjplug.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-24 22:13:46
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen …

    scannen van verborgen autostart items …

    scannen van verborgen bestanden …

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2009-01-24 22:21:02
    ComboFix-quarantined-files.txt 2009-01-24 21:20:56
    ComboFix2.txt 2009-01-23 18:42:16
    ComboFix3.txt 2007-01-21 17:24:43

    Pre-Run: 684,228,608 bytes beschikbaar
    Post-Run: 693,502,464 bytes beschikbaar

    197 — E O F — 2009-01-14 16:17:54
  • Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

    [b:6983dfa073]File::
    c:\windows\temp\Perflib_Perfdata_7e0.dat
    [/b:6983dfa073][/color:6983dfa073]

    Sla het kladblokbestand op als CFScript.txt

    Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder:

    [img:6983dfa073]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:6983dfa073]

    ComboFix zal opnieuw starten.
    Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
    Post de inhoud van de logfile.

    Vertel ook gelijk hoe het met de problemen gaat.
  • Hieronder weer een Combofix log. De problemen zijn nog steeds hetzelfde. Bijvoorbeeld de pc opnieuw opstarten; dat duurt ongeveer een kwartier voordat de pc opnieuw is opgestart, voordat McAfee actief is en voordat de Opera browser een venster heeft geopend.

    Waar zijn we nu naar op zoek door middel van Combofix?

    Hier dus de log ( en alvast hartelijk bedankt voor de tijd en de moeite die hier in gaat zitten. Zo te zien ben ik niet de enige dus dat kost jou nogal wat tijd, lijkt me. )

    ComboFix 09-01-21.02 - Mijzelf 2009-01-25 12:44:13.3 - NTFSx86
    Running from: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe
    Command switches used :: c:\documents and settings\Mijzelf\Bureaublad\CFScript.txt
    AV: McAfee VirusScan *On-access scanning enabled* (Updated)
    FW: McAfee Personal Firewall *enabled*

    FILE ::
    c:\windows\temp\Perflib_Perfdata_7e0.dat
    .

    ((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
    .

    2009-01-25 12:37 . 2009-01-25 12:38 <DIR> d——– C:\32788R22FWJFW
    2009-01-24 16:06 . 2003-12-17 09:50 19,968 ——— c:\windows\LOGI_MWX.EXE
    2009-01-24 14:19 . 2009-01-24 14:19 <DIR> d——– c:\program files\MUSICMATCH
    2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\windows\Java
    2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\program files\PC Wizard 2008
    2009-01-23 22:48 . 2007-09-15 15:11 27,136 –a—— c:\windows\system32\PCWizard.cpl
    2009-01-22 16:33 . 2009-01-25 12:36 <DIR> dr-h—– c:\documents and settings\Mijzelf\Onlangs geopend

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-24 23:28 ——— d—–w c:\program files\Conbuilder
    2009-01-22 15:26 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Apple Computer
    2009-01-21 20:05 ——— d—–w c:\program files\Mozilla Thunderbird
    2009-01-11 12:37 ——— d—–w c:\program files\Route_Riter
    2009-01-04 15:30 ——— d—–w c:\program files\SlimBrowser
    2008-12-20 08:53 ——— d—–w c:\program files\Java
    2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
    2008-11-10 04:43 410,984 —-a-w c:\windows\system32\deploytk.dll
    2008-10-12 09:18 41,791 —-a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin
    2005-09-27 11:22 313,283 -c–a-w c:\program files\cwshredder.zip
    2004-10-20 09:42 328,488 -c–a-w c:\program files\CWSInstall.exe
    2004-04-14 15:38 186,368 -c–a-w c:\program files\LSPFix.exe
    2004-04-13 17:23 3,662,787 -c–a-w c:\program files\spybotsd12.exe
    2008-06-21 16:54 15,646 –sha-w c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2009-01-24_22.15.30.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-25 09:29:41 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-01-25 09:29:41 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
    + 2009-01-25 09:08:22 16,384 —-atw c:\windows\temp\Perflib_Perfdata_7ac.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
    "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32
    wiz.exe]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664]
    BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk]

