Vraag & Antwoord

Beveiliging & privacy

Traag opstarten

20 antwoorden
  • Zou iemand onderstaand log eens willen beoordelen? Het opstarten en afsluiten van m'n pc, het installeren van de McAfee updates duurt ontzettend lang. Als er na het opstarten een update is voor McAfee kan ik gerust de eerste 20 minuten wat anders gaan doen. Via McAfee heb ik al wel een zeer omslachtige herinstallatiemethode ontvangen, maar ik zou vooraf hier even willen vragen of iemand iets bijzonders in de log ziet. In de log staat 3 maal svchost.exe vermeld, hoewel ik dat programma in Taakbeheer 7 maal tegenkom. 'k Weet niet of dat ook nog van belang is. Alvast bedankt voor de moeite. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:26:39, on 21-1-2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Opera\opera.exe C:\Program Files\2xExplorer\2xExplorer.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\system32\wuauclt.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcinsctl.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7870 bytes
  • Eigenlijk zie ik weinig interessants in je log, maar als je zekerheid wilt: Start hijackthis en kies voor 'do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:d0f8c325e7]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =[/b:d0f8c325e7] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe. Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen. Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt). Post de inhoud van dit bestandje.
  • Bedankt voor je reactie. Het eerste gedeelte heb ik uitgevoerd. Over het tweede gedeelte (Combofix) had ik een vraagje: Ik krijg de melding dat de antivirusscan en firewall uitgeschakeld dienen te worden. Is dat juist?
  • Ja, dat klopt volledig.
  • [quote:f7ccb06277="Othuroyo"]Ja, dat klopt volledig.[/quote:f7ccb06277] Is dat niet erg risicovol? Of moet ik zorgen dat ik dan geen verbinding heb met het internet?
  • Nee dat valt wel mee, combofix duurt maximaal 20 minuen dus dat kan wel
  • Bij deze de log die gemaakt is door Combofix: ComboFix 09-01-21.02 - Mijzelf 2009-01-23 19:31:36.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.767.460 [GMT 1:00] Gestart vanuit: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\MW c:\program files\MW\TGATool2\TGATool2A.exe c:\program files\MW\TGATool2\unins000.dat c:\program files\MW\TGATool2\unins000.exe c:\windows\system\msvbvm60.dll . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))) . 2009-01-22 16:33 . 2009-01-22 21:12 <DIR> dr-h----- c:\documents and settings\Mijzelf\Onlangs geopend . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-22 18:39 --------- d-----w c:\program files\Conbuilder 2009-01-22 15:26 --------- d-----w c:\documents and settings\Mijzelf\Application Data\Apple Computer 2009-01-21 20:05 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-11 12:37 --------- d-----w c:\program files\Route_Riter 2009-01-04 15:30 --------- d-----w c:\program files\SlimBrowser 2008-12-20 08:53 --------- d-----w c:\program files\Java 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-10-23 13:02 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-12 09:18 41,791 ----a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin 2005-09-27 11:22 313,283 -c--a-w c:\program files\cwshredder.zip 2004-10-20 09:42 328,488 -c--a-w c:\program files\CWSInstall.exe 2004-04-14 15:38 186,368 -c--a-w c:\program files\LSPFix.exe 2004-04-13 17:23 3,662,787 -c--a-w c:\program files\spybotsd12.exe 2005-09-03 08:20 56 --sh--r c:\windows\system32\11C6C02442.sys 2008-06-21 16:54 15,646 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095] R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280] S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys --> c:\program