Vraag & Antwoord

Beveiliging & privacy

Traag opstarten Notebook

21 antwoorden
  • Pentium 4 - CPU 1.8GHZ - 512MB Ram (meer past er niet in) Windows XP SP3 Virtual memory ingesteld op 768MB Avast virus scanner Draai regelmatig CCleaner - Registry Manager - Spybot - Defrag - MS updates Task manager: Normaal gebruik in rust: memory zo'n 375MB - CPU paar % Memory gebruikt tijdens opstart echter zo'n 850MB (loopt naar maximaal) terwijl CPU gebruik laag blijft Helemaal opstarten kan zo'n 15 minuten of meer in beslag nemen, hierna zakt memory gebruik weer qua verbruik Wat is er aan de hand/niet goed? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:50:10, on 29-08-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/www.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - https://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1269559478163 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chello.nl O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = chello.nl O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chello.nl O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
  • Deze log lijkt mij schoon op het 1e gezicht, Abraham54 weet er veel meer van. Mem: max 512 MB? in een Pentium 4? Kijk eens op de website welk type geheugen ondersteund wordt. Als de laptop het verder nog waard is dan kan er vaak 1 of 2 GB in En dat scheelt enorm in de snelheid (in mijn Asus L3800 ko max 1 GB dus eff checken voor dit laptoppie). Welke overigens?
  • De TS bedoelt waarschijnlijk dat alle geheugen sloten van zijn P4 laptop vol zitten. Voor XP SP3 vind ik 512 MB niet te weinig. XP werd toch uitgebracht in 2001. In die tijd was 512 MB werkgeheugen normaal. (Ikzelf heb met mijn oude AthlonXP 1700+ en dual Pentium3 PC's jaren lang gedraaid met 512 MB werkgeheugen. Met daarop Windows XP.) Het langzame opstarten zou de TS kunnen proberen te analyseren via applicatie [url=http://en.wikipedia.org/wiki/BootVis]BootVis.[/url]
  • Als ik het zo bekijken kan moet je even aan de slag, je wisselgeheugen instellen op min 1024MB aangezien je krap in geheugen zit. Verder zou ik eens kijken wat allemaal opstart, probeer hier je winst te behalen, ik zie nogal wat van adobe starten wat niet nodig is. Als je met een installatie kan starten die maar een minimum aan processen start dan zul je zeker snelheid winnen. Kijk ook eens naar het aantal herstelpunten wat er nog staat, die kunnen heel veel ruimte innemen en dus plaats in je systeem. Office hoeft niet op te starten, uitschakelen dus! Van Dell zie ik ook heel wat opstarten, ook uitschakelen! Logitech desktop messenger, uitschakel of op handmatig. Meer weten wat je wel en niet uit kan schakelen? http://www.schoonepc.nl/optim/bootvis.html En kijk ook eens hier: http://www.blackviper.com/WinXP/servicecfg.htm Algemeen gezegd start er heel veel op en dat kan deze laptop niet aan denk ik, ga dus tweaken en kijk op schoonePC hoe je dat kan doen en bij black viper kun je heel veel services beter afstellen waar je veel winst kan halen. Sterkte er mee en laat eens horen wat het resultaat is.
  • [quote:03487a792d="andre@home"]...Mem: max 512 MB? in een Pentium 4?.... Welke overigens?[/quote:03487a792d] Dell Inspiron 2650, uit 2002.... Het vreemde is dat het fenomeen ineens de kop op stak een week of wat geleden. Er is verder niets bijzonders gebeurt en alles lijkt normaal en goed te functioneren: software en internet zonder merkbaar snelheidsverlies. PS. Virtual memory had ik oorsponkelijk hoger staan. Bedankt voor de tips: ik zal ermee aan de gang gaan.
