Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Traag opstarten Notebook

None
21 antwoorden
  • Pentium 4 - CPU 1.8GHZ - 512MB Ram (meer past er niet in)
    Windows XP SP3
    Virtual memory ingesteld op 768MB
    Avast virus scanner
    Draai regelmatig CCleaner - Registry Manager - Spybot - Defrag - MS updates

    Task manager:
    Normaal gebruik in rust: memory zo'n 375MB - CPU paar %
    Memory gebruikt tijdens opstart echter zo'n 850MB (loopt naar maximaal) terwijl CPU gebruik laag blijft
    Helemaal opstarten kan zo'n 15 minuten of meer in beslag nemen, hierna zakt memory gebruik weer qua verbruik
    Wat is er aan de hand/niet goed?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:50:10, on 29-08-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/www.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - https://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1269559478163
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chello.nl
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = chello.nl
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chello.nl
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

  • Deze log lijkt mij schoon op het 1e gezicht, Abraham54 weet er veel meer van.
    Mem: max 512 MB? in een Pentium 4?

    Kijk eens op de website welk type geheugen ondersteund wordt.
    Als de laptop het verder nog waard is dan kan er vaak 1 of 2 GB in En dat scheelt enorm in de snelheid (in mijn Asus L3800 ko max 1 GB dus eff checken voor dit laptoppie). Welke overigens?
  • De TS bedoelt waarschijnlijk dat alle geheugen sloten van zijn P4 laptop vol zitten. Voor XP SP3 vind ik 512 MB niet te weinig. XP werd toch uitgebracht in 2001. In die tijd was 512 MB werkgeheugen normaal. (Ikzelf heb met mijn oude AthlonXP 1700+ en dual Pentium3 PC's jaren lang gedraaid met 512 MB werkgeheugen. Met daarop Windows XP.)

    Het langzame opstarten zou de TS kunnen proberen te analyseren via applicatie BootVis.
  • Als ik het zo bekijken kan moet je even aan de slag, je wisselgeheugen instellen op min 1024MB aangezien je krap in geheugen zit.
    Verder zou ik eens kijken wat allemaal opstart, probeer hier je winst te behalen, ik zie nogal wat van adobe starten wat niet nodig is.
    Als je met een installatie kan starten die maar een minimum aan processen start dan zul je zeker snelheid winnen.
    Kijk ook eens naar het aantal herstelpunten wat er nog staat, die kunnen heel veel ruimte innemen en dus plaats in je systeem.
    Office hoeft niet op te starten, uitschakelen dus!
    Van Dell zie ik ook heel wat opstarten, ook uitschakelen!
    Logitech desktop messenger, uitschakel of op handmatig.
    Meer weten wat je wel en niet uit kan schakelen?
    http://www.schoonepc.nl/optim/bootvis.html
    En kijk ook eens hier:
    http://www.blackviper.com/WinXP/servicecfg.htm
    Algemeen gezegd start er heel veel op en dat kan deze laptop niet aan denk ik, ga dus tweaken en kijk op schoonePC hoe je dat kan doen en bij black viper kun je heel veel services beter afstellen waar je veel winst kan halen.
    Sterkte er mee en laat eens horen wat het resultaat is.
  • [quote:03487a792d="andre@home"]…Mem: max 512 MB? in een Pentium 4?…. Welke overigens?[/quote:03487a792d]
    Dell Inspiron 2650, uit 2002….
    Het vreemde is dat het fenomeen ineens de kop op stak een week of wat geleden.
    Er is verder niets bijzonders gebeurt en alles lijkt normaal en goed te functioneren: software en internet zonder merkbaar snelheidsverlies.

    PS. Virtual memory had ik oorsponkelijk hoger staan.
    Bedankt voor de tips: ik zal ermee aan de gang gaan.
  • Hoi Jan, je log ziet er inderdaad mooi uit.

    Wel heb je nog Avast 4 erinzitten, die kan je vervangen voor Avast 5!

    En doe toch maar het volgende: [b:f5dce75519]Download, installeer en blijf MBAM gebruiken[/b:f5dce75519] (KLIK)
    (klik op de blaue knop om de gratis versie te downloaden!)
    [list:f5dce75519][*:f5dce75519] Al meteen na de installatie wil [b:f5dce75519]MBAM[/b:f5dce75519] zijn database opwaarderen – toestaan dus.
    [*:f5dce75519] Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:f5dce75519]Update[/b:f5dce75519]!

