Vraag & Antwoord
Traag opstarten Notebook
21 antwoorden
- Pentium 4 - CPU 1.8GHZ - 512MB Ram (meer past er niet in)
Windows XP SP3
Virtual memory ingesteld op 768MB
Avast virus scanner
Draai regelmatig CCleaner - Registry Manager - Spybot - Defrag - MS updates
Task manager:
Normaal gebruik in rust: memory zo'n 375MB - CPU paar %
Memory gebruikt tijdens opstart echter zo'n 850MB (loopt naar maximaal) terwijl CPU gebruik laag blijft
Helemaal opstarten kan zo'n 15 minuten of meer in beslag nemen, hierna zakt memory gebruik weer qua verbruik
Wat is er aan de hand/niet goed?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:50:10, on 29-08-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/www.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1269559478163
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = chello.nl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = chello.nl
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = chello.nl
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe - Deze log lijkt mij schoon op het 1e gezicht, Abraham54 weet er veel meer van.
Mem: max 512 MB? in een Pentium 4?
Kijk eens op de website welk type geheugen ondersteund wordt.
Als de laptop het verder nog waard is dan kan er vaak 1 of 2 GB in En dat scheelt enorm in de snelheid (in mijn Asus L3800 ko max 1 GB dus eff checken voor dit laptoppie). Welke overigens? - De TS bedoelt waarschijnlijk dat alle geheugen sloten van zijn P4 laptop vol zitten. Voor XP SP3 vind ik 512 MB niet te weinig. XP werd toch uitgebracht in 2001. In die tijd was 512 MB werkgeheugen normaal. (Ikzelf heb met mijn oude AthlonXP 1700+ en dual Pentium3 PC's jaren lang gedraaid met 512 MB werkgeheugen. Met daarop Windows XP.)
Het langzame opstarten zou de TS kunnen proberen te analyseren via applicatie BootVis. - Als ik het zo bekijken kan moet je even aan de slag, je wisselgeheugen instellen op min 1024MB aangezien je krap in geheugen zit.
Verder zou ik eens kijken wat allemaal opstart, probeer hier je winst te behalen, ik zie nogal wat van adobe starten wat niet nodig is.
Als je met een installatie kan starten die maar een minimum aan processen start dan zul je zeker snelheid winnen.
Kijk ook eens naar het aantal herstelpunten wat er nog staat, die kunnen heel veel ruimte innemen en dus plaats in je systeem.
Office hoeft niet op te starten, uitschakelen dus!
Van Dell zie ik ook heel wat opstarten, ook uitschakelen!
Logitech desktop messenger, uitschakel of op handmatig.
Meer weten wat je wel en niet uit kan schakelen?
http://www.schoonepc.nl/optim/bootvis.html
En kijk ook eens hier:
http://www.blackviper.com/WinXP/servicecfg.htm
Algemeen gezegd start er heel veel op en dat kan deze laptop niet aan denk ik, ga dus tweaken en kijk op schoonePC hoe je dat kan doen en bij black viper kun je heel veel services beter afstellen waar je veel winst kan halen.
Sterkte er mee en laat eens horen wat het resultaat is. - [quote:03487a792d="andre@home"]…Mem: max 512 MB? in een Pentium 4?…. Welke overigens?[/quote:03487a792d]
Dell Inspiron 2650, uit 2002….
Het vreemde is dat het fenomeen ineens de kop op stak een week of wat geleden.
Er is verder niets bijzonders gebeurt en alles lijkt normaal en goed te functioneren: software en internet zonder merkbaar snelheidsverlies.
PS. Virtual memory had ik oorsponkelijk hoger staan.
Bedankt voor de tips: ik zal ermee aan de gang gaan. - Hoi Jan, je log ziet er inderdaad mooi uit.
Wel heb je nog Avast 4 erinzitten, die kan je vervangen voor Avast 5!
En doe toch maar het volgende: [b:f5dce75519]Download, installeer en blijf MBAM gebruiken[/b:f5dce75519] (KLIK)
(klik op de blaue knop om de gratis versie te downloaden!)
