Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

trage pc, HJT log

juisterr
14 antwoorden
  • Mijn pc is de laatste tijd zeer traag, en crasht op willekeurige momenten. De ene keer reboot de computer vanzelf, de andere keer krijg ik een blauw scherm voorgeschoteld. Ik heb ad-aware en spybot er al op losgelaten. (Ook heb ik uit wanhoop de harddisk gedefragmenteerd, maar de snelheid blijft laag. De vrije schijfruimte bedraagt overigens 40%.)

    Mocht het helpen, de computer is een Medion Titanium 8080.

    Dit zei HJT ervan:

    [quote:6d62f1be34]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 1:09:06 AM, on 6/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\mHotkey.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\system32\ctfmon.exe
    E:\HiJackThis_v2.exe
    C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\vincent\tv\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0A3A9-5C7F-46F8-A255-DF935C7A8328}: NameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C3EF4-99B5-4DE4-A371-A2FEBF116450}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS3\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS4\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)


    End of file - 4866 bytes
    [/quote:6d62f1be34]
    Ik hoop dat U mij kunt helpen!
  • Op het eerste zicht lijkt er in dit log niets abnormaal te zitten. Enkel het lijntje [b:d4200ea6f9]O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k[/b:d4200ea6f9] mag je fixen met HJT. Misschien ontdekken de "echte" specialisten nog wel iets, maar ik vrees dat de oorzaak ergens anders zal moeten gezocht worden.
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:88bbc03e4f]
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    [/b:88bbc03e4f]
    Klik op 'Fix checked' om de items te verwijderen.


    die crash moet wel ergens vandaan komen.

    hopelijk lost dit het op.


    Ga naar Start > Uitvoeren en typ of kopieer de vetgedrukte tekst [b:88bbc03e4f]sfc /scannow[/b:88bbc03e4f] in het opdrachtschermpje (Let op de spatie)

    Je computer wordt nu gescant op fouten.


    Als hij vraagt naar de CD van XP Professional en je hebt XP Home; gewoon de CD erin stoppen.
  • Bedankt voor de reacties.

    Die foutencontrole werd voltooid maar ik kreeg geen rapport noch een vraag naar een CD. Betekent dit dat alle Windows bestanden officiëel zijn?

    De PC blijft traag (vooral met opstarten overigens), enig idee hoe ik dit op kan lossen?

    P.S.: CWShredder heeft een tijd geleden CWS.Msconfig opgeruimd, en de symptomen komen overeen met mijn klachten. CWShredder vindt deze variant nu echter niet meer, hoewel de klachten dus blijven.
  • Die tool is al in geen tijden geupdate.

    Download [b:aab071d1f8]Combofix[/b:aab071d1f8] naar je Bureaublad.[list:aab071d1f8]
    Dubbelklik op [b:aab071d1f8]Combofix.exe[/b:aab071d1f8]
    Volg de instructies, aanvaard de disclaimer door [b:aab071d1f8]1[/b:aab071d1f8] (continue) te typen.
    Tijdens het runnen van de fix, [b:aab071d1f8]NIET[/b:aab071d1f8] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:aab071d1f8]
    Wanneer de fix voltooid is en na herstart, zal de log [b:aab071d1f8]combofix.txt[/b:aab071d1f8] openen.
    [i:aab071d1f8]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:aab071d1f8]

    Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Bedankt voor de snelle reactie.