files\Foxie Suite\firewall.sys [?] S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104] . Inhoud van de 'Gedeelde Taken' map 2007-07-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] . . ------- Bijkomende Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Google Search IE: Alle links in deze pagina openen... IE: Backward &Links IE: Blokkeer alle plaatjes afkomstig van dezelfde server IE: Cac&hed Snapshot of Page IE: Markeren IE: Si&milar Pages IE: Toevoegen aan Reclame Black List IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Zoeken Trusted Zone: europeesche.nl\eol Trusted Zone: internet Trusted Zone: mcafee.com DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 19:35:03 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-01-23 19:42:14 ComboFix-quarantined-files.txt 2009-01-23 18:41:48 ComboFix2.txt 2007-01-21 17:24:43 Pre-Run: 616,185,856 bytes beschikbaar Post-Run: 605,198,848 bytes beschikbaar WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 151 --- E O F --- 2009-01-14 16:17:54
  • Open een kladblokbestand. Kopieer de onderstaande code, en plak deze in het kladblokbestand. [color=blue:bab568201b][b:bab568201b]File:: c:\windows\system32\11C6C02442.sys [/b:bab568201b][/color:bab568201b] Sla het kladblokbestand op als CFScript.txt Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder: [img:bab568201b]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:bab568201b] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
  • Hierbij het nieuwe log van Combofix: ComboFix 09-01-21.02 - Mijzelf 2009-01-24 22:09:23.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.767.456 [GMT 1:00] Gestart vanuit: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\Mijzelf\Bureaublad\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* FILE :: c:\windows\system32\11C6C02442.sys . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\11C6C02442.sys . (((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))) . 2009-01-24 16:06 . 2003-12-17 09:50 19,968 --------- c:\windows\LOGI_MWX.EXE 2009-01-24 14:19 . 2009-01-24 14:19 <DIR> d-------- c:\program files\MUSICMATCH 2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d-------- c:\windows\Java 2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d-------- c:\program files\PC Wizard 2008 2009-01-23 22:48 . 2007-09-15 15:11 27,136 --a------ c:\windows\system32\PCWizard.cpl 2009-01-22 16:33 . 2009-01-24 22:02 <DIR> dr-h----- c:\documents and settings\Mijzelf\Onlangs geopend . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 11:50 --------- d-----w c:\program files\Conbuilder 2009-01-22 15:26 --------- d-----w c:\documents and settings\Mijzelf\Application Data\Apple Computer 2009-01-21 20:05 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-11 12:37 --------- d-----w c:\program files\Route_Riter 2009-01-04 15:30 --------- d-----w c:\program files\SlimBrowser 2008-12-20 08:53 --------- d-----w c:\program files\Java 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-10-12 09:18 41,791 ----a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin 2005-09-27 11:22 313,283 -c--a-w c:\program files\cwshredder.zip 2004-10-20 09:42 328,488 -c--a-w c:\program files\CWSInstall.exe 2004-04-14 15:38 186,368 -c--a-w c:\program files\LSPFix.exe 2004-04-13 17:23 3,662,787 -c--a-w c:\program files\spybotsd12.exe 2008-06-21 16:54 15,646 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2009-01-23_19.37.04.67 ))))))))))))))))))))))))))))))))))))))))) . - 1998-10-29 14:45:06 306,688 ----a-w c:\windows\IsUninst.exe + 1998-10-29 15:45:06 306,688 ----a-w c:\windows\IsUninst.exe + 2001-03-02 19:52:40 15,360 ----a-w c:\windows\system32\asfsipc.dll - 2001-09-19 07:41:00 164,352 ----a-w c:\windows\system32\COMNCTR.DLL + 2004-01-08 