[list:f5dce75519][*:f5dce75519] Al meteen na de installatie wil [b:f5dce75519]MBAM[/b:f5dce75519] zijn database opwaarderen – toestaan dus.
[*:f5dce75519] Ook bij herhaald gebruik: eerst MBAM updaten via de tab [b:f5dce75519]Update[/b:f5dce75519]!
[*:f5dce75519] Start [b:f5dce75519]MBAM[/b:f5dce75519] en kies voor [b:f5dce75519]Snelle Scan[/b:f5dce75519]
[*:f5dce75519] [b:f5dce75519]N.B.: Vista- en Windows 7 gebruik(st)ers starten MBAM middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.[/b:f5dce75519]
[*:f5dce75519] Het scannen kan een tijdje duren, dus wees geduldig.
[*:f5dce75519] Indien de scan voltooid is, klik dan op de knop [b:f5dce75519]OK[/b:f5dce75519]
[*:f5dce75519] Klik daarna op de knop [b:f5dce75519]Bekijk Resultaten[/b:f5dce75519] om de resultaten te zien.
[*:f5dce75519] Zorg ervoor, dat alles aangevinkt is.
[*:f5dce75519] Vervolgens klik je op: [b:f5dce75519]Verwijder geselecteerde[/b:f5dce75519] .
[*:f5dce75519] Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
[*:f5dce75519] Het log wordt automatisch bewaard door [b:f5dce75519]MBAM[/b:f5dce75519] en dat kan je terugvinden door op de tab [b:f5dce75519]Logs[/b:f5dce75519] te klikken in [b:f5dce75519]MBAM[/b:f5dce75519] .
[*:f5dce75519] Indien [b:f5dce75519]MBAM[/b:f5dce75519] moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op [b:f5dce75519]OK[/b:f5dce75519] klikken!
[*:f5dce75519] Daarna zal [b:f5dce75519]MBAM[/b:f5dce75519] vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:f5dce75519]
Indien er de rootkit (TDSS) aanwezig is, zal MBAM ook vragen te herstarten. Doe dit dan ook.
MBAM zal dan na de herstart opnieuw scannen en de rootkit verwijderen.
[b:f5dce75519]Hierna post je de inhoud van het MBAM-log[/b:f5dce75519]
En doe ook dit: een test, om te kijken hoe je huidige veiligheidssituatie is.
Download naar je bureaublad [b:f5dce75519][/b:f5dce75519].
[list:f5dce75519][*:f5dce75519] Klik/dubbelklik op [b:f5dce75519]SecurityCheck.exe[/b:f5dce75519] en let op de instrukties in het zwarte vesnter.
[*:f5dce75519] Een Kladblok document genaamd [b:f5dce75519]checkup.txt[/b:f5dce75519] dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
[*:f5dce75519] Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.[/list:u:f5dce75519]
Post de inhoud van [b:f5dce75519]checkup.txt [/b:f5dce75519]in je volgende post. - Je kunt dan een verse install overwegen…
Mem:
http://support.dell.com/support/edocs/systems/ins2600/en/sm_en/palmrest.htm#998220
via
http://arstechnica.com/civis/viewtopic.php?f=9&t=315287
Helaas:
http://support.dell.com/support/edocs/systems/ins2600/en/sm_en/specs.htm#1119510
Maximum memory 512 MB - [quote:41d515110c="Abraham54"]…Wel heb je nog Avast 4 erinzitten, die kan je vervangen voor Avast 5!…
…Hierna post je de inhoud van het MBAM-log…
…Post de inhoud van [b:41d515110c]checkup.txt [/b:41d515110c]in je volgende post.[/quote:41d515110c]
Ik had Avast 5 erop maar vind toch 4 beter lopen op mijn Notebook.
Vooral het updaten duurt met 5 langer.
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
[b:41d515110c]``````````````````````````````
[u:41d515110c]Antivirus/Firewall Check:[/u:41d515110c][/b:41d515110c]
Windows Firewall Enabled!
avast! Antivirus
avast! successfully updated!