    [*:f5dce75519] Start [b:f5dce75519]MBAM[/b:f5dce75519] en kies voor [b:f5dce75519]Snelle Scan[/b:f5dce75519]

    [*:f5dce75519] [b:f5dce75519]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:f5dce75519]

    [*:f5dce75519] Het scannen kan een tijdje duren, dus wees geduldig.
    [*:f5dce75519] Indien de scan voltooid is, klik dan op de knop [b:f5dce75519]OK[/b:f5dce75519]
    [*:f5dce75519] Klik daarna op de knop [b:f5dce75519]Bekijk Resultaten[/b:f5dce75519] om de resultaten te zien.
    [*:f5dce75519] Zorg ervoor, dat alles aangevinkt is.
    [*:f5dce75519] Vervolgens klik je op: [b:f5dce75519]Verwijder geselecteerde[/b:f5dce75519] .
    [*:f5dce75519] Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    [*:f5dce75519] Het log wordt automatisch bewaard door [b:f5dce75519]MBAM[/b:f5dce75519] en dat kan je terugvinden door op de tab [b:f5dce75519]Logs[/b:f5dce75519] te klikken in [b:f5dce75519]MBAM[/b:f5dce75519] .

    [*:f5dce75519] Indien [b:f5dce75519]MBAM[/b:f5dce75519] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:f5dce75519]OK[/b:f5dce75519] klikken!
    [*:f5dce75519] Daarna zal [b:f5dce75519]MBAM[/b:f5dce75519] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:f5dce75519]

    Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook.
    MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen.

    [b:f5dce75519]Hierna post je de inhoud van het MBAM-log[/b:f5dce75519]


    En doe ook dit: een test, om te kijken hoe je huidige veiligheidssituatie is.

    Download naar je bureaublad [b:f5dce75519][/b:f5dce75519].
    [list:f5dce75519][*:f5dce75519] Klik/dubbelklik op [b:f5dce75519]SecurityCheck.exe[/b:f5dce75519] en let op de instrukties in het zwarte vesnter.
    [*:f5dce75519] Een Kladblok document genaamd [b:f5dce75519]checkup.txt[/b:f5dce75519] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
    [*:f5dce75519] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:f5dce75519]
    Post de inhoud van [b:f5dce75519]checkup.txt [/b:f5dce75519]in je volgende post.
  • Je kunt dan een verse install overwegen…

    Mem:
    http://support.dell.com/support/edocs/systems/ins2600/en/sm_en/palmrest.htm#998220

    via
    http://arstechnica.com/civis/viewtopic.php?f=9&t=315287

    Helaas:
    http://support.dell.com/support/edocs/systems/ins2600/en/sm_en/specs.htm#1119510
    Maximum memory 512 MB
  • [quote:41d515110c="Abraham54"]…Wel heb je nog Avast 4 erinzitten, die kan je vervangen voor Avast 5!…
    …Hierna post je de inhoud van het MBAM-log…
    …Post de inhoud van [b:41d515110c]checkup.txt [/b:41d515110c]in je volgende post.[/quote:41d515110c]

    Ik had Avast 5 erop maar vind toch 4 beter lopen op mijn Notebook.
    Vooral het updaten duurt met 5 langer.

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    [b:41d515110c]``````````````````````````````
    [u:41d515110c]Antivirus/Firewall Check:[/u:41d515110c][/b:41d515110c]
    Windows Firewall Enabled!
    avast! Antivirus
    avast! successfully updated!
    [b:41d515110c]```````````````````````````````
    [u:41d515110c]Anti-malware/Other Utilities Check:[/u:41d515110c][/b:41d515110c]
    Malwarebytes' Anti-Malware
    CCleaner
    Adobe Flash Player 9
  • Hallo Jan, avast 4 wordt straks niet meer ondersteunt en de updates gaan gewoon automatisch met Avast 5 - dus wat is het probleem om dan niet beter beveiligd te zijn!

    In ieder geval heeft je Windows al een lelijke besmetting opgelopen!