  • Hoi Jan, je log ziet er inderdaad mooi uit. Wel heb je nog Avast 4 erinzitten, die kan je vervangen voor Avast 5! En doe toch maar het volgende: [b:f5dce75519][url=http://www.idealsoftware.nl/MBAM/][B]Download, installeer en blijf MBAM gebruiken[/b:f5dce75519] (KLIK)[/url][/B] (klik op de blaue knop om de gratis versie te downloaden!) [list:f5dce75519][*:f5dce75519] Al meteen na de installatie wil [b:f5dce75519]MBAM[/b:f5dce75519] zijn database opwaarderen – toestaan dus. [*:f5dce75519] Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:f5dce75519]Update[/b:f5dce75519]! [*:f5dce75519] Start [b:f5dce75519]MBAM[/b:f5dce75519] en kies voor [b:f5dce75519]Snelle Scan[/b:f5dce75519] [*:f5dce75519] [b:f5dce75519]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:f5dce75519] [*:f5dce75519] Het scannen kan een tijdje duren, dus wees geduldig. [*:f5dce75519] Indien de scan voltooid is, klik dan op de knop [b:f5dce75519]OK[/b:f5dce75519] [*:f5dce75519] Klik daarna op de knop [b:f5dce75519]Bekijk Resultaten[/b:f5dce75519] om de resultaten te zien. [*:f5dce75519] Zorg ervoor, dat alles aangevinkt is. [*:f5dce75519] Vervolgens klik je op: [b:f5dce75519]Verwijder geselecteerde[/b:f5dce75519] . [*:f5dce75519] Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. [*:f5dce75519] Het log wordt automatisch bewaard door [b:f5dce75519]MBAM[/b:f5dce75519] en dat kan je terugvinden door op de tab [b:f5dce75519]Logs[/b:f5dce75519] te klikken in [b:f5dce75519]MBAM[/b:f5dce75519] . [*:f5dce75519] Indien [b:f5dce75519]MBAM[/b:f5dce75519] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:f5dce75519]OK[/b:f5dce75519] klikken! [*:f5dce75519] Daarna zal [b:f5dce75519]MBAM[/b:f5dce75519] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:f5dce75519] Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook. MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen. [b:f5dce75519]Hierna post je de inhoud van het MBAM-log[/b:f5dce75519] En doe ook dit: een test, om te kijken hoe je huidige veiligheidssituatie is. Download naar je bureaublad [url=http://screen317.spywareinfoforum.org/SecurityCheck.exe][b:f5dce75519][COLOR="Navy"]Security Check[/COLOR][/b:f5dce75519][/url]. [list:f5dce75519][*:f5dce75519] Klik/dubbelklik op [b:f5dce75519]SecurityCheck.exe[/b:f5dce75519] en let op de instrukties in het zwarte vesnter. [*:f5dce75519] Een Kladblok document genaamd [b:f5dce75519]checkup.txt[/b:f5dce75519] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad. [*:f5dce75519] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:f5dce75519] Post de inhoud van [b:f5dce75519]checkup.txt [/b:f5dce75519]in je volgende post.
  • Je kunt dan een verse install overwegen... Mem: http://support.dell.com/support/edocs/systems/ins2600/en/sm_en/palmrest.htm#998220 via http://arstechnica.com/civis/viewtopic.php?f=9&t=315287 Helaas: http://support.dell.com/support/edocs/systems/ins2600/en/sm_en/specs.htm#1119510 Maximum memory 512 MB
  • [quote:41d515110c="Abraham54"]...Wel heb je nog Avast 4 erinzitten, die kan je vervangen voor Avast 5!... ...Hierna post je de inhoud van het MBAM-log... ...Post de inhoud van [b:41d515110c]checkup.txt [/b:41d515110c]in je volgende post.[/quote:41d515110c] Ik had Avast 5 erop maar vind toch 4 beter lopen op mijn Notebook. Vooral het updaten duurt met 5 langer. Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 Internet Explorer 8 [b:41d515110c]`````````````````````````````` [u:41d515110c]Antivirus/Firewall Check:[/u:41d515110c][/b:41d515110c] Windows Firewall Enabled! avast! Antivirus avast! successfully updated! [b:41d515110c]``````````````````````````````` [u:41d515110c]Anti-malware/Other Utilities Check:[/u:41d515110c][/b:41d515110c] Malwarebytes' Anti-Malware CCleaner Adobe Flash Player 9 [color=red:41d515110c][b:41d515110c](Out of date Flash Player installed!)