08:50:00 104,960 ----a-w c:\windows\system32\COMNCTR.DLL - 2009-01-23 17:45:39 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-24 19:40:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-01-23 17:45:39 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2009-01-24 19:40:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2004-08-04 08:53:36 23,552 -c--a-w c:\windows\system32\dllcache\mouclass.sys - 2001-09-06 17:04:40 12,288 -c--a-w c:\windows\system32\dllcache\mouhid.sys + 2001-09-06 18:04:40 12,288 -c--a-w c:\windows\system32\dllcache\mouhid.sys - 2001-09-19 09:41:00 50,432 ----a-w c:\windows\system32\drivers\L8042Pr2.sys + 2003-12-17 08:50:00 51,729 ------w c:\windows\system32\drivers\L8042PR2.SYS - 2004-03-03 07:50:00 14,095 ----a-w c:\windows\system32\drivers\LCcfltr.sys + 2003-12-17 08:50:00 14,095 ----a-w c:\windows\system32\drivers\LCcfltr.sys - 2001-09-19 09:41:00 22,064 ------w c:\windows\system32\drivers\LHIDFLT2.SYS + 2003-12-17 08:50:00 25,505 ----a-w c:\windows\system32\drivers\LHidFlt2.Sys - 2004-03-03 07:50:00 37,887 ----a-w c:\windows\system32\drivers\LHidUsb.sys + 2003-12-17 08:50:00 37,887 ----a-w c:\windows\system32\drivers\LHidUsb.sys - 2001-09-19 09:41:00 67,440 ----a-w c:\windows\system32\drivers\LMouFlt2.sys + 2003-12-17 08:50:00 70,801 ----a-w c:\windows\system32\drivers\LMouFlt2.Sys - 2004-08-04 07:53:36 23,552 ----a-w c:\windows\system32\drivers\mouclass.sys + 2004-08-04 08:53:36 23,552 ----a-w c:\windows\system32\drivers\mouclass.sys - 2001-09-06 17:04:40 12,288 ----a-w c:\windows\system32\drivers\mouhid.sys + 2001-09-06 18:04:40 12,288 ----a-w c:\windows\system32\drivers\mouhid.sys - 2001-09-19 07:41:00 155,648 ----a-w c:\windows\system32\ifc21.dll + 2002-11-21 08:50:00 155,648 ----a-w c:\windows\system32\ifc21.dll - 2001-09-19 09:41:00 19,182 ----a-w c:\windows\system32\LCoInst.dll + 2003-12-17 08:50:00 23,375 ------w c:\windows\system32\LCOINST.DLL - 2001-09-19 07:41:00 109,056 ----a-w c:\windows\system32\LGUICOM.DLL + 2004-01-08 08:50:00 97,792 ----a-w c:\windows\system32\LGUICOM.DLL - 2001-09-19 09:41:00 140,800 ------w c:\windows\system32\lmoufrc.dll + 2003-12-17 08:50:00 152,064 ------w c:\windows\system32\lmoufrc.dll - 2001-09-19 07:41:00 3,792 ----a-w c:\windows\system32\LMOUSE16.DLL + 2004-01-08 08:50:00 3,568 ----a-w c:\windows\system32\LMOUSE16.DLL - 2001-09-19 07:41:00 17,408 ----a-w c:\windows\system32\LMOUSE32.DLL + 2004-01-08 08:50:00 16,896 ----a-w c:\windows\system32\LMOUSE32.DLL + 2002-11-08 09:50:00 14,156 ----a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]007\DriverFiles\LCcfltr.sys + 2003-12-17 08:50:00 37,887 ----a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]007\DriverFiles\LHidUsb.sys + 2003-12-17 08:50:00 37,887 ----a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]017\DriverFiles\LHidUsb.sys + 2004-08-04 08:53:36 23,552 ----a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]018\DriverFiles\i386\mouclass.sys + 2001-09-06 18:04:40 12,288 ----a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]018\DriverFiles\i386\mouhid.sys - 2008-05-04 10:26:16 358,436 -c--a-w c:\windows\system32\Restore\rstrlog.dat + 2009-01-24 14:42:26 1,191,544 -c--a-w c:\windows\system32\Restore\rstrlog.dat + 2009-01-24 19:32:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7e0.dat . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095] R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280] S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys --> c:\program files\Foxie Suite\firewall.sys [?] S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104] . Inhoud van de 'Gedeelde Taken' map 2007-07-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] . . ------- Bijkomende Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Google Search IE: Alle links in deze pagina openen... IE: Backward &Links IE: Blokkeer alle plaatjes afkomstig van dezelfde server IE: Cac&hed Snapshot of Page IE: Markeren IE: Si&milar Pages IE: Toevoegen aan Reclame Black List IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Zoeken Trusted Zone: europeesche.nl\eol Trusted Zone: internet Trusted Zone: mcafee.com DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 22:13:46 Windows 5.1.2600 Service Pack 2 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . Voltooingstijd: 2009-01-24 22:21:02 ComboFix-quarantined-files.txt 2009-01-24 21:20:56 ComboFix2.txt 2009-01-23 18:42:16 ComboFix3.txt 2007-01-21 17:24:43 Pre-Run: 684,228,608 bytes beschikbaar Post-Run: 693,502,464 bytes beschikbaar 197 --- E O F --- 2009-01-14 16:17:54
  • Open een kladblokbestand. Kopieer de onderstaande code, en plak deze in het kladblokbestand. [color=blue:6983dfa073][b:6983dfa073]File:: c:\windows\temp\Perflib_Perfdata_7e0.dat [/b:6983dfa073][/color:6983dfa073] Sla het kladblokbestand op als CFScript.txt Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe, zoals hier onder: [img:6983dfa073]http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif[/img:6983dfa073] ComboFix zal opnieuw starten. Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile. Vertel ook gelijk hoe het met de problemen gaat.
  • Hieronder weer een Combofix log. De problemen zijn nog steeds hetzelfde. Bijvoorbeeld de pc opnieuw opstarten; dat duurt ongeveer een kwartier voordat de pc opnieuw is opgestart, voordat McAfee actief is en voordat de Opera browser een venster heeft geopend. Waar zijn we nu naar op zoek door middel van Combofix? Hier dus de log ( en alvast hartelijk bedankt voor de tijd en de moeite die hier in gaat zitten. Zo te zien ben ik niet de enige dus dat kost jou nogal wat tijd, lijkt me. ) ComboFix 09-01-21.02 - Mijzelf 2009-01-25 12:44:13.3 - NTFSx86 Running from: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe Command switches used :: c:\documents and settings\Mijzelf\Bureaublad\CFScript.txt AV: McAfee VirusScan *On-access scanning enabled* (Updated) FW: McAfee Personal Firewall *enabled* FILE :: c:\windows\temp\Perflib_Perfdata_7e0.dat . ((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 ))))))))))))))))))))))))))))))) . 2009-01-25 12:37 . 2009-01-25 12:38 <DIR> d-------- C:\32788R22FWJFW 2009-01-24 16:06 . 2003-12-17 09:50 19,968 --------- c:\windows\LOGI_MWX.EXE 2009-01-24 14:19 . 2009-01-24 14:19 <DIR> d-------- c:\program files\MUSICMATCH 2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d-------- c:\windows\Java 2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d-------- c:\program files\PC Wizard 2008 2009-01-23 22:48 . 2007-09-15 15:11 27,136 --a------ c:\windows\system32\PCWizard.cpl 2009-01-22 16:33 . 2009-01-25 12:36 <DIR> dr-h----- c:\documents and settings\Mijzelf\Onlangs geopend . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 23:28 --------- d-----w c:\program files\Conbuilder 2009-01-22 15:26 --------- d-----w c:\documents and settings\Mijzelf\Application Data\Apple Computer 2009-01-21 20:05 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-11 12:37 --------- d-----w c:\program files\Route_Riter 2009-01-04 15:30 --------- d-----w c:\program files\SlimBrowser 2008-12-20 08:53 --------- d-----w c:\program files\Java 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-10-12 09:18 41,791 ----a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin 2005-09-27 11:22 313,283 -c--a-w c:\program files\cwshredder.zip 2004-10-20 09:42 328,488 -c--a-w c:\program files\CWSInstall.exe 2004-04-14 15:38 186,368 -c--a-w c:\program files\LSPFix.exe 2004-04-13 17:23 3,662,787 -c--a-w c:\program files\spybotsd12.exe 2008-06-21 16:54 15,646 --sha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot_2009-01-24_22.15.30.43 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-24 19:40:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-01-25 09:29:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-01-24 19:40:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2009-01-25 09:29:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat + 2009-01-25 09:08:22 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7ac.