    [b:f05b1248b5]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:f05b1248b5] (klik)

    HJT.nl

    [b:f05b1248b5]Laat Combofix jouw Windows scannen (klik)[/b:f05b1248b5].
    [b:f05b1248b5]Hoe Combofix goed te gebruiken (klik)[/b:f05b1248b5]
    [list:f05b1248b5][*:f05b1248b5][b:f05b1248b5] Om Combofix te kunnen gebruiken geldt het volgende:[/b:f05b1248b5]
    [*:f05b1248b5]
  • ComboFix 10-08-28.02 - j.pohlman 29-08-2010 23:41:27.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.251 [GMT 2:00]
    Running from: c:\temp\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 100829-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\WinPCap
    c:\program files\WinPCap\INSTALL.LOG
    c:\program files\WinPCap\Uninstall.exe
    C:\Thumbs.db
    c:\windows\system\mgx40.dll
    c:\windows\system\olepro32.dll
    c:\windows\system32\drivers
    pf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\Thumbs.db
    c:\windows\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_EXPLORER


    ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
    .

    2010-08-29 21:31 . 2010-08-29 21:32 3830790 —-a-r- c:\temp\ComboFix.exe
    2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Malwarebytes
    2010-08-29 20:32 . 2010-04-29 13:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-29 20:32 . 2010-04-29 13:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-27 21:33 . 2010-08-27 21:33 19657194 —-a-w- c:\temp\vlc-1.1.4-win32.exe
    2010-08-25 21:22 . 2010-08-25 21:22 ——– d—–w- c:\program files\CCleaner
    2010-08-16 18:35 . 2010-08-16 18:35 181760 —-a-w- c:\documents and settings\j.pohlman\Application Data\Google Talk\googletalk.exe
    2010-08-16 18:35 . 2010-08-16 18:35 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Google Talk
    2010-07-31 17:37 . 2010-07-31 17:37 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Registry Mechanic
    2010-07-31 17:29 . 2010-07-31 17:29 ——– d—–w- c:\program files\Common Files\PC Tools
    2010-07-31 17:29 . 2010-08-29 21:27 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-27 19:01 . 2009-02-05 21:58 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Tyre
    2010-08-25 21:24 . 2005-11-28 21:30 ——– d—–w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-14 16:46 . 2010-06-03 20:59 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Uniblue
    2010-08-08 20:20 . 2007-03-15 15:22 ——– d—–w- c:\program files\Linksys
    2010-08-03 22:31 . 2008-03-20 18:10 ——– d—–w- c:\program files\Windows Live
    2010-07-25 11:28 . 2010-07-25 11:28 ——– d—–w- c:\program files\Alwil Software
    2010-07-09 20:25 . 2009-05-13 19:52 ——– d—–w- c:\program files\Tyre
    2010-07-09 20:25 . 2009-05-13 19:52 ——– d—–w- c:\documents and settings\All Users\Application Data\Tyre
    2010-07-09 20:19 . 2010-07-09 20:19 ——– d—–w- c:\program files\TomTom International B.V
    2010-07-09 20:19 . 2010-07-09 20:19 ——– d—–w- c:\program files\TomTom HOME 2
    2010-06-30 12:31 . 2002-08-29 05:00 149504 —-a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-02-06 16:05 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2002-08-29 05:00 1851904 —-a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2002-08-29 05:00 354304 —-a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2002-08-29 05:00 80384 —-a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2002-08-29 05:00 744448 —-a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
    2010-06-14 07:41 . 2002-08-29 05:00 1172480 —-a-w- c:\windows\system32\msxml3.dll
    2010-06-01 17:37 . 2010-07-20 21:42 221568 ——w- c:\windows\system32\MpSigStub.exe
    2008-08-03 20:29 . 2008-08-03 20:29 56 –sh–r- c:\windows\SYSTEM32\4703A98161.sys
    2008-02-24 12:55 . 2008-02-24 12:55 23 –sha-w- c:\windows\SYSTEM32\dfeefca9_d.dll
    2005-01-24 20:17 . 2005-01-24 19:43 56 –sh–r- c:\windows\SYSTEM32\E4D2272018.sys
    2008-08-03 21:35 . 2005-01-24 19:43 3350 –sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CARPService"="carpserv.exe" [2003-01-23 4608]
    "DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2003-03-07 209800]
    "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2004-01-08 37888]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512]
    "nwiz"="nwiz.exe" [2003-06-24 323584]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-24 77914]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-5 24576]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0o\0c\0h\0k\0 \0*