[/b:41d515110c][/color:41d515110c] Adobe Flash Player 10.1.82.76 [b:41d515110c]```````````````````````````````` Process Check: [u:41d515110c]objlist.exe by Laurent[/u:41d515110c][/b:41d515110c] Malwarebytes' Anti-Malware mbam.exe Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe Alwil Software Avast4 ashMaiSv.exe Alwil Software Avast4 ashWebSv.exe [b:41d515110c]```````````````````````````````` [u:41d515110c]DNS Vulnerability Check:[/u:41d515110c][/b:41d515110c] GREAT! (Not vulnerable to DNS cache poisoning) [b:41d515110c]``````````End of Log````````````[/b:41d515110c] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4503 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29-08-2010 22:52:47 mbam-log-2010-08-29 (22-52-47).txt Scan type: Quick scan Objects scanned: 143282 Time elapsed: 14 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Spyware Remover (Rogue.PALSpywareRemover) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Explorer (Worm.AutoRun) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\HOSTS (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
  • Hallo Jan, avast 4 wordt straks niet meer ondersteunt en de updates gaan gewoon automatisch met Avast 5 - dus wat is het probleem om dan niet beter beveiligd te zijn! In ieder geval heeft je Windows al een lelijke besmetting opgelopen! [url=http://www.bleepingcomputer.com/forums/topic114351.html][b:f05b1248b5]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:f05b1248b5] (klik)[/url] HJT.nl [b:f05b1248b5][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Laat Combofix jouw Windows scannen (klik)[/url][/b:f05b1248b5]. [b:f05b1248b5][url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden]Hoe Combofix goed te gebruiken (klik)[/url][/b:f05b1248b5] [list:f05b1248b5][*:f05b1248b5][b:f05b1248b5] Om Combofix te kunnen gebruiken geldt het volgende:[/b:f05b1248b5] [*:f05b1248b5] [color=#FF0000:f05b1248b5]Er mogen geen webbrowsers openstaan[/color:f05b1248b5] [*:f05b1248b5] [color=#FF0000:f05b1248b5]Antivirus moet geheel gedeaktiveerd zijn[/color:f05b1248b5] [*:f05b1248b5] [color=#FF0000:f05b1248b5]Actieve mal- en spywarescanners moeten gedeaktiveerd zijn[/color:f05b1248b5] [*:f05b1248b5] [color=#FF0000:f05b1248b5]Niet in het actieve Combofixvnster klikken – dit zal Combofix doen bevriezen![/color:f05b1248b5] [*:f05b1248b5] [color=#FF0000:f05b1248b5]ComboFix sluit de internet verbinding – probeer deze tussentijds niet te herstellen![/color:f05b1248b5] [*:f05b1248b5] [b:f05b1248b5]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:f05b1248b5] [url]http://www.bleepingcomputer.com/forums/topic114351.html[/url] [*:f05b1248b5] [b:f05b1248b5]Post aansluitend het Combofix log .[/b:f05b1248b5][/list:u:f05b1248b5] [b:f05b1248b5][color=#0000FF:f05b1248b5]Indien de Recovery Console niet geïnstalleerd is, dan wordt je gevraagd om dit alsnog te doen door op 'JA' te klikken in het "Query - Recovery Console" venster. Klik daarom op 'OK' en 'Ja' om automatisch de Recovery Console te laten installeren. Klik na afloop hiervan wederom op 'Ja', om het scannen op malware te starten.[/color:f05b1248b5][/b:f05b1248b5]
  • ComboFix 10-08-28.02 - j.pohlman 29-08-2010 23:41:27.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.251 [GMT 2:00] Running from: c:\temp\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100829-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WinPCap c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\Uninstall.exe C:\Thumbs.db c:\windows\system\mgx40.dll c:\windows\system\olepro32.dll c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\Thumbs.db c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_EXPLORER ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 ))))))))))))))))))))))))))))))) . 2010-08-29 21:31 . 2010-08-29 21:32 3830790 ----a-r- c:\temp\ComboFix.exe 2010-08-29 20:32 . 2010-08-29 20:32 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Malwarebytes 2010-08-29 20:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 20:32 . 2010-08-29 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-29 20:32 . 2010-08-29 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-29 20:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-27 21:33 . 2010-08-27 21:33 19657194 ----a-w- c:\temp\vlc-1.1.4-win32.exe 2010-08-25 21:22 . 2010-08-25 21:22 -------- d-----w- c:\program files\CCleaner 2010-08-16 18:35 . 2010-08-16 18:35 181760 ----a-w- c:\documents and settings\j.pohlman\Application Data\Google Talk\googletalk.exe 2010-08-16 18:35 . 2010-08-16 18:35 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Google Talk 2010-07-31 17:37 . 2010-07-31 17:37 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Registry Mechanic 2010-07-31 17:29 . 