    [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095]
    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280]
    S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys –> c:\program files\Foxie Suite\firewall.sys [?]
    S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104]
    .
    Contents of the 'Scheduled Tasks' folder

    2007-07-14 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

    2009-01-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = about:blank
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Google Search
    IE: Alle links in deze pagina openen…
    IE: Backward &Links
    IE: Blokkeer alle plaatjes afkomstig van dezelfde server
    IE: Cac&hed Snapshot of Page
    IE: Markeren
    IE: Si&milar Pages
    IE: Toevoegen aan Reclame Black List
    IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Zoeken
    Trusted Zone: europeesche.nl\eol
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
    FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    ppl3260.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prjplug.dll
    FF - plugin: c:\program files\Real\RealOne Player\Netscape6
    prpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-25 12:49:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-01-25 12:57:25
    ComboFix-quarantined-files.txt 2009-01-25 11:57:07
    ComboFix2.txt 2009-01-24 21:21:04
    ComboFix3.txt 2009-01-23 18:42:16
    ComboFix4.txt 2007-01-21 17:24:43

    Pre-Run: 503.824.384 bytes beschikbaar
    Post-Run: 492,142,080 bytes beschikbaar

    151 — E O F — 2009-01-14 16:17:54
  • Hoe staat het met de problemen?
  • [quote:0e6e410cab="Othuroyo"]Hoe staat het met de problemen?[/quote:0e6e410cab]

    Nog nauwelijks verbetering, eerlijk gezegd. De problemen zijn nog steeds hetzelfde. Bijvoorbeeld de pc opnieuw opstarten; dat duurt ongeveer een kwartier voordat de pc opnieuw is opgestart, voordat McAfee actief is en voordat de Opera browser een venster heeft geopend.
  • Wat zijn jouw systeem specificaties en sinds wanneer heb je jouw pc voor het laatst geformatteerd?
    Ik zie namelijk geen sporen van malware meer dus daar zal het niet aan liggen.
  • [quote:8acc9cea06="Othuroyo"]Wat zijn jouw systeem specificaties en sinds wanneer heb je jouw pc voor het laatst geformatteerd?
    Ik zie namelijk geen sporen van malware meer dus daar zal het niet aan liggen.[/quote:8acc9cea06]

    Pentium IV 1.7 Ghz, 768 RAM, Nvidia GFX 5600, XP geïnstalleerd op C partitie van 10 GB waarvan 1,2 vrije ruimte (misschien wat weinig), geformatteerd heb ik met XP nog nooit gedaan, gedefragmenteerd is al wel een poos geleden.

    'k Zou misschien toch de omslachtige herinstallatie van McAfee eens moeten uitvoeren.
  • Jij hebt echt zéér en zéér slechte specificaties.
    Jouw specificaties zijn geloof ik ook niet genoeg voor xp.
  • XP draaide tot voor kort probleemloos op dit systeem. 't Is pas sinds een week of vier dat alles een slag langzamer ging. Ik rijd veel met treintjes en die zullen ook wel gedetailleerder worden waardoor de sim slechter gaat draaien. M'n RAM uitbreiden naar 3 x 512, heeft dat zin bij dit systeem?

    In ieder geval bedankt voor je tijd en de moeite die je er in hebt gestoken. Al wel een opluchting dat m'n systeem, malware-vrij is. :D
  • Onthoud wel dat je met alleen geheugen weinig opschiet.
    Jouw processor is ook aan de slechte kant, evenals jouw harde schijf.
    Voor spellen is ook jouw videokaart te slecht.
  • OK, bedankt. Binnenkort maar eens op zoek gaan naar een nieuw systeem, lijkt me???
  • Ja lijkt me verstandiger.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.