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Active WebCam\\WebCam.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CuteFTP Professional\\ftpte.exe"=
    "c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
    "c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\BIN\\tcptest.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
    "5900:TCP"= 5900:TCP:vnc5900
    "5800:TCP"= 5800:TCP:vnc5800

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [11-02-2003 01:22 17792]
    R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [25-07-2010 13:29 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [25-07-2010 13:29 20560]
    R2 Av620an;Av620an;c:\windows\SYSTEM32\DRIVERS\av620an.sys [15-02-2003 10:35 109152]
    R2 Av620cn;Av620cn;c:\windows\SYSTEM32\DRIVERS\av620cn.sys [15-02-2003 10:35 108448]
    R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [29-08-2002 07:00 14336]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [31-07-2010 19:29 632792]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-08-2010 11:38 92008]
    R3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\SYSTEM32\DRIVERS\WPC54Gv3.SYS [30-11-2006 23:54 610816]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [30-06-2007 19:58 17920]
    S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [30-06-2007 19:58 7680]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [30-06-2007 19:58 42112]
    S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc –> c:\program files\Google\Update\GoogleUpdate.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = file:///C:/www.htm
    uInternet Connection Wizard,ShellNext = iexplore
    Trusted Zone: snsbank.nl\www
    Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32
    zdd.dll
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\j.pohlman\Application Data\Mozilla\Firefox\Profiles\8q2z4azq.default\
    FF - prefs.js: browser.startup.homepage - file:///C:/www.htm
    FF - plugin: c:\program files\Google\Google Earth\plugin
    pgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23
    pGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live
    pOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    —- FIREFOX POLICIES —-
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "";);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties";);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties";);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam
    AddRemove-Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Uninst.isu



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-29 23:51
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    ——————— LOCKED REGISTRY KEYS ———————

    [HKEY_USERS\S-1-5-21-2351571192-3568180317-2235136056-1007\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\3Com\DirectBindServices]
    @DACL=(02 0000)
    "TCAITDI"="1"