[b:41d515110c]```````````````````````````````
[u:41d515110c]Anti-malware/Other Utilities Check:[/u:41d515110c][/b:41d515110c]
Malwarebytes' Anti-Malware
CCleaner
Adobe Flash Player 9 - Hallo Jan, avast 4 wordt straks niet meer ondersteunt en de updates gaan gewoon automatisch met Avast 5 - dus wat is het probleem om dan niet beter beveiligd te zijn!
In ieder geval heeft je Windows al een lelijke besmetting opgelopen!
[b:f05b1248b5]Hier vindt je gegevens hoe antivirus te deaktiveren[/b:f05b1248b5] (klik)
HJT.nl
[b:f05b1248b5]Laat Combofix jouw Windows scannen (klik)[/b:f05b1248b5].
[b:f05b1248b5]Hoe Combofix goed te gebruiken (klik)[/b:f05b1248b5]
[list:f05b1248b5][*:f05b1248b5][b:f05b1248b5] Om Combofix te kunnen gebruiken geldt het volgende:[/b:f05b1248b5]
[*:f05b1248b5] - ComboFix 10-08-28.02 - j.pohlman 29-08-2010 23:41:27.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.251 [GMT 2:00]
Running from: c:\temp\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100829-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\Uninstall.exe
C:\Thumbs.db
c:\windows\system\mgx40.dll
c:\windows\system\olepro32.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
——-\Legacy_EXPLORER
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.
2010-08-29 21:31 . 2010-08-29 21:32 3830790 —-a-r- c:\temp\ComboFix.exe
2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Malwarebytes
2010-08-29 20:32 . 2010-04-29 13:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 20:32 . 2010-04-29 13:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 21:33 . 2010-08-27 21:33 19657194 —-a-w- c:\temp\vlc-1.1.4-win32.exe
2010-08-25 21:22 . 2010-08-25 21:22 ——– d—–w- c:\program files\CCleaner
2010-08-16 18:35 . 2010-08-16 18:35 181760 —-a-w- c:\documents and settings\j.pohlman\Application Data\Google Talk\googletalk.exe
2010-08-16 18:35 . 2010-08-16 18:35 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Google Talk
2010-07-31 17:37 . 2010-07-31 17:37 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Registry Mechanic
2010-07-31 17:29 . 2010-07-31 17:29 ——– d—–w- c:\program files\Common Files\PC Tools
2010-07-31 17:29 . 2010-08-29 21:27 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 19:01 . 2009-02-05 21:58 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Tyre
2010-08-25 21:24 . 2005-11-28 21:30 ——– d—–w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-14 16:46 . 2010-06-03 20:59 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Uniblue
2010-08-08 20:20 . 2007-03-15 15:22 ——– d—–w- c:\program files\Linksys
2010-08-03 22:31 . 2008-03-20 18:10 ——– d—–w- c:\program files\Windows Live
2010-07-25 11:28 . 2010-07-25 11:28 ——– d—–w- c:\program files\Alwil Software
2010-07-09 20:25 . 2009-05-13 19:52 ——– d—–w- c:\program files\Tyre
2010-07-09 20:25 . 2009-05-13 19:52 ——– d—–w- c:\documents and settings\All Users\Application Data\Tyre
2010-07-09 20:19 . 2010-07-09 20:19 ——– d—–w- c:\program files\TomTom International B.V
2010-07-09 20:19 . 2010-07-09 20:19 ——– d—–w- c:\program files\TomTom HOME 2
2010-06-30 12:31 . 2002-08-29 05:00 149504 —-a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-02-06 16:05 916480 —-a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-08-29 05:00 1851904 —-a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 05:00 354304 —-a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-08-29 05:00 80384 —-a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2002-08-29 05:00 744448 —-a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2002-08-29 05:00 1172480 —-a-w- c:\windows\system32\msxml3.dll
2010-06-01 17:37 . 2010-07-20 21:42 221568 ——w- c:\windows\system32\MpSigStub.exe
2008-08-03 20:29 . 2008-08-03 20:29 56 –sh–r- c:\windows\SYSTEM32\4703A98161.sys