    Hier de log van Combofix:
    [quote:4fe0f294d8]"Vincent" - 2007-06-27 18:10:05 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


    ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))


    2007-06-27 17:44 <DIR> d——– C:\WINDOWS\LastGood
    2007-06-27 17:36 <DIR> dr-h—– C:\DOCUME~1\Vincent\Onlangs geopend
    2007-06-27 15:28 <DIR> d——– C:\DOCUME~1\Dick\APPLIC~1\Talkback
    2007-06-27 00:47 <DIR> d——– C:\DOCUME~1\Vincent\DoctorWeb
    2007-06-25 03:55 <DIR> d——– C:\Program Files\TweakNow RegCleaner Std
    2007-06-21 14:03 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-06-18 04:06 49,152 –a—— C:\WINDOWS
    ircmd.exe
    2007-06-18 04:06 33,207 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-06-18 04:06 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-06-17 22:37 <DIR> d——– C:\WINDOWS\SxsCaPendDel
    2007-06-17 22:32 <DIR> d——– C:\WINDOWS\system32\ActiveScan
    2007-06-17 22:30 10,872 –a—— C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-06-17 19:51 <DIR> d——– C:\DOCUME~1\NETWOR~1\Bureaublad
    2007-06-17 19:09 <DIR> d——– C:\Program Files\STOPzilla!
    2007-06-17 19:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
    2007-06-15 00:03 <DIR> d——– C:\DOCUME~1\Vincent\APPLIC~1\Talkback
    2007-06-14 03:14 <DIR> d——– C:\DOCUME~1\Vincent\APPLIC~1\DivX
    2007-06-12 03:14 129,784 ——— C:\WINDOWS\system32\pxafs.dll
    2007-06-11 19:33 <DIR> d——– C:\DOCUME~1\Dick\APPLIC~1\Gearbox Software
    2007-06-07 14:48 4,292,608 -ra—— C:\WINDOWS\unasetup.exe
    2007-06-07 13:51 53,248 –a—— C:\WINDOWS\system32\unrar.dll
    2007-06-07 13:51 4,284,416 -ra—— C:\WINDOWS\uncsetup.exe
    2007-06-05 18:03 204,800 –a—— C:\WINDOWS\system32\lsvxdec.dll
    2007-06-04 21:59 <DIR> d——– C:\Program Files\DOSBox-0.70
    2007-06-04 15:18 9,344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-06-04 15:17 8,320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-06-04 15:14 6,272 –a—— C:\WINDOWS\system32\drivers\AWRTPD.sys
    2007-05-31 17:14 <DIR> d——– C:\WINDOWS\.jagex_cache_32
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 08:44 802,816 –a—— C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 08:44 740,442 –a—— C:\WINDOWS\system32\DivX.dll
    2007-05-28 14:04 <DIR> d——– C:\DOCUME~1\Vincent\oefenexamens
    2007-05-27 17:57 99,840 –a—— C:\WINDOWS\system\WINSYS.DLL
    2007-05-27 17:57 90,112 –a—— C:\WINDOWS\system\DEWTC.DLL
    2007-05-27 17:57 46,080 –a—— C:\WINDOWS\system\DEWSC.DLL
    2007-05-27 17:57 164,928 –a—— C:\WINDOWS\system\BWCC.DLL
    2007-05-27 17:57 151,040 –a—— C:\WINDOWS\system\DEWCC.DLL
    2007-05-27 17:57 <DIR> d——– C:\Program Files\Meer2
    2007-05-27 15:52 <DIR> d——– C:\CIBIHVB