    [HKEY_LOCAL_MACHINE\software\3Com\EL90xbc]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\3Com\Update]
    @DACL=(02 0000)
    "BoomRemove"="No"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A54AE6D9-1146-03FB-2857897F111C6A4F}\{DD8CECF2-78C0-CF9A-49F4FAE856227A78}\{638B8461-7EC5-D2C3-C076811FCCFACE61}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,73,57,
    9b,ef,cb,09,da,45,69,aa,38,97,2f,db,7b,76,bc,69,2f,28,02,5c,06,48,dc,c6,5f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E5B56989-7E86-F8AC-7EB388A31CBB2899}\{D3CA0722-C391-048A-9B4358C3D872E7A5}\{C970F755-AAA5-5192-B03A56D01EDD379B}*]
    "VQDLJNV3QLXY61YLJF5DZX66LB1"=hex:01,00,01,00,00,00,00,00,cd,4f,4e,68,e8,76,95,
    78,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG08.00.00.01WORKSTATION"="FA4F476C57430DF6D1E797E0BDDB7949F1B65AC35D61293F2F9ED500A7BD925C44181C7555E2231140783569EE985676B6C99D97315C94A651B1134ABDCE6C1E2363AD031935982DCEADD03B7F02CBFA860C67A480785F984ECD6C8DF25BC2A217CBC9C6B2283D74A5B3871F35E68BE84C5A41EAE509B8AFF4A0FAA557D65D2E76EE3713C6711B72BDB86881E8DC78B3C814A7128D9F80E86B5C48900E75B9E76CF02D5F0C066918E871F9F409BA29FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E6675D575E7D6A3B98085D575E7D6A3B98080F5E3F3A14EBB0D6B6CE8F4E76DD365064D14E02D12F4211393C5430D21F5E2F5B5C6311623E6DC52F62E964A380778E1396DA6B7E1C0BC2356312BBB93FA9CD77ADCE54A40846D7DD7D360F515CD61493746BDB6287EEE9FE9AB7CCE02A71E461F33C732BFACA7F89E5BE8CE858C33018F6FCFA20A9DFD2D053111AC40D48DDFCA36AD26959CCE1DFB6550DF76C7264B5FE8F69FC52117E48D1EFCF022D83D313879B4B777CE35A71DF4C36AD27D9E9E53EA9B6E2637DA0E8ADAB8BDD61BE1BCC3D96A71150EBF8B1237BA160A8B8AB86BED0EA61D2E0A118559CE0BC15D738BBB526A9965504FCFA18BD5B07A58CC9D75A147EA7AA3D1FA00AA0572C47706352B819820CA00E5F8728F36441699A16804283DF0D8A586931DD1AE8580CEE0CE6DD42DC98D833CAF79381B24DCF6C9A097933F18C23B905DC3C6E859688FD53B6147754093B5C9B52EBCDAE924A4B91DF57BC0A413BAEA897610610DC798A8D609D93774C18BA66FD19C435985EC9E95588BBF1EF2ECA43BDDC4F5FC5AEC6C5678FF5CB77D2BFF0475455170C253A489F8DD1E87DE7DFF40E143C3E100BA93833D301C94065A3365E2EF39ABE4CB684D6B8A39F726D0A90A9C0C26B9F85EDD78E279BDA855AE16458089777A4141A287A31593CFE5323A018EE5B9B7AA89048A91DAE614553B8DD2D99BCDBD6528474E9759F597344CFE1C27E05F3CB9454E5171AAB3024042CB8B86D63E792F05A5DEB53A604467E7342F726401162FCBEBA4F590311E9B40240BD628D31B86DC408A96E24C011D3B6686BEC930131299A0BAD672C3E0242C6F25D2B443FCDD72E522F3FCF82922C082CB2300946CEF3F64B70A5A1E77C1B4803A14D92917C56C7CAEF9167352B00189A48A1AC58F7CBA3A4BB4CE2320D451BD7F7A588978E21853540842A36625E5BF30A4490A309B5B77597E171368C58960BAEE2B836F7869F09D90DDD57E0E90CAC3B724B8507C70F4FED46D4FEF58154EAFB053CC74BE792F159714B5FF458A66C025876D0962DC476102A970D6A80B3FA76E5AE98433A9D4E42CE3E081273EC916876AF4E84A53E66AF"
    .
    ——————— DLLs Loaded Under Running Processes ———————

    - - - - - - - > 'explorer.exe'(2228)
    c:\windows\system32\WININET.dll
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ———————— Other Running Processes ————————
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32
    vsvc32.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\windows\system32\tcpsvcs.exe
    c:\windows\system32\carpserv.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\program files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-30 00:01:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-29 22:01

    Pre-Run: 4.119.289.856 bytes free
    Post-Run: 3.978.182.656 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - D20E11C19771FE8905996275250B5AEC






  • Hallo Jan, ik begrijp dat het al een bijna antiek notebook is, wat je gebruikt.
    Toch wil ik er bij je op aandringen om Avast 5 te nemen.

    En er is werk aan je Windows!


    Open een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
    kopieer en plak het volgende (vetgedrukte, blauwe tekst) in ht lege kladblokvenstervenster


  • Bedankt voor de support tot zover !
    Vanavond thuis weer verder ;-)
    Ik zal in ieder geval Avast 5 weer opnieuw gaan installeren
  • ComboFix 10-08-29.04 - j.pohlman 30-08-2010 19:20:51.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.375 [GMT 2:00]
    Running from: c:\documents and settings\j.pohlman\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\j.pohlman\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1368 [VPS 100829-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\temp\vlc-1.1.4-win32.exe"
    "c:\windows\SYSTEM32\4703A98161.sys"
    "c:\windows\SYSTEM32\dfeefca9_d.dll"
    "c:\windows\SYSTEM32\E4D2272018.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\temp\vlc-1.1.4-win32.exe
    c:\windows\SYSTEM32\4703A98161.sys
    c:\windows\SYSTEM32\dfeefca9_d.dll
    c:\windows\SYSTEM32\E4D2272018.sys

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
    .