2008-02-24 12:55 . 2008-02-24 12:55 23 –sha-w- c:\windows\SYSTEM32\dfeefca9_d.dll
2005-01-24 20:17 . 2005-01-24 19:43 56 –sh–r- c:\windows\SYSTEM32\E4D2272018.sys
2008-08-03 21:35 . 2005-01-24 19:43 3350 –sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-01-23 4608]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2003-03-07 209800]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2004-01-08 37888]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512]
"nwiz"="nwiz.exe" [2003-06-24 323584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-24 77914]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-5 24576]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0o\0c\0h\0k\0 \0*
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Active WebCam\\WebCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CuteFTP Professional\\ftpte.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\BIN\\tcptest.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP
eer Name Resolution Protocol (PNRP)
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [11-02-2003 01:22 17792]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [25-07-2010 13:29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [25-07-2010 13:29 20560]
R2 Av620an;Av620an;c:\windows\SYSTEM32\DRIVERS\av620an.sys [15-02-2003 10:35 109152]
R2 Av620cn;Av620cn;c:\windows\SYSTEM32\DRIVERS\av620cn.sys [15-02-2003 10:35 108448]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [29-08-2002 07:00 14336]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [31-07-2010 19:29 632792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-08-2010 11:38 92008]
R3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\SYSTEM32\DRIVERS\WPC54Gv3.SYS [30-11-2006 23:54 610816]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [30-06-2007 19:58 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [30-06-2007 19:58 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [30-06-2007 19:58 42112]
S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc –> c:\program files\Google\Update\GoogleUpdate.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
——- Supplementary Scan ——-
.
uStart Page = file:///C:/www.htm
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: snsbank.nl\www
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32\nzdd.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\j.pohlman\Application Data\Mozilla\Firefox\Profiles\8q2z4azq.default\
FF - prefs.js: browser.startup.homepage - file:///C:/www.htm
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""
;
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties";
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties";
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Active WebCam - c:\program files\Active WebCam\PY_UNINSTAL.EXE SOFTWARE\PySoft\Act_WebCam
AddRemove-Easy-WebPrint - c:\program files\Canon\Easy-WebPrint\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 23:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
——————— LOCKED REGISTRY KEYS ———————
[HKEY_USERS\S-1-5-21-2351571192-3568180317-2235136056-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\3Com\DirectBindServices]
@DACL=(02 0000)
"TCAITDI"="1"
[HKEY_LOCAL_MACHINE\software\3Com\EL90xbc]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\3Com\Update]
@DACL=(02 0000)
"BoomRemove"="No"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A54AE6D9-1146-03FB-2857897F111C6A4F}\{DD8CECF2-78C0-CF9A-49F4FAE856227A78}\{638B8461-7EC5-D2C3-C076811FCCFACE61}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,73,57,
9b,ef,cb,09,da,45,69,aa,38,97,2f,db,7b,76,bc,69,2f,28,02,5c,06,48,dc,c6,5f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E5B56989-7E86-F8AC-7EB388A31CBB2899}\{D3CA0722-C391-048A-9B4358C3D872E7A5}\{C970F755-AAA5-5192-B03A56D01EDD379B}*]