2010-07-31 17:29 -------- d-----w- c:\program files\Common Files\PC Tools 2010-07-31 17:29 . 2010-08-29 21:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-27 19:01 . 2009-02-05 21:58 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Tyre 2010-08-25 21:24 . 2005-11-28 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-08-14 16:46 . 2010-06-03 20:59 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Uniblue 2010-08-08 20:20 . 2007-03-15 15:22 -------- d-----w- c:\program files\Linksys 2010-08-03 22:31 . 2008-03-20 18:10 -------- d-----w- c:\program files\Windows Live 2010-07-25 11:28 . 2010-07-25 11:28 -------- d-----w- c:\program files\Alwil Software 2010-07-09 20:25 . 2009-05-13 19:52 -------- d-----w- c:\program files\Tyre 2010-07-09 20:25 . 2009-05-13 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Tyre 2010-07-09 20:19 . 2010-07-09 20:19 -------- d-----w- c:\program files\TomTom International B.V 2010-07-09 20:19 . 2010-07-09 20:19 -------- d-----w- c:\program files\TomTom HOME 2 2010-06-30 12:31 . 2002-08-29 05:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-02-06 16:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2002-08-29 05:00 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2002-08-29 05:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2002-08-29 05:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2002-08-29 05:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-14 07:41 . 2002-08-29 05:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-01 17:37 . 2010-07-20 21:42 221568 ------w- c:\windows\system32\MpSigStub.exe 2008-08-03 20:29 . 2008-08-03 20:29 56 --sh--r- c:\windows\SYSTEM32\4703A98161.sys 2008-02-24 12:55 . 2008-02-24 12:55 23 --sha-w- c:\windows\SYSTEM32\dfeefca9_d.dll 2005-01-24 20:17 . 2005-01-24 19:43 56 --sh--r- c:\windows\SYSTEM32\E4D2272018.sys 2008-08-03 21:35 . 2005-01-24 19:43 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CARPService"="carpserv.exe" [2003-01-23 4608] "DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2003-03-07 209800] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2004-01-08 37888] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512] "nwiz"="nwiz.exe" [2003-06-24 323584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-24 77914] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-5 24576] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0o\0c\0h\0k\0 \0* [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\Active WebCam\\WebCam.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CuteFTP Professional\\ftpte.exe"= "c:\\WINDOWS\\SYSTEM32\\mmc.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\BIN\\tcptest.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [11-02-2003 01:22 17792] R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [25-07-2010 13:29 114768] R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [25-07-2010 13:29 20560] R2 Av620an;Av620an;c:\windows\SYSTEM32\DRIVERS\av620an.sys [15-02-2003 10:35 109152] R2 Av620cn;Av620cn;c:\windows\SYSTEM32\DRIVERS\av620cn.sys [15-02-2003 10:35 108448] R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [29-08-2002 07:00 14336] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [31-07-2010 19:29 632792] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-08-2010 11:38 92008] R3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\SYSTEM32\DRIVERS\WPC54Gv3.SYS [30-11-2006 23:54 610816] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [30-06-2007 19:58 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [30-06-2007 19:58 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [30-06-2007 19:58 42112] S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . . ------- Supplementary Scan ------- . uStart Page = file:///C:/www.htm uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: snsbank.nl\www Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32\nzdd.dll DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\j.pohlman\Application Data\Mozilla\Firefox\Profiles\8q2z4azq.default\ FF - prefs.js: browser.startup.homepage - file:///C:/www.htm FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam AddRemove-Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-29 23:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2351571192-3568180317-2235136056-1007\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\3Com\DirectBindServices] @DACL=(02 0000) "TCAITDI"="1" [HKEY_LOCAL_MACHINE\software\3Com\EL90xbc] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\3Com\Update] @DACL=(02 0000) "BoomRemove"="No" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A54AE6D9-1146-03FB-2857897F111C6A4F}\{DD8CECF2-78C0-CF9A-49F4FAE856227A78}\{638B8461-7EC5-D2C3-C076811FCCFACE61}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,73,57, 9b,ef,cb,09,da,45,69,aa,38,97,2f,db,7b,76,bc,69,2f,28,02,5c,06,48,dc,c6,5f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E5B56989-7E86-F8AC-7EB388A31CBB2899}\{D3CA0722-C391-048A-9B4358C3D872E7A5}\{C970F755-AAA5-5192-B03A56D01EDD379B}*] "VQDLJNV3QLXY61YLJF5DZX66LB1"=hex:01,00,01,00,00,00,00,00,cd,4f,4e,68,e8,76,95, 78,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="FA4F476C57430DF6D1E797E0BDDB7949F1B65AC35D61293F2F9ED500A7BD925C44181C7555E2231140783569EE985676B6C99D97315C94A651B1134ABDCE6C1E2363AD031935982DCEADD03B7F02CBFA860C67A480785F984ECD6C8DF25BC2A217CBC9C6B2283D74A5B3871F35E68BE84C5A41EAE509B8AFF4A0FAA557D65D2E76EE3713C6711B72BDB86881E8DC78B3C814A7128D9F80E86B5C48900E75B9E76CF02D5F0C066918E871F9F409BA29FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E6675D575E7D6A3B98085D575E7D6A3B98080F5E3F3A14EBB0D6B6CE8F4E76DD365064D14E02D12F4211393C5430D21F5E2F5B5C6311623E6DC52F62E964A380778E1396DA6B7E1C0BC2356312BBB93FA9CD77ADCE54A40846D7DD7D360F515CD61493746BDB6287EEE9FE9AB7CCE02A71E461F33C732BFACA7F89E5BE8CE858C33018F6FCFA20A9DFD2D053111AC40D48DDFCA36AD26959CCE1DFB6550DF76C7264B5FE8F69FC52117E48D1EFCF022D83D313879B4B777CE35A71DF4C36AD27D9E9E53EA9B6E2637DA0E8ADAB8BDD61BE1BCC3D96A71150EBF8B1237BA160A8B8AB86BED0EA61D2E0A118559CE0BC15D738BBB526A9965504FCFA18BD5B07A58CC9D75A147EA7AA3D1FA00AA0572C47706352B819820CA00E5F8728F36441699A16804283DF0D8A586931DD1AE8580CEE0CE6DD42DC98D833CAF79381B24DCF6C9A097933F18C23B905DC3C6E859688FD53B6147754093B5C9B52EBCDAE924A4B91DF57BC0A413BAEA897610610DC798A8D609D93774C18BA66FD19C435985EC9E95588BBF1EF2ECA43BDDC4F5FC5AEC6C5678FF5CB77D2BFF0475455170C253A489F8DD1E87DE7DFF40E143C3E100BA93833D301C94065A3365E2EF39ABE4CB684D6B8A39F726D0A90A9C0C26B9F85EDD78E279BDA855AE16458089777A4141A287A31593CFE5323A018EE5B9B7AA89048A91DAE614553B8DD2D99BCDBD6528474E9759F597344CFE1C27E05F3CB9454E5171AAB3024042CB8B86D63E792F05A5DEB53A604467E7342F726401162FCBEBA4F590311E9B40240BD628D31B86DC408A96E24C011D3B6686BEC930131299A0BAD672C3E0242C6F25D2B443FCDD72E522F3FCF82922C082CB2300946CEF3F64B70A5A1E77C1B4803A14D92917C56C7CAEF9167352B00189A48A1AC58F7CBA3A4BB4CE2320D451BD7F7A588978E21853540842A36625E5BF30A4490A309B5B77597E171368C58960BAEE2B836F7869F09D90DDD57E0E90CAC3B724B8507C70F4FED46D4FEF58154EAFB053CC74BE792F159714B5FF458A66C025876D0962DC476102A970D6A80B3FA76E5AE98433A9D4E42CE3E081273EC916876AF4E84A53E66AF" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2228) c:\windows\system32\WININET.dll c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\carpserv.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2010-08-30 00:01:16 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-29 22:01 Pre-Run: 4.119.289.856 bytes free Post-Run: 3.978.182.656 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - D20E11C19771FE8905996275250B5AEC
  • Hallo Jan, ik begrijp dat het al een bijna antiek notebook is, wat je gebruikt. Toch wil ik er bij je op aandringen om Avast 5 te nemen. En er is werk aan je Windows! Open een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok), kopieer en plak het volgende (vetgedrukte, blauwe tekst) in ht lege kladblokvenstervenster [color=blue:fa5ce9828c][b:fa5ce9828c]File:: c:\temp\vlc-1.1.4-win32.exe c:\windows\SYSTEM32\4703A98161.sys c:\windows\SYSTEM32\dfeefca9_d.dll c:\windows\SYSTEM32\E4D2272018.sys[/b:fa5ce9828c][/color:fa5ce9828c] Sla dit kladblokbestand op je bureaublad op als [b:fa5ce9828c]CFScript.txt[/b:fa5ce9828c]. [b:fa5ce9828c][color=Red:fa5ce9828c]Nu eerst de antivirus deaktiveren![/color:fa5ce9828c][/b:fa5ce9828c] Sleep CFScript.txt in ComboFix.exe [img:fa5ce9828c]http://home.kpn.nl/~stefsmeenk/CFScript.gif[/img:fa5ce9828c] Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt. Post het Combofix log dat na het opnieuw starten wordt getoond!