    2010-08-29 21:31 . 2010-08-29 21:32 3830790 —-a-r- c:\temp\ComboFix.exe
    2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Malwarebytes
    2010-08-29 20:32 . 2010-04-29 13:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-29 20:32 . 2010-04-29 13:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-25 21:22 . 2010-08-25 21:22 ——– d—–w- c:\program files\CCleaner
    2010-08-16 18:35 . 2010-08-16 18:35 181760 —-a-w- c:\documents and settings\j.pohlman\Application Data\Google Talk\googletalk.exe
    2010-08-16 18:35 . 2010-08-16 18:35 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Google Talk
    2010-07-31 17:37 . 2010-07-31 17:37 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Registry Mechanic
    2010-07-31 17:29 . 2010-07-31 17:29 ——– d—–w- c:\program files\Common Files\PC Tools
    2010-07-31 17:29 . 2010-08-29 22:20 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-27 19:01 . 2009-02-05 21:58 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Tyre
    2010-08-25 21:24 . 2005-11-28 21:30 ——– d—–w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-14 16:46 . 2010-06-03 20:59 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Uniblue
    2010-08-08 20:20 . 2007-03-15 15:22 ——– d—–w- c:\program files\Linksys
    2010-08-03 22:31 . 2008-03-20 18:10 ——– d—–w- c:\program files\Windows Live
    2010-07-25 11:28 . 2010-07-25 11:28 ——– d—–w- c:\program files\Alwil Software
    2010-07-09 20:25 . 2009-05-13 19:52 ——– d—–w- c:\program files\Tyre
    2010-07-09 20:25 . 2009-05-13 19:52 ——– d—–w- c:\documents and settings\All Users\Application Data\Tyre
    2010-07-09 20:19 . 2010-07-09 20:19 ——– d—–w- c:\program files\TomTom International B.V
    2010-07-09 20:19 . 2010-07-09 20:19 ——– d—–w- c:\program files\TomTom HOME 2
    2010-06-30 12:31 . 2002-08-29 05:00 149504 —-a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-02-06 16:05 916480 —-a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2002-08-29 05:00 1851904 —-a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2002-08-29 05:00 354304 —-a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2002-08-29 05:00 80384 —-a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2002-08-29 05:00 744448 —-a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
    2010-06-14 07:41 . 2002-08-29 05:00 1172480 —-a-w- c:\windows\system32\msxml3.dll
    2010-06-01 17:37 . 2010-07-20 21:42 221568 ——w- c:\windows\system32\MpSigStub.exe
    2008-08-03 21:35 . 2005-01-24 19:43 3350 –sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CARPService"="carpserv.exe" [2003-01-23 4608]
    "DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2003-03-07 209800]
    "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2004-01-08 37888]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512]
    "nwiz"="nwiz.exe" [2003-06-24 323584]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-24 77914]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-5 24576]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0o\0c\0h\0k\0 \0*

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Active WebCam\\WebCam.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\CuteFTP Professional\\ftpte.exe"=
    "c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
    "c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\BIN\\tcptest.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
    "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
    "5900:TCP"= 5900:TCP:vnc5900
    "5800:TCP"= 5800:TCP:vnc5800

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [11-02-2003 01:22 17792]
    R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [25-07-2010 13:29 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [25-07-2010 13:29 20560]
    R2 Av620an;Av620an;c:\windows\SYSTEM32\DRIVERS\av620an.sys [15-02-2003 10:35 109152]
    R2 Av620cn;Av620cn;c:\windows\SYSTEM32\DRIVERS\av620cn.sys [15-02-2003 10:35 108448]
    R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [29-08-2002 07:00 14336]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [31-07-2010 19:29 632792]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-08-2010 11:38 92008]
    R3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\SYSTEM32\DRIVERS\WPC54Gv3.SYS [30-11-2006 23:54 610816]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [30-06-2007 19:58 17920]
    S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [30-06-2007 19:58 7680]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [30-06-2007 19:58 42112]
    S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc –> c:\program files\Google\Update\GoogleUpdate.exe [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = file:///C:/www.htm
    uInternet Connection Wizard,ShellNext = iexplore
    Trusted Zone: snsbank.nl\www
    Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32
    zdd.dll
    DPF: DirectAnimation Java Classes
    DPF: Microsoft XML Parser for Java
    FF - ProfilePath - c:\documents and settings\j.pohlman\Application Data\Mozilla\Firefox\Profiles\8q2z4azq.default\
    FF - prefs.js: browser.startup.homepage - file:///C:/www.htm
    FF - plugin: c:\program files\Google\Google Earth\plugin
    pgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23
    pGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live
    pOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    p-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    —- FIREFOX POLICIES —-
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-30 19:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    ——————— LOCKED REGISTRY KEYS ———————