"VQDLJNV3QLXY61YLJF5DZX66LB1"=hex:01,00,01,00,00,00,00,00,cd,4f,4e,68,e8,76,95,
78,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="FA4F476C57430DF6D1E797E0BDDB7949F1B65AC35D61293F2F9ED500A7BD925C44181C7555E2231140783569EE985676B6C99D97315C94A651B1134ABDCE6C1E2363AD031935982DCEADD03B7F02CBFA860C67A480785F984ECD6C8DF25BC2A217CBC9C6B2283D74A5B3871F35E68BE84C5A41EAE509B8AFF4A0FAA557D65D2E76EE3713C6711B72BDB86881E8DC78B3C814A7128D9F80E86B5C48900E75B9E76CF02D5F0C066918E871F9F409BA29FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E6675D575E7D6A3B98085D575E7D6A3B98080F5E3F3A14EBB0D6B6CE8F4E76DD365064D14E02D12F4211393C5430D21F5E2F5B5C6311623E6DC52F62E964A380778E1396DA6B7E1C0BC2356312BBB93FA9CD77ADCE54A40846D7DD7D360F515CD61493746BDB6287EEE9FE9AB7CCE02A71E461F33C732BFACA7F89E5BE8CE858C33018F6FCFA20A9DFD2D053111AC40D48DDFCA36AD26959CCE1DFB6550DF76C7264B5FE8F69FC52117E48D1EFCF022D83D313879B4B777CE35A71DF4C36AD27D9E9E53EA9B6E2637DA0E8ADAB8BDD61BE1BCC3D96A71150EBF8B1237BA160A8B8AB86BED0EA61D2E0A118559CE0BC15D738BBB526A9965504FCFA18BD5B07A58CC9D75A147EA7AA3D1FA00AA0572C47706352B819820CA00E5F8728F36441699A16804283DF0D8A586931DD1AE8580CEE0CE6DD42DC98D833CAF79381B24DCF6C9A097933F18C23B905DC3C6E859688FD53B6147754093B5C9B52EBCDAE924A4B91DF57BC0A413BAEA897610610DC798A8D609D93774C18BA66FD19C435985EC9E95588BBF1EF2ECA43BDDC4F5FC5AEC6C5678FF5CB77D2BFF0475455170C253A489F8DD1E87DE7DFF40E143C3E100BA93833D301C94065A3365E2EF39ABE4CB684D6B8A39F726D0A90A9C0C26B9F85EDD78E279BDA855AE16458089777A4141A287A31593CFE5323A018EE5B9B7AA89048A91DAE614553B8DD2D99BCDBD6528474E9759F597344CFE1C27E05F3CB9454E5171AAB3024042CB8B86D63E792F05A5DEB53A604467E7342F726401162FCBEBA4F590311E9B40240BD628D31B86DC408A96E24C011D3B6686BEC930131299A0BAD672C3E0242C6F25D2B443FCDD72E522F3FCF82922C082CB2300946CEF3F64B70A5A1E77C1B4803A14D92917C56C7CAEF9167352B00189A48A1AC58F7CBA3A4BB4CE2320D451BD7F7A588978E21853540842A36625E5BF30A4490A309B5B77597E171368C58960BAEE2B836F7869F09D90DDD57E0E90CAC3B724B8507C70F4FED46D4FEF58154EAFB053CC74BE792F159714B5FF458A66C025876D0962DC476102A970D6A80B3FA76E5AE98433A9D4E42CE3E081273EC916876AF4E84A53E66AF"
.
——————— DLLs Loaded Under Running Processes ———————
- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
———————— Other Running Processes ————————
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\carpserv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-08-30 00:01:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 22:01
Pre-Run: 4.119.289.856 bytes free
Post-Run: 3.978.182.656 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - D20E11C19771FE8905996275250B5AEC - Hallo Jan, ik begrijp dat het al een bijna antiek notebook is, wat je gebruikt.
Toch wil ik er bij je op aandringen om Avast 5 te nemen.
En er is werk aan je Windows!
Open een nieuw kladblok bestand. (Start>Alle programma’s>Bureau-accessoires>Kladblok),
kopieer en plak het volgende (vetgedrukte, blauwe tekst) in ht lege kladblokvenstervenster - Bedankt voor de support tot zover !
Vanavond thuis weer verder ;-)
Ik zal in ieder geval Avast 5 weer opnieuw gaan installeren - ComboFix 10-08-29.04 - j.pohlman 30-08-2010 19:20:51.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.375 [GMT 2:00]
Running from: c:\documents and settings\j.pohlman\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\j.pohlman\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100829-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\temp\vlc-1.1.4-win32.exe"
"c:\windows\SYSTEM32\4703A98161.sys"
"c:\windows\SYSTEM32\dfeefca9_d.dll"
"c:\windows\SYSTEM32\E4D2272018.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\vlc-1.1.4-win32.exe
c:\windows\SYSTEM32\4703A98161.sys
c:\windows\SYSTEM32\dfeefca9_d.dll
c:\windows\SYSTEM32\E4D2272018.sys
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.