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-27 16:09:18 ——– d—–w C:\Program Files\SwiftSwitch
    2007-06-27 13:40:21 ——– d—–w C:\Program Files\StormII
    2007-06-25 12:16:20 ——– d—–w C:\Program Files\SpybotSearch & Destroy
    2007-06-25 01:55:47 ——– d—–w C:\Program Files\Hitman Pro
    2007-06-24 23:15:17 ——– d—–w C:\Program Files\Windows Defender
    2007-06-24 23:03:08 ——– d—–w C:\Program Files\MSN Messenger
    2007-06-22 20:43:07 36,884 —-a-w C:\DOCUME~1\Vincent\APPLIC~1\wklnhst.dat
    2007-06-21 12:03:53 ——– d—–w C:\Program Files\Lavasoft
    2007-06-21 12:02:44 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\Lavasoft
    2007-06-21 12:01:34 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-19 19:19:50 ——– d—–w C:\Program Files\Coolstreaming_Tool-Bar_v1.0
    2007-06-18 14:05:14 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\LimeWire
    2007-06-18 10:05:26 ——– d—–w C:\Program Files\PestPatrol
    2007-06-17 20:42:08 ——– d–h–w C:\Program Files\InstallShield Installation Information
    2007-06-17 20:40:14 ——– d—–w C:\Program Files\TI Education
    2007-06-17 20:40:13 ——– d—–w C:\Program Files\Common Files\TI Shared
    2007-06-17 20:38:56 ——– d—–w C:\Program Files\Winamp5
    2007-06-17 20:38:38 ——– d—–w C:\Program Files\WinRescueXP
    2007-06-12 01:15:19 ——– d—–w C:\Program Files\DivX
    2007-06-11 17:32:10 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-06-04 14:01:57 ——– d—–w C:\Program Files\DOSBox-0.63
    2007-05-31 06:45:07 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-27 16:04:36 ——– d—–w C:\Program Files\Pslite
    2007-05-20 19:24:34 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\ppstream
    2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-11 13:24:02 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\Real
    2007-05-05 11:43:13 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\SopCast
    2007-05-03 22:50:38 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\uTorrent
    2007-05-03 22:43:01 ——– d—–w C:\Program Files\RegHealer
    2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 00:15:29 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:24 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
    2007-04-23 00:15:24 116,472 ——w C:\WINDOWS\system32\pxcpyi64.exe
    2007-04-23 00:15:18 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
    2007-04-13 13:19:52 7,680 —-a-w C:\WINDOWS\system32\lsdelete.exe
    2007-04-08 18:45:11 737,280 —-a-w C:\WINDOWS\iun6002.exe
    2007-04-07 14:29:35 6,520 —-a-w C:\WINDOWS\mozver.dat
    2007-03-09 07:12:32 27,648 –sha-w C:\WINDOWS\system32\AVSredirect.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~2\SDHelper.dll [2005-05-31 02:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CHotkey"="mHotkey.exe" [2003-06-27 15:39 C:\WINDOWS\mHotkey.exe]
    "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-02-13 10:25]
    "PRISMSTA.EXE"="PRISMSTA.exe" [2003-08-04 15:54 C:\WINDOWS\system32\PRISMSTA.exe]
    "Cmaudio"="cmicnfg.cpl" [2003-09-12 20:07 C:\WINDOWS\CMICNFG.CPL]
    "ledpointer"="CNYHKey.exe" [2003-06-27 09:36 C:\WINDOWS\CNYHKey.exe]
    "Dit"="Dit.exe" [2002-08-28 13:43 C:\WINDOWS\Dit.exe]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 21:56]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispAppearancePage"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"=0
    "ClearRecentDocsOnExit"=1
    "MaxRecentDocs"=11
    "NoChangeStartMenu"=0 (0x0)
    "NoStartMenuMFUprogramsList"=0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Speed-O-Meter.lnk]
    backup=C:\WINDOWS\pss\Speed-O-Meter.lnkCommon Startup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BHO]
    C:\WINDOWS\BHO.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTManager]
    "C:\Program Files\BTManager\BTManagerServer.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJPWDJQ]
    C:\WINDOWS\CJPWDJQ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    RunDll32 cmicnfg.cpl,CMICtrlWnd

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    "C:\Program Files\D-Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
    Dit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FMSZCJ]
    C:\WINDOWS\FMSZCJ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
    CNYHKey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2]
    "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
    C:\Program Files\Canon\MultiPASS4\MPTBox.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
    C:\Program Files\LiveUpdate\LiveUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    C:\WINDOWS\System32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    "C:\vincent\tv\Veoh\VeohClient.exe" /VeohHide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
    C:\Program Files\WildTangent\Apps\GameChannel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "aawservice"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "svcWRSSSDK"=2 (0x2)
    "SQLWriter"=3 (0x3)
    "SDhelper"=3 (0x3)
    "MSSQL$SQLEXPRESS"=2 (0x2)
    "MDM"=2 (0x2)
    "IDriverT"=3 (0x3)
    "LogWatch"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "Adobe LM Service"=3 (0x3)


