Vraag & Antwoord
Traag opstarten
20 antwoorden
- Nee dat valt wel mee, combofix duurt maximaal 20 minuen dus dat kan wel
- Bij deze de log die gemaakt is door Combofix:
ComboFix 09-01-21.02 - Mijzelf 2009-01-23 19:31:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.767.460 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\MW
c:\program files\MW\TGATool2\TGATool2A.exe
c:\program files\MW\TGATool2\unins000.dat
c:\program files\MW\TGATool2\unins000.exe
c:\windows\system\msvbvm60.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-23 to 2009-01-23 ))))))))))))))))))))))))))))))
.
2009-01-22 16:33 . 2009-01-22 21:12 <DIR> dr-h—– c:\documents and settings\Mijzelf\Onlangs geopend
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 18:39 ——— d—–w c:\program files\Conbuilder
2009-01-22 15:26 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Apple Computer
2009-01-21 20:05 ——— d—–w c:\program files\Mozilla Thunderbird
2009-01-11 12:37 ——— d—–w c:\program files\Route_Riter
2009-01-04 15:30 ——— d—–w c:\program files\SlimBrowser
2008-12-20 08:53 ——— d—–w c:\program files\Java
2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
2008-11-10 04:43 410,984 —-a-w c:\windows\system32\deploytk.dll
2008-10-23 13:02 283,648 —-a-w c:\windows\system32\gdi32.dll
2008-10-12 09:18 41,791 —-a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin
2005-09-27 11:22 313,283 -c–a-w c:\program files\cwshredder.zip
2004-10-20 09:42 328,488 -c–a-w c:\program files\CWSInstall.exe
2004-04-14 15:38 186,368 -c–a-w c:\program files\LSPFix.exe
2004-04-13 17:23 3,662,787 -c–a-w c:\program files\spybotsd12.exe
2005-09-03 08:20 56 –sh–r c:\windows\system32\11C6C02442.sys
2008-06-21 16:54 15,646 –sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 35328]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280]
S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys –> c:\program files\Foxie Suite\firewall.sys [?]
S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104]
.
Inhoud van de 'Gedeelde Taken' map
2007-07-14 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: Alle links in deze pagina openen…
IE: Backward &Links
IE: Blokkeer alle plaatjes afkomstig van dezelfde server
IE: Cac&hed Snapshot of Page
IE: Markeren
IE: Si&milar Pages
IE: Toevoegen aan Reclame Black List
IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Zoeken
Trusted Zone: europeesche.nl\eol
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 19:35:03
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-01-23 19:42:14
ComboFix-quarantined-files.txt 2009-01-23 18:41:48
ComboFix2.txt 2007-01-21 17:24:43
Pre-Run: 616,185,856 bytes beschikbaar
Post-Run: 605,198,848 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
151 — E O F — 2009-01-14 16:17:54 - Bedankt voor je reactie. Het eerste gedeelte heb ik uitgevoerd. Over het tweede gedeelte (Combofix) had ik een vraagje: Ik krijg de melding dat de antivirusscan en firewall uitgeschakeld dienen te worden. Is dat juist?
- Ja, dat klopt volledig.
- [quote:f7ccb06277="Othuroyo"]Ja, dat klopt volledig.[/quote:f7ccb06277]
Is dat niet erg risicovol? Of moet ik zorgen dat ik dan geen verbinding heb met het internet? - Zou iemand onderstaand log eens willen beoordelen? Het opstarten en afsluiten van m'n pc, het installeren van de McAfee updates duurt ontzettend lang. Als er na het opstarten een update is voor McAfee kan ik gerust de eerste 20 minuten wat anders gaan doen. Via McAfee heb ik al wel een zeer omslachtige herinstallatiemethode ontvangen, maar ik zou vooraf hier even willen vragen of iemand iets bijzonders in de log ziet.
In de log staat 3 maal svchost.exe vermeld, hoewel ik dat programma in Taakbeheer 7 maal tegenkom. 'k Weet niet of dat ook nog van belang is.