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095] R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280] S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys --> c:\program files\Foxie Suite\firewall.sys [?] S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104] . Contents of the 'Scheduled Tasks' folder 2007-07-14 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2009-01-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Google Search IE: Alle links in deze pagina openen... IE: Backward &Links IE: Blokkeer alle plaatjes afkomstig van dezelfde server IE: Cac&hed Snapshot of Page IE: Markeren IE: Si&milar Pages IE: Toevoegen aan Reclame Black List IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Zoeken Trusted Zone: europeesche.nl\eol Trusted Zone: internet Trusted Zone: mcafee.com DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-25 12:49:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-25 12:57:25 ComboFix-quarantined-files.txt 2009-01-25 11:57:07 ComboFix2.txt 2009-01-24 21:21:04 ComboFix3.txt 2009-01-23 18:42:16 ComboFix4.txt 2007-01-21 17:24:43 Pre-Run: 503.824.384 bytes beschikbaar Post-Run: 492,142,080 bytes beschikbaar 151 --- E O F --- 2009-01-14 16:17:54
  • Hoe staat het met de problemen?
  • [quote:0e6e410cab="Othuroyo"]Hoe staat het met de problemen?[/quote:0e6e410cab] Nog nauwelijks verbetering, eerlijk gezegd. De problemen zijn nog steeds hetzelfde. Bijvoorbeeld de pc opnieuw opstarten; dat duurt ongeveer een kwartier voordat de pc opnieuw is opgestart, voordat McAfee actief is en voordat de Opera browser een venster heeft geopend.
  • Wat zijn jouw systeem specificaties en sinds wanneer heb je jouw pc voor het laatst geformatteerd? Ik zie namelijk geen sporen van malware meer dus daar zal het niet aan liggen.
  • [quote:8acc9cea06="Othuroyo"]Wat zijn jouw systeem specificaties en sinds wanneer heb je jouw pc voor het laatst geformatteerd? Ik zie namelijk geen sporen van malware meer dus daar zal het niet aan liggen.[/quote:8acc9cea06] Pentium IV 1.7 Ghz, 768 RAM, Nvidia GFX 5600, XP geïnstalleerd op C partitie van 10 GB waarvan 1,2 vrije ruimte (misschien wat weinig), geformatteerd heb ik met XP nog nooit gedaan, gedefragmenteerd is al wel een poos geleden. 'k Zou misschien toch de omslachtige herinstallatie van McAfee eens moeten uitvoeren.
  • Jij hebt echt zéér en zéér slechte specificaties. Jouw specificaties zijn geloof ik ook niet genoeg voor xp.
  • XP draaide tot voor kort probleemloos op dit systeem. 't Is pas sinds een week of vier dat alles een slag langzamer ging. Ik rijd veel met treintjes en die zullen ook wel gedetailleerder worden waardoor de sim slechter gaat draaien. M'n RAM uitbreiden naar 3 x 512, heeft dat zin bij dit systeem? In ieder geval bedankt voor je tijd en de moeite die je er in hebt gestoken. Al wel een opluchting dat m'n systeem, malware-vrij is. :D
  • Onthoud wel dat je met alleen geheugen weinig opschiet. Jouw processor is ook aan de slechte kant, evenals jouw harde schijf. Voor spellen is ook jouw videokaart te slecht.
  • OK, bedankt. Binnenkort maar eens op zoek gaan naar een nieuw systeem, lijkt me???
  • Ja lijkt me verstandiger.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.