2010-08-29 21:31 . 2010-08-29 21:32 3830790 —-a-r- c:\temp\ComboFix.exe
2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Malwarebytes
2010-08-29 20:32 . 2010-04-29 13:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-29 20:32 . 2010-08-29 20:32 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 20:32 . 2010-04-29 13:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 21:22 . 2010-08-25 21:22 ——– d—–w- c:\program files\CCleaner
2010-08-16 18:35 . 2010-08-16 18:35 181760 —-a-w- c:\documents and settings\j.pohlman\Application Data\Google Talk\googletalk.exe
2010-08-16 18:35 . 2010-08-16 18:35 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Google Talk
2010-07-31 17:37 . 2010-07-31 17:37 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Registry Mechanic
2010-07-31 17:29 . 2010-07-31 17:29 ——– d—–w- c:\program files\Common Files\PC Tools
2010-07-31 17:29 . 2010-08-29 22:20 ——– d—a-w- c:\documents and settings\All Users\Application Data\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 19:01 . 2009-02-05 21:58 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Tyre
2010-08-25 21:24 . 2005-11-28 21:30 ——– d—–w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-14 16:46 . 2010-06-03 20:59 ——– d—–w- c:\documents and settings\j.pohlman\Application Data\Uniblue
2010-08-08 20:20 . 2007-03-15 15:22 ——– d—–w- c:\program files\Linksys
2010-08-03 22:31 . 2008-03-20 18:10 ——– d—–w- c:\program files\Windows Live
2010-07-25 11:28 . 2010-07-25 11:28 ——– d—–w- c:\program files\Alwil Software
2010-07-09 20:25 . 2009-05-13 19:52 ——– d—–w- c:\program files\Tyre
2010-07-09 20:25 . 2009-05-13 19:52 ——– d—–w- c:\documents and settings\All Users\Application Data\Tyre
2010-07-09 20:19 . 2010-07-09 20:19 ——– d—–w- c:\program files\TomTom International B.V
2010-07-09 20:19 . 2010-07-09 20:19 ——– d—–w- c:\program files\TomTom HOME 2
2010-06-30 12:31 . 2002-08-29 05:00 149504 —-a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-02-06 16:05 916480 —-a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-08-29 05:00 1851904 —-a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 05:00 354304 —-a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-08-29 05:00 80384 —-a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2002-08-29 05:00 744448 —-a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2002-08-29 05:00 1172480 —-a-w- c:\windows\system32\msxml3.dll
2010-06-01 17:37 . 2010-07-20 21:42 221568 ——w- c:\windows\system32\MpSigStub.exe
2008-08-03 21:35 . 2005-01-24 19:43 3350 –sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService"="carpserv.exe" [2003-01-23 4608]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2003-03-07 209800]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2004-01-08 37888]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-06-24 4800512]
"nwiz"="nwiz.exe" [2003-06-24 323584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-24 77914]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-5 24576]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0o\0c\0h\0k\0 \0*
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Active WebCam\\WebCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CuteFTP Professional\\ftpte.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\40\\BIN\\tcptest.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDPeer Name Resolution Protocol (PNRP)
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\SYSTEM32\DRIVERS\ppa.sys [11-02-2003 01:22 17792]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [25-07-2010 13:29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [25-07-2010 13:29 20560]
R2 Av620an;Av620an;c:\windows\SYSTEM32\DRIVERS\av620an.sys [15-02-2003 10:35 109152]
R2 Av620cn;Av620cn;c:\windows\SYSTEM32\DRIVERS\av620cn.sys [15-02-2003 10:35 108448]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [29-08-2002 07:00 14336]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [31-07-2010 19:29 632792]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24-08-2010 11:38 92008]
R3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;c:\windows\SYSTEM32\DRIVERS\WPC54Gv3.SYS [30-11-2006 23:54 610816]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [30-06-2007 19:58 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [30-06-2007 19:58 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [30-06-2007 19:58 42112]
S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc –> c:\program files\Google\Update\GoogleUpdate.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
——- Supplementary Scan ——-
.