Alvast bedankt voor de moeite.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:39, on 21-1-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\2xExplorer\2xExplorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar2.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,95/mcinsctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 7870 bytes - Eigenlijk zie ik weinig interessants in je log, maar als je zekerheid wilt:
Start hijackthis en kies voor 'do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:d0f8c325e7]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =[/b:d0f8c325e7]
Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.
Download combofix.exe van deze site: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix klaar is, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje. - Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand. - Hierbij het nieuwe log van Combofix:
ComboFix 09-01-21.02 - Mijzelf 2009-01-24 22:09:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.767.456 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Mijzelf\Bureaublad\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
FILE ::
c:\windows\system32\11C6C02442.sys
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\11C6C02442.sys
.
(((((((((((((((((((( Bestanden Gemaakt van 2008-12-24 to 2009-01-24 ))))))))))))))))))))))))))))))
.
2009-01-24 16:06 . 2003-12-17 09:50 19,968 ——— c:\windows\LOGI_MWX.EXE
2009-01-24 14:19 . 2009-01-24 14:19 <DIR> d——– c:\program files\MUSICMATCH
2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\windows\Java
2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\program files\PC Wizard 2008
2009-01-23 22:48 . 2007-09-15 15:11 27,136 –a—— c:\windows\system32\PCWizard.cpl
2009-01-22 16:33 . 2009-01-24 22:02 <DIR> dr-h—– c:\documents and settings\Mijzelf\Onlangs geopend
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 11:50 ——— d—–w c:\program files\Conbuilder
2009-01-22 15:26 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Apple Computer
2009-01-21 20:05 ——— d—–w c:\program files\Mozilla Thunderbird
2009-01-11 12:37 ——— d—–w c:\program files\Route_Riter
2009-01-04 15:30 ——— d—–w c:\program files\SlimBrowser
2008-12-20 08:53 ——— d—–w c:\program files\Java
2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
2008-11-10 04:43 410,984 —-a-w c:\windows\system32\deploytk.dll
2008-10-12 09:18 41,791 —-a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin
2005-09-27 11:22 313,283 -c–a-w c:\program files\cwshredder.zip
2004-10-20 09:42 328,488 -c–a-w c:\program files\CWSInstall.exe
2004-04-14 15:38 186,368 -c–a-w c:\program files\LSPFix.exe
2004-04-13 17:23 3,662,787 -c–a-w c:\program files\spybotsd12.exe
2008-06-21 16:54 15,646 –sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2009-01-23_19.37.04.67 )))))))))))))))))))))))))))))))))))))))))
.
- 1998-10-29 14:45:06 306,688 —-a-w c:\windows\IsUninst.exe
+ 1998-10-29 15:45:06 306,688 —-a-w c:\windows\IsUninst.exe
+ 2001-03-02 19:52:40 15,360 —-a-w c:\windows\system32\asfsipc.dll
- 2001-09-19 07:41:00 164,352 —-a-w c:\windows\system32\COMNCTR.DLL
+ 2004-01-08 08:50:00 104,960 —-a-w c:\windows\system32\COMNCTR.DLL