    [HKEY_USERS\S-1-5-21-2351571192-3568180317-2235136056-1007\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\3Com\DirectBindServices]
    @DACL=(02 0000)
    "TCAITDI"="1"

    [HKEY_LOCAL_MACHINE\software\3Com\EL90xbc]
    @DACL=(02 0000)

    [HKEY_LOCAL_MACHINE\software\3Com\Update]
    @DACL=(02 0000)
    "BoomRemove"="No"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A54AE6D9-1146-03FB-2857897F111C6A4F}\{DD8CECF2-78C0-CF9A-49F4FAE856227A78}\{638B8461-7EC5-D2C3-C076811FCCFACE61}*]
    "{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,73,57,
    9b,ef,cb,09,da,45,69,aa,38,97,2f,db,7b,76,bc,69,2f,28,02,5c,06,48,dc,c6,5f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E5B56989-7E86-F8AC-7EB388A31CBB2899}\{D3CA0722-C391-048A-9B4358C3D872E7A5}\{C970F755-AAA5-5192-B03A56D01EDD379B}*]
    "VQDLJNV3QLXY61YLJF5DZX66LB1"=hex:01,00,01,00,00,00,00,00,cd,4f,4e,68,e8,76,95,
    78,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG08.00.00.01WORKSTATION"="FA4F476C57430DF6D1E797E0BDDB7949F1B65AC35D61293F2F9ED500A7BD925C44181C7555E2231140783569EE985676B6C99D97315C94A651B1134ABDCE6C1E2363AD031935982DCEADD03B7F02CBFA860C67A480785F984ECD6C8DF25BC2A217CBC9C6B2283D74A5B3871F35E68BE84C5A41EAE509B8AFF4A0FAA557D65D2E76EE3713C6711B72BDB86881E8DC78B3C814A7128D9F80E86B5C48900E75B9E76CF02D5F0C066918E871F9F409BA29FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E6675D575E7D6A3B98085D575E7D6A3B98080F5E3F3A14EBB0D6B6CE8F4E76DD365064D14E02D12F4211393C5430D21F5E2F5B5C6311623E6DC52F62E964A380778E1396DA6B7E1C0BC2356312BBB93FA9CD77ADCE54A40846D7DD7D360F515CD61493746BDB6287EEE9FE9AB7CCE02A71E461F33C732BFACA7F89E5BE8CE858C33018F6FCFA20A9DFD2D053111AC40D48DDFCA36AD26959CCE1DFB6550DF76C7264B5FE8F69FC52117E48D1EFCF022D83D313879B4B777CE35A71DF4C36AD27D9E9E53EA9B6E2637DA0E8ADAB8BDD61BE1BCC3D96A71150EBF8B1237BA160A8B8AB86BED0EA61D2E0A118559CE0BC15D738BBB526A9965504FCFA18BD5B07A58CC9D75A147EA7AA3D1FA00AA0572C47706352B819820CA00E5F8728F36441699A16804283DF0D8A586931DD1AE8580CEE0CE6DD42DC98D833CAF79381B24DCF6C9A097933F18C23B905DC3C6E859688FD53B6147754093B5C9B52EBCDAE924A4B91DF57BC0A413BAEA897610610DC798A8D609D93774C18BA66FD19C435985EC9E95588BBF1EF2ECA43BDDC4F5FC5AEC6C5678FF5CB77D2BFF0475455170C253A489F8DD1E87DE7DFF40E143C3E100BA93833D301C94065A3365E2EF39ABE4CB684D6B8A39F726D0A90A9C0C26B9F85EDD78E279BDA855AE16458089777A4141A287A31593CFE5323A018EE5B9B7AA89048A91DAE614553B8DD2D99BCDBD6528474E9759F597344CFE1C27E05F3CB9454E5171AAB3024042CB8B86D63E792F05A5DEB53A604467E7342F726401162FCBEBA4F590311E9B40240BD628D31B86DC408A96E24C011D3B6686BEC930131299A0BAD672C3E0242C6F25D2B443FCDD72E522F3FCF82922C082CB2300946CEF3F64B70A5A1E77C1B4803A14D92917C56C7CAEF9167352B00189A48A1AC58F7CBA3A4BB4CE2320D451BD7F7A588978E21853540842A36625E5BF30A4490A309B5B77597E171368C58960BAEE2B836F7869F09D90DDD57E0E90CAC3B724B8507C70F4FED46D4FEF58154EAFB053CC74BE792F159714B5FF458A66C025876D0962DC476102A970D6A80B3FA76E5AE98433A9D4E42CE3E081273EC916876AF4E84A53E66AF"
    .
    Completion time: 2010-08-30 19:31:22
    ComboFix-quarantined-files.txt 2010-08-30 17:31