uStart Page = file:///C:/www.htm
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: snsbank.nl\www
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32\nzdd.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\j.pohlman\Application Data\Mozilla\Firefox\Profiles\8q2z4azq.default\
FF - prefs.js: browser.startup.homepage - file:///C:/www.htm
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
—- FIREFOX POLICIES —-
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn–mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 19:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
——————— LOCKED REGISTRY KEYS ———————
[HKEY_USERS\S-1-5-21-2351571192-3568180317-2235136056-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\3Com\DirectBindServices]
@DACL=(02 0000)
"TCAITDI"="1"
[HKEY_LOCAL_MACHINE\software\3Com\EL90xbc]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\3Com\Update]
@DACL=(02 0000)
"BoomRemove"="No"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A54AE6D9-1146-03FB-2857897F111C6A4F}\{DD8CECF2-78C0-CF9A-49F4FAE856227A78}\{638B8461-7EC5-D2C3-C076811FCCFACE61}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,ba,73,57,
9b,ef,cb,09,da,45,69,aa,38,97,2f,db,7b,76,bc,69,2f,28,02,5c,06,48,dc,c6,5f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E5B56989-7E86-F8AC-7EB388A31CBB2899}\{D3CA0722-C391-048A-9B4358C3D872E7A5}\{C970F755-AAA5-5192-B03A56D01EDD379B}*]
"VQDLJNV3QLXY61YLJF5DZX66LB1"=hex:01,00,01,00,00,00,00,00,cd,4f,4e,68,e8,76,95,
78,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="FA4F476C57430DF6D1E797E0BDDB7949F1B65AC35D61293F2F9ED500A7BD925C44181C7555E2231140783569EE985676B6C99D97315C94A651B1134ABDCE6C1E2363AD031935982DCEADD03B7F02CBFA860C67A480785F984ECD6C8DF25BC2A217CBC9C6B2283D74A5B3871F35E68BE84C5A41EAE509B8AFF4A0FAA557D65D2E76EE3713C6711B72BDB86881E8DC78B3C814A7128D9F80E86B5C48900E75B9E76CF02D5F0C066918E871F9F409BA29FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E6675D575E7D6A3B98085D575E7D6A3B98080F5E3F3A14EBB0D6B6CE8F4E76DD365064D14E02D12F4211393C5430D21F5E2F5B5C6311623E6DC52F62E964A380778E1396DA6B7E1C0BC2356312BBB93FA9CD77ADCE54A40846D7DD7D360F515CD61493746BDB6287EEE9FE9AB7CCE02A71E461F33C732BFACA7F89E5BE8CE858C33018F6FCFA20A9DFD2D053111AC40D48DDFCA36AD26959CCE1DFB6550DF76C7264B5FE8F69FC52117E48D1EFCF022D83D313879B4B777CE35A71DF4C36AD27D9E9E53EA9B6E2637DA0E8ADAB8BDD61BE1BCC3D96A71150EBF8B1237BA160A8B8AB86BED0EA61D2E0A118559CE0BC15D738BBB526A9965504FCFA18BD5B07A58CC9D75A147EA7AA3D1FA00AA0572C47706352B819820CA00E5F8728F36441699A16804283DF0D8A586931DD1AE8580CEE0CE6DD42DC98D833CAF79381B24DCF6C9A097933F18C23B905DC3C6E859688FD53B6147754093B5C9B52EBCDAE924A4B91DF57BC0A413BAEA897610610DC798A8D609D93774C18BA66FD19C435985EC9E95588BBF1EF2ECA43BDDC4F5FC5AEC6C5678FF5CB77D2BFF0475455170C253A489F8DD1E87DE7DFF40E143C3E100BA93833D301C94065A3365E2EF39ABE4CB684D6B8A39F726D0A90A9C0C26B9F85EDD78E279BDA855AE16458089777A4141A287A31593CFE5323A018EE5B9B7AA89048A91DAE614553B8DD2D99BCDBD6528474E9759F597344CFE1C27E05F3CB9454E5171AAB3024042CB8B86D63E792F05A5DEB53A604467E7342F726401162FCBEBA4F590311E9B40240BD628D31B86DC408A96E24C011D3B6686BEC930131299A0BAD672C3E0242C6F25D2B443FCDD72E522F3FCF82922C082CB2300946CEF3F64B70A5A1E77C1B4803A14D92917C56C7CAEF9167352B00189A48A1AC58F7CBA3A4BB4CE2320D451BD7F7A588978E21853540842A36625E5BF30A4490A309B5B77597E171368C58960BAEE2B836F7869F09D90DDD57E0E90CAC3B724B8507C70F4FED46D4FEF58154EAFB053CC74BE792F159714B5FF458A66C025876D0962DC476102A970D6A80B3FA76E5AE98433A9D4E42CE3E081273EC916876AF4E84A53E66AF"
.