- 2009-01-23 17:45:39 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-23 17:45:39 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2004-08-04 08:53:36 23,552 -c–a-w c:\windows\system32\dllcache\mouclass.sys
- 2001-09-06 17:04:40 12,288 -c–a-w c:\windows\system32\dllcache\mouhid.sys
+ 2001-09-06 18:04:40 12,288 -c–a-w c:\windows\system32\dllcache\mouhid.sys
- 2001-09-19 09:41:00 50,432 —-a-w c:\windows\system32\drivers\L8042Pr2.sys
+ 2003-12-17 08:50:00 51,729 ——w c:\windows\system32\drivers\L8042PR2.SYS
- 2004-03-03 07:50:00 14,095 —-a-w c:\windows\system32\drivers\LCcfltr.sys
+ 2003-12-17 08:50:00 14,095 —-a-w c:\windows\system32\drivers\LCcfltr.sys
- 2001-09-19 09:41:00 22,064 ——w c:\windows\system32\drivers\LHIDFLT2.SYS
+ 2003-12-17 08:50:00 25,505 —-a-w c:\windows\system32\drivers\LHidFlt2.Sys
- 2004-03-03 07:50:00 37,887 —-a-w c:\windows\system32\drivers\LHidUsb.sys
+ 2003-12-17 08:50:00 37,887 —-a-w c:\windows\system32\drivers\LHidUsb.sys
- 2001-09-19 09:41:00 67,440 —-a-w c:\windows\system32\drivers\LMouFlt2.sys
+ 2003-12-17 08:50:00 70,801 —-a-w c:\windows\system32\drivers\LMouFlt2.Sys
- 2004-08-04 07:53:36 23,552 —-a-w c:\windows\system32\drivers\mouclass.sys
+ 2004-08-04 08:53:36 23,552 —-a-w c:\windows\system32\drivers\mouclass.sys
- 2001-09-06 17:04:40 12,288 —-a-w c:\windows\system32\drivers\mouhid.sys
+ 2001-09-06 18:04:40 12,288 —-a-w c:\windows\system32\drivers\mouhid.sys
- 2001-09-19 07:41:00 155,648 —-a-w c:\windows\system32\ifc21.dll
+ 2002-11-21 08:50:00 155,648 —-a-w c:\windows\system32\ifc21.dll
- 2001-09-19 09:41:00 19,182 —-a-w c:\windows\system32\LCoInst.dll
+ 2003-12-17 08:50:00 23,375 ——w c:\windows\system32\LCOINST.DLL
- 2001-09-19 07:41:00 109,056 —-a-w c:\windows\system32\LGUICOM.DLL
+ 2004-01-08 08:50:00 97,792 —-a-w c:\windows\system32\LGUICOM.DLL
- 2001-09-19 09:41:00 140,800 ——w c:\windows\system32\lmoufrc.dll
+ 2003-12-17 08:50:00 152,064 ——w c:\windows\system32\lmoufrc.dll
- 2001-09-19 07:41:00 3,792 —-a-w c:\windows\system32\LMOUSE16.DLL
+ 2004-01-08 08:50:00 3,568 —-a-w c:\windows\system32\LMOUSE16.DLL
- 2001-09-19 07:41:00 17,408 —-a-w c:\windows\system32\LMOUSE32.DLL
+ 2004-01-08 08:50:00 16,896 —-a-w c:\windows\system32\LMOUSE32.DLL
+ 2002-11-08 09:50:00 14,156 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]007\DriverFiles\LCcfltr.sys
+ 2003-12-17 08:50:00 37,887 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]007\DriverFiles\LHidUsb.sys
+ 2003-12-17 08:50:00 37,887 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]017\DriverFiles\LHidUsb.sys
+ 2004-08-04 08:53:36 23,552 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]018\DriverFiles\i386\mouclass.sys
+ 2001-09-06 18:04:40 12,288 —-a-w c:\windows\system32\ReinstallBackups\[u:59f50be671]0[/u:59f50be671]018\DriverFiles\i386\mouhid.sys
- 2008-05-04 10:26:16 358,436 -c–a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-01-24 14:42:26 1,191,544 -c–a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-01-24 19:32:47 16,384 —-atw c:\windows\temp\Perflib_Perfdata_7e0.dat
.
– Snapshot teruggezet naar huidige datum –
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280]
S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys –> c:\program files\Foxie Suite\firewall.sys [?]
S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104]
.