  • Bedankt voor de support tot zover ! Vanavond thuis weer verder ;-) Ik zal in ieder geval Avast 5 weer opnieuw gaan installeren
  • ComboFix 10-08-29.04 - j.pohlman 30-08-2010 19:20:51.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.375 [GMT 2:00] Running from: c:\documents and settings\j.pohlman\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\j.pohlman\Desktop\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100829-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\temp\vlc-1.1.4-win32.exe" "c:\windows\SYSTEM32\4703A98161.sys" "c:\windows\SYSTEM32\dfeefca9_d.dll" "c:\windows\SYSTEM32\E4D2272018.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\temp\vlc-1.1.4-win32.exe c:\windows\SYSTEM32\4703A98161.sys c:\windows\SYSTEM32\dfeefca9_d.dll c:\windows\SYSTEM32\E4D2272018.sys . ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))) . 2010-08-29 21:31 . 2010-08-29 21:32 3830790 ----a-r- c:\temp\ComboFix.exe 2010-08-29 20:32 . 2010-08-29 20:32 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Malwarebytes 2010-08-29 20:32 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 20:32 . 2010-08-29 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-29 20:32 . 2010-08-29 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-29 20:32 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-25 21:22 . 2010-08-25 21:22 -------- d-----w- c:\program files\CCleaner 2010-08-16 18:35 . 2010-08-16 18:35 181760 ----a-w- c:\documents and settings\j.pohlman\Application Data\Google Talk\googletalk.exe 2010-08-16 18:35 . 2010-08-16 18:35 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Google Talk 2010-07-31 17:37 . 2010-07-31 17:37 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Registry Mechanic 2010-07-31 17:29 . 2010-07-31 17:29 -------- d-----w- c:\program files\Common Files\PC Tools 2010-07-31 17:29 . 2010-08-29 22:20 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-27 19:01 . 2009-02-05 21:58 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Tyre 2010-08-25 21:24 . 2005-11-28 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-08-14 16:46 . 2010-06-03 20:59 -------- d-----w- c:\documents and settings\j.pohlman\Application Data\Uniblue 2010-08-08 20:20 . 2007-03-15 15:22 -------- d-----w- c:\program files\Linksys 2010-08-03 22:31 . 2008-03-20 18:10 -------- d-----w- c:\program files\Windows Live 2010-07-25 11:28 . 2010-07-25 11:28 -------- d-----w- c:\program files\Alwil Software 2010-07-09 20:25 . 2009-05-13 19:52 -------- d-----w- c:\program files\Tyre 2010-07-09 20:25 . 2009-05-13 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Tyre 2010-07-09 20:19 . 2010-07-09 20:19 -------- d-----w- c:\program files\TomTom International B.V 2010-07-09 20:19 . 2010-07-09 20:19 -------- d-----w- c:\program files\TomTom HOME 2 2010-06-30 12:31 . 2002-08-29 05:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-02-06 16:05 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2002-08-29 05:00 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2002-08-29 05:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2002-08-29 05:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2002-08-29 05:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe 2010-06-14 07:41 . 2002-08-29 05:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-01 17:37 . 2010-07-20 21:42 221568 ------w- c:\windows\system32\MpSigStub.exe 2008-08-03 21:35 . 2005-01-24 19:43 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CARPService"="carpserv.exe" [2003-01-23 4608] "DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2003-03-07 209800] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2004-01-08 37888] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512] "nwiz"="nwiz.exe" [2003-06-24 323584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-24 77914] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-5 24576] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0o\0c\0h\0k\0 \0* [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\Active WebCam\\WebCam.