    Contents of the 'Scheduled Tasks' folder
    2006-12-30 20:43:55 C:\WINDOWS\tasks\MP Scheduled Scan.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-27 18:18:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    **************************************************************************

    Completion time: 2007-06-27 18:20:19
    C:\ComboFix-quarantined-files.txt … 2007-06-27 18:19

    — E O F —
    [/quote:4fe0f294d8]

    En HJT log:
    [quote:4fe0f294d8]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 7:53:38 PM, on 6/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\mHotkey.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\DitExp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32
    otepad.exe
    E:\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\vincent\tv\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0A3A9-5C7F-46F8-A255-DF935C7A8328}: NameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C3EF4-99B5-4DE4-A371-A2FEBF116450}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS3\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS4\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)


    End of file - 5095 bytes
    [/quote:4fe0f294d8]
  • Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:da35bff4d6]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    [/b:da35bff4d6]
    Klik op 'Fix checked' om de items te verwijderen.

    Gebruik je Hitmanpro?
    C:\[b:da35bff4d6]RVAXO[/b:da35bff4d6] mag verwijderd.

    Al eerder geholpen ? Vincent of ben je eigenhandig bezig geweest.
    RemoveVideoActiveXObject word alleen door helpers aangeboden.
  • Ik heb inderdaad Hitman Pro geprobeerd, maar deze blijft steken aan het einde van de progressbar bij het downloaden van de gegevens voor eventuele updates. Ook ben ik even eigenhandig bezig geweest, zodat ik niemand anders lastig zou hoeven vallen. Ik had echter geen oplossing gevonden.
  • Je kan Hitmanprul beter weer uninstallen want die vertraagd de boel alleen maar.

    plaats daarna een nieuw HJT logje aub.
  • Hitman is weg :wink:

    Nieuw logje:
    [quote:70036e6852]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 5:51:38 PM, on 6/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32
    tvdm.exe
    C:\WINDOWS\mHotkey.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\WINDOWS\system32\PRISMSTA.EXE
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    E:\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    F3 - REG:win.ini: run=RmFile.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\vincent\tv\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0A3A9-5C7F-46F8-A255-DF935C7A8328}: NameServer = 10.0.0.138
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C3EF4-99B5-4DE4-A371-A2FEBF116450}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS3\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O17 - HKLM\System\CS4\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)


    End of file - 4744 bytes
    [/quote:70036e6852]
  • ziet er goed uit zo.
  • Oke. Is er iets te vinden in de Combofix log of moet ik het probleem toch bij de hardware zoeken?
  • nog steeds problemen dus, kan je aangeven wat er precies mis is verder.
  • Het opstarten gaat zeer langzaam (na circa 7 minuten krijg ik pas het gebruikersmenu). Bij dit menu duurt het nog enkele tientallen seconden voordat ik een gebruiker aan kan klikken, hiervóór lichten de gebruikers ook niet op als ik er met de muis over ga. Ik herinner me niet of dit normaal is.

    Als ik eenmaal aangemeld ben, crasht de computer vaak (ongeacht welk programma ik draai). Dit gebeurt op verschillende manieren, namelijk:
    - Blauw scherm, met uiteenlopende 'schuldige' .dll's.
    - Reboot. MS crash analysis verwijt onder andere mijn video- en geluidskaartdrivers en het geheugen.
    - Freeze. De enige optie is de computer resetten, want CTRL-ALT-DEL werkt niet.
    Ook het opstarten van programma's kost veel tijd, wat vooral goed te merken is bij Windows Media Player 11. Dit gaat zelfs beduidend sneller op een 1Ghz met Win2K, terwijl deze computer 3Ghz heeft.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.