Inhoud van de 'Gedeelde Taken' map
2007-07-14 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: Alle links in deze pagina openen…
IE: Backward &Links
IE: Blokkeer alle plaatjes afkomstig van dezelfde server
IE: Cac&hed Snapshot of Page
IE: Markeren
IE: Si&milar Pages
IE: Toevoegen aan Reclame Black List
IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Zoeken
Trusted Zone: europeesche.nl\eol
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 22:13:46
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-01-24 22:21:02
ComboFix-quarantined-files.txt 2009-01-24 21:20:56
ComboFix2.txt 2009-01-23 18:42:16
ComboFix3.txt 2007-01-21 17:24:43
Pre-Run: 684,228,608 bytes beschikbaar
Post-Run: 693,502,464 bytes beschikbaar
197 — E O F — 2009-01-14 16:17:54 - Open een kladblokbestand.
Kopieer de onderstaande code, en plak deze in het kladblokbestand. - Hieronder weer een Combofix log. De problemen zijn nog steeds hetzelfde. Bijvoorbeeld de pc opnieuw opstarten; dat duurt ongeveer een kwartier voordat de pc opnieuw is opgestart, voordat McAfee actief is en voordat de Opera browser een venster heeft geopend.
Waar zijn we nu naar op zoek door middel van Combofix?
Hier dus de log ( en alvast hartelijk bedankt voor de tijd en de moeite die hier in gaat zitten. Zo te zien ben ik niet de enige dus dat kost jou nogal wat tijd, lijkt me. )
ComboFix 09-01-21.02 - Mijzelf 2009-01-25 12:44:13.3 - NTFSx86
Running from: c:\documents and settings\Mijzelf\Bureaublad\ComboFix.exe
Command switches used :: c:\documents and settings\Mijzelf\Bureaublad\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
FILE ::
c:\windows\temp\Perflib_Perfdata_7e0.dat
.
((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.
2009-01-25 12:37 . 2009-01-25 12:38 <DIR> d——– C:\32788R22FWJFW
2009-01-24 16:06 . 2003-12-17 09:50 19,968 ——— c:\windows\LOGI_MWX.EXE
2009-01-24 14:19 . 2009-01-24 14:19 <DIR> d——– c:\program files\MUSICMATCH
2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\windows\Java
2009-01-23 22:48 . 2009-01-23 22:48 <DIR> d——– c:\program files\PC Wizard 2008
2009-01-23 22:48 . 2007-09-15 15:11 27,136 –a—— c:\windows\system32\PCWizard.cpl
2009-01-22 16:33 . 2009-01-25 12:36 <DIR> dr-h—– c:\documents and settings\Mijzelf\Onlangs geopend
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 23:28 ——— d—–w c:\program files\Conbuilder
2009-01-22 15:26 ——— d—–w c:\documents and settings\Mijzelf\Application Data\Apple Computer
2009-01-21 20:05 ——— d—–w c:\program files\Mozilla Thunderbird
2009-01-11 12:37 ——— d—–w c:\program files\Route_Riter
2009-01-04 15:30 ——— d—–w c:\program files\SlimBrowser
2008-12-20 08:53 ——— d—–w c:\program files\Java
2008-12-11 11:57 333,184 —-a-w c:\windows\system32\drivers\srv.sys
2008-11-10 04:43 410,984 —-a-w c:\windows\system32\deploytk.dll
2008-10-12 09:18 41,791 —-a-w c:\documents and settings\Mijzelf\Application Data\mdb.bin
2005-09-27 11:22 313,283 -c–a-w c:\program files\cwshredder.zip
2004-10-20 09:42 328,488 -c–a-w c:\program files\CWSInstall.exe
2004-04-14 15:38 186,368 -c–a-w c:\program files\LSPFix.exe
2004-04-13 17:23 3,662,787 -c–a-w c:\program files\spybotsd12.exe
2008-06-21 16:54 15,646 –sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot_2009-01-24_22.15.30.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-25 09:29:41 32,768 -c–a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-24 19:40:03 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2009-01-25 09:29:41 32,768 -c–a-w c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2009-01-25 09:08:22 16,384 —-atw c:\windows\temp\Perflib_Perfdata_7ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-03-23 1111040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-26 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-06-16 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-03-07 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-03 156160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^InterVideo WinCinema Manager.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^iPodder.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Mijzelf^Menu Start^Programma's^Opstarten^Ubisoft register.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2003-10-03 14095]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-09-10 203280]
S3 firewall;firewall;\??\c:\program files\Foxie Suite\firewall.sys –> c:\program files\Foxie Suite\firewall.sys [?]