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\CuteFTP Professional\\ftpte.exe"= "c:\\WINDOWS\\SYSTEM32\\mmc.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\BIN\\tcptest.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) "5900:TCP"= 5900:TCP:vnc5900 "5800:TCP"= 5800:TCP:vnc5800 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [11-02-2003 01:22 17792] R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [25-07-2010 13:29 114768] R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [25-07-2010 13:29 20560] R2 Av620an;Av620an;c:\windows\SYSTEM32\DRIVERS\av620an.sys [15-02-2003 10:35 109152] R2 Av620cn;Av620cn;c:\windows\SYSTEM32\DRIVERS\av620cn.sys [15-02-2003 10:35 108448] R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [29-08-2002 07:00 14336] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [31-07-2010 19:29 632792] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-08-2010 11:38 92008] R3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\SYSTEM32\DRIVERS\WPC54Gv3.SYS [30-11-2006 23:54 610816] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [30-06-2007 19:58 17920] S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [30-06-2007 19:58 7680] S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [30-06-2007 19:58 42112] S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . . ------- Supplementary Scan ------- . uStart Page = file:///C:/www.htm uInternet Connection Wizard,ShellNext = iexplore Trusted Zone: snsbank.nl\www Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32\nzdd.dll DPF: DirectAnimation Java Classes DPF: Microsoft XML Parser for Java FF - ProfilePath - c:\documents and settings\j.pohlman\Application Data\Mozilla\Firefox\Profiles\8q2z4azq.default\ FF - prefs.js: browser.startup.homepage - file:///C:/www.htm FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-30 19:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2351571192-3568180317-2235136056-1007\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\3Com\DirectBindServices] @DACL=(02 0000) "TCAITDI"="1" [HKEY_LOCAL_MACHINE\software\3Com\EL90xbc] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\3Com\Update] @DACL=(02 0000) "BoomRemove"="No" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A54AE6D9-1146-03FB-2857897F111C6A4F}\{DD8CECF2-78C0-CF9A-49F4FAE856227A78}\{638B8461-7EC5-D2C3-C076811FCCFACE61}*] "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,73,57, 9b,ef,cb,09,da,45,69,aa,38,97,2f,db,7b,76,bc,69,2f,28,02,5c,06,48,dc,c6,5f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E5B56989-7E86-F8AC-7EB388A31CBB2899}\{D3CA0722-C391-048A-9B4358C3D872E7A5}\{C970F755-AAA5-5192-B03A56D01EDD379B}*] "VQDLJNV3QLXY61YLJF5DZX66LB1"=hex:01,00,01,00,00,00,00,00,cd,4f,4e,68,e8,76,95, 78,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG08.00.00.01WORKSTATION"="FA4F476C57430DF6D1E797E0BDDB7949F1B65AC35D61293F2F9ED500A7BD925C44181C7555E2231140783569EE985676B6C99D97315C94A651B1134ABDCE6C1E2363AD031935982DCEADD03B7F02CBFA860C67A480785F984ECD6C8DF25BC2A217CBC9C6B2283D74A5B3871F35E68BE84C5A41EAE509B8AFF4A0FAA557D65D2E76EE3713C6711B72BDB86881E8DC78B3C814A7128D9F80E86B5C48900E75B9E76CF02D5F0C066918E871F9F409BA29FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E6675D575E7D6A3B98085D575E7D6A3B98080F5E3F3A14EBB0D6B6CE8F4E76DD365064D14E02D12F4211393C5430D21F5E2F5B5C6311623E6DC52F62E964A380778E1396DA6B7E1C0BC2356312BBB93FA9CD77ADCE54A40846D7DD7D360F515CD61493746BDB6287EEE9FE9AB7CCE02A71E461F33C732BFACA7F89E5BE8CE858C33018F6FCFA20A9DFD2D053111AC40D48DDFCA36AD26959CCE1DFB6550DF76C7264B5FE8F69FC52117E48D1EFCF022D83D