Completion time: 2010-08-30 19:31:22
ComboFix-quarantined-files.txt 2010-08-30 17:31
Pre-Run: 3.962.843.136 bytes free
Post-Run: 3.943.825.408 bytes free
- - End Of File - - C5834C4216DA077E9B9EB1A51EFC15AE - Hallo Jan, dat is perfekt gegaan.
Je mag ComboFix verwijderen,
[list:acba4fdf49][*:acba4fdf49] ga daarvoor naar Start - Uitvoeren
[*:acba4fdf49] kopieer en plak hierin het volgende: [b:acba4fdf49]Combofix /Uninstall[/b:acba4fdf49]
[*:acba4fdf49] klik daarna op [b:acba4fdf49]OK[/b:acba4fdf49].
[*:acba4fdf49] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:acba4fdf49]
Voorbeeld:
[img:acba4fdf49]http://home.kpn.nl/stefsmeenk/CFUninstall.PNG[/img:acba4fdf49]
Hoe draait jouw Windows nu? - Nogmaals bedankt voor je support en advies !
Inmiddels ook weer Avast 5 geinstalleerd.
Het opstarten lijkt sneller te gaan en ook het memory verbruik is dan een stuk minder.
Ik zal het in ieder geval in de gaten houden.
Toch nog twee vragen:
Wat was nu exact het probleem dat, naar ik aanneem, met Combofix verholpen is?
Wat kun je aanraden om behalve CCleaner - Registry Manager - Spybot ook (periodiek) nog te runnen? - Hoi Jan, het is heel simpel - er heeft een zogenaamde rogue-scanner in jouw Windows gezeten, die nog het een en ander nagedownload had, maar schijnbaar om onduidelijke reden geen echte plaag voor je geworden is.
Maar dat kan komen door een slechte programmering ervan!
Dat het geheugengebruik minder is geworden, komt omdat er geen spy- en malware op de achtergrond meelopen!
Je houdt MBAM als ondersteuning van Avast.
Spybot stelt niks meer voor, mag je de-installeren!
Die registry-manager heb je ook niet nodig!
Want Windows XP laad alleen die DLL's die noodzakelijk zijn!
En Ccleaner kan je het register ook nakijken! - OK, duidelijk.
Ik zal Spybot verwijderen.
Oh ja, klein foutje: ik had het over Registry Manager maar dat moet zijn PCTools Registry Mechanic.
Verwijderen? - Ja hoor, verwijder maar!
- Eh…, Combofix heeft toch iets teveel verwijdert: MGX40.dll
Deze dll is nodig voor Micrografx Windows Draw (oud tekenprogramma)
Staat dit nog ergens op de XP CD-Rom? (lijkt van Microsoft te zijn)
Je kunt deze dll, voor zover ik via Google kon checken, alleen betaald downloaden? :cry: - Met alle respekt hoor, maar dat is wel een programma van elf tot twaalf jaar of langer geleden!
Micrografx sold Windows Draw to Sierra in 1999.
http://www.filewatcher.com/b/ftp/ftp.sierra.com/pub/patches/pc.0.0.html
wdrawdll.exe contains a newer version of MGX40.DLL, for Windows Draw 4, 5 and 6
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