S3 ParadigmVScanner;USB Scanner Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2003-10-06 15104]
.
Contents of the 'Scheduled Tasks' folder
2007-07-14 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
.
——- Supplementary Scan ——-
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search
IE: Alle links in deze pagina openen…
IE: Backward &Links
IE: Blokkeer alle plaatjes afkomstig van dezelfde server
IE: Cac&hed Snapshot of Page
IE: Markeren
IE: Si&milar Pages
IE: Toevoegen aan Reclame Black List
IE: Verzenden naar &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Zoeken
Trusted Zone: europeesche.nl\eol
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://digifoto.verschurenfotovideo.nl/Verschuren/UserControls/Part/Upload/ImageUploader5.cab
FF - ProfilePath - c:\documents and settings\Mijzelf\Application Data\Mozilla\Firefox\Profiles\default.xhe\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.railsim.nl/forum/index.php
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 12:49:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-25 12:57:25
ComboFix-quarantined-files.txt 2009-01-25 11:57:07
ComboFix2.txt 2009-01-24 21:21:04
ComboFix3.txt 2009-01-23 18:42:16
ComboFix4.txt 2007-01-21 17:24:43
Pre-Run: 503.824.384 bytes beschikbaar
Post-Run: 492,142,080 bytes beschikbaar
151 — E O F — 2009-01-14 16:17:54 - Hoe staat het met de problemen?
- [quote:0e6e410cab="Othuroyo"]Hoe staat het met de problemen?[/quote:0e6e410cab]
Nog nauwelijks verbetering, eerlijk gezegd. De problemen zijn nog steeds hetzelfde. Bijvoorbeeld de pc opnieuw opstarten; dat duurt ongeveer een kwartier voordat de pc opnieuw is opgestart, voordat McAfee actief is en voordat de Opera browser een venster heeft geopend. - Wat zijn jouw systeem specificaties en sinds wanneer heb je jouw pc voor het laatst geformatteerd?
Ik zie namelijk geen sporen van malware meer dus daar zal het niet aan liggen. - [quote:8acc9cea06="Othuroyo"]Wat zijn jouw systeem specificaties en sinds wanneer heb je jouw pc voor het laatst geformatteerd?
Ik zie namelijk geen sporen van malware meer dus daar zal het niet aan liggen.[/quote:8acc9cea06]
Pentium IV 1.7 Ghz, 768 RAM, Nvidia GFX 5600, XP geïnstalleerd op C partitie van 10 GB waarvan 1,2 vrije ruimte (misschien wat weinig), geformatteerd heb ik met XP nog nooit gedaan, gedefragmenteerd is al wel een poos geleden.
'k Zou misschien toch de omslachtige herinstallatie van McAfee eens moeten uitvoeren. - Jij hebt echt zéér en zéér slechte specificaties.
Jouw specificaties zijn geloof ik ook niet genoeg voor xp. - XP draaide tot voor kort probleemloos op dit systeem. 't Is pas sinds een week of vier dat alles een slag langzamer ging. Ik rijd veel met treintjes en die zullen ook wel gedetailleerder worden waardoor de sim slechter gaat draaien. M'n RAM uitbreiden naar 3 x 512, heeft dat zin bij dit systeem?
In ieder geval bedankt voor je tijd en de moeite die je er in hebt gestoken. Al wel een opluchting dat m'n systeem, malware-vrij is.
- Onthoud wel dat je met alleen geheugen weinig opschiet.
Jouw processor is ook aan de slechte kant, evenals jouw harde schijf.
Voor spellen is ook jouw videokaart te slecht. - OK, bedankt. Binnenkort maar eens op zoek gaan naar een nieuw systeem, lijkt me???
- Ja lijkt me verstandiger.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.