313879B4B777CE35A71DF4C36AD27D9E9E53EA9B6E2637DA0E8ADAB8BDD61BE1BCC3D96A71150EBF8B1237BA160A8B8AB86BED0EA61D2E0A118559CE0BC15D738BBB526A9965504FCFA18BD5B07A58CC9D75A147EA7AA3D1FA00AA0572C47706352B819820CA00E5F8728F36441699A16804283DF0D8A586931DD1AE8580CEE0CE6DD42DC98D833CAF79381B24DCF6C9A097933F18C23B905DC3C6E859688FD53B6147754093B5C9B52EBCDAE924A4B91DF57BC0A413BAEA897610610DC798A8D609D93774C18BA66FD19C435985EC9E95588BBF1EF2ECA43BDDC4F5FC5AEC6C5678FF5CB77D2BFF0475455170C253A489F8DD1E87DE7DFF40E143C3E100BA93833D301C94065A3365E2EF39ABE4CB684D6B8A39F726D0A90A9C0C26B9F85EDD78E279BDA855AE16458089777A4141A287A31593CFE5323A018EE5B9B7AA89048A91DAE614553B8DD2D99BCDBD6528474E9759F597344CFE1C27E05F3CB9454E5171AAB3024042CB8B86D63E792F05A5DEB53A604467E7342F726401162FCBEBA4F590311E9B40240BD628D31B86DC408A96E24C011D3B6686BEC930131299A0BAD672C3E0242C6F25D2B443FCDD72E522F3FCF82922C082CB2300946CEF3F64B70A5A1E77C1B4803A14D92917C56C7CAEF9167352B00189A48A1AC58F7CBA3A4BB4CE2320D451BD7F7A588978E21853540842A36625E5BF30A4490A309B5B77597E171368C58960BAEE2B836F7869F09D90DDD57E0E90CAC3B724B8507C70F4FED46D4FEF58154EAFB053CC74BE792F159714B5FF458A66C025876D0962DC476102A970D6A80B3FA76E5AE98433A9D4E42CE3E081273EC916876AF4E84A53E66AF" . Completion time: 2010-08-30 19:31:22 ComboFix-quarantined-files.txt 2010-08-30 17:31 Pre-Run: 3.962.843.136 bytes free Post-Run: 3.943.825.408 bytes free - - End Of File - - C5834C4216DA077E9B9EB1A51EFC15AE
  • Hallo Jan, dat is perfekt gegaan. Je mag ComboFix verwijderen, [list:acba4fdf49][*:acba4fdf49] ga daarvoor naar Start - Uitvoeren [*:acba4fdf49] kopieer en plak hierin het volgende: [b:acba4fdf49]Combofix /Uninstall[/b:acba4fdf49] [*:acba4fdf49] klik daarna op [b:acba4fdf49]OK[/b:acba4fdf49]. [*:acba4fdf49] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:acba4fdf49] Voorbeeld: [img:acba4fdf49]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:acba4fdf49] Hoe draait jouw Windows nu?
  • Nogmaals bedankt voor je support en advies ! Inmiddels ook weer Avast 5 geinstalleerd. Het opstarten lijkt sneller te gaan en ook het memory verbruik is dan een stuk minder. Ik zal het in ieder geval in de gaten houden. Toch nog twee vragen: Wat was nu exact het probleem dat, naar ik aanneem, met Combofix verholpen is? Wat kun je aanraden om behalve CCleaner - Registry Manager - Spybot ook (periodiek) nog te runnen?
  • Hoi Jan, het is heel simpel - er heeft een zogenaamde rogue-scanner in jouw Windows gezeten, die nog het een en ander nagedownload had, maar schijnbaar om onduidelijke reden geen echte plaag voor je geworden is. Maar dat kan komen door een slechte programmering ervan! Dat het geheugengebruik minder is geworden, komt omdat er geen spy- en malware op de achtergrond meelopen! Je houdt MBAM als ondersteuning van Avast. Spybot stelt niks meer voor, mag je de-installeren! Die registry-manager heb je ook niet nodig! Want Windows XP laad alleen die DLL's die noodzakelijk zijn! En Ccleaner kan je het register ook nakijken!
  • OK, duidelijk. Ik zal Spybot verwijderen. Oh ja, klein foutje: ik had het over Registry Manager maar dat moet zijn PCTools Registry Mechanic. Verwijderen?
  • Ja hoor, verwijder maar!
  • Eh..., Combofix heeft toch iets teveel verwijdert: MGX40.dll Deze dll is nodig voor Micrografx Windows Draw (oud tekenprogramma) Staat dit nog ergens op de XP CD-Rom? (lijkt van Microsoft te zijn) Je kunt deze dll, voor zover ik via Google kon checken, alleen betaald downloaden? :cry:
  • Met alle respekt hoor, maar dat is wel een programma van elf tot twaalf jaar of langer geleden! Micrografx sold Windows Draw to Sierra in 1999. http://www.filewatcher.com/b/ftp/ftp.sierra.com/pub/patches/pc.0.0.html wdrawdll.exe contains a newer version of MGX40.DLL, for Windows Draw 4, 5 and 6

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.