    Pre-Run: 3.962.843.136 bytes free
    Post-Run: 3.943.825.408 bytes free

    - - End Of File - - C5834C4216DA077E9B9EB1A51EFC15AE




  • Hallo Jan, dat is perfekt gegaan.
    Je mag ComboFix verwijderen,

    [list:acba4fdf49][*:acba4fdf49] ga daarvoor naar Start - Uitvoeren
    [*:acba4fdf49] kopieer en plak hierin het volgende: [b:acba4fdf49]Combofix /Uninstall[/b:acba4fdf49]
    [*:acba4fdf49] klik daarna op [b:acba4fdf49]OK[/b:acba4fdf49].
    [*:acba4fdf49] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:acba4fdf49]

    Voorbeeld:

    [img:acba4fdf49]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:acba4fdf49]

    Hoe draait jouw Windows nu?
  • Nogmaals bedankt voor je support en advies !

    Inmiddels ook weer Avast 5 geinstalleerd.
    Het opstarten lijkt sneller te gaan en ook het memory verbruik is dan een stuk minder.
    Ik zal het in ieder geval in de gaten houden.
    Toch nog twee vragen:
    Wat was nu exact het probleem dat, naar ik aanneem, met Combofix verholpen is?
    Wat kun je aanraden om behalve CCleaner - Registry Manager - Spybot ook (periodiek) nog te runnen?
  • Hoi Jan, het is heel simpel - er heeft een zogenaamde rogue-scanner in jouw Windows gezeten, die nog het een en ander nagedownload had, maar schijnbaar om onduidelijke reden geen echte plaag voor je geworden is.
    Maar dat kan komen door een slechte programmering ervan!

    Dat het geheugengebruik minder is geworden, komt omdat er geen spy- en malware op de achtergrond meelopen!

    Je houdt MBAM als ondersteuning van Avast.

    Spybot stelt niks meer voor, mag je de-installeren!
    Die registry-manager heb je ook niet nodig!
    Want Windows XP laad alleen die DLL's die noodzakelijk zijn!
    En Ccleaner kan je het register ook nakijken!
  • OK, duidelijk.
    Ik zal Spybot verwijderen.
    Oh ja, klein foutje: ik had het over Registry Manager maar dat moet zijn PCTools Registry Mechanic.
    Verwijderen?
  • Ja hoor, verwijder maar!
  • Eh…, Combofix heeft toch iets teveel verwijdert: MGX40.dll
    Deze dll is nodig voor Micrografx Windows Draw (oud tekenprogramma)

    Staat dit nog ergens op de XP CD-Rom? (lijkt van Microsoft te zijn)
    Je kunt deze dll, voor zover ik via Google kon checken, alleen betaald downloaden? :cry:
  • Met alle respekt hoor, maar dat is wel een programma van elf tot twaalf jaar of langer geleden!

    Micrografx sold Windows Draw to Sierra in 1999.


    http://www.filewatcher.com/b/ftp/ftp.sierra.com/pub/patches/pc.0.0.html


    wdrawdll.exe contains a newer version of MGX40.DLL, for Windows Draw 4, 5 and 6

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.