Vraag & Antwoord

Beveiliging & privacy

trage pc, HJT log

14 antwoorden
  • Mijn pc is de laatste tijd zeer traag, en crasht op willekeurige momenten. De ene keer reboot de computer vanzelf, de andere keer krijg ik een blauw scherm voorgeschoteld. Ik heb ad-aware en spybot er al op losgelaten. (Ook heb ik uit wanhoop de harddisk gedefragmenteerd, maar de snelheid blijft laag. De vrije schijfruimte bedraagt overigens 40%.) Mocht het helpen, de computer is een Medion Titanium 8080. Dit zei HJT ervan: [quote:6d62f1be34]Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:09:06 AM, on 6/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\mHotkey.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\WINDOWS\CNYHKey.exe C:\WINDOWS\Dit.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\system32\ctfmon.exe E:\HiJackThis_v2.exe C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\vincent\tv\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?') O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0A3A9-5C7F-46F8-A255-DF935C7A8328}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C3EF4-99B5-4DE4-A371-A2FEBF116450}: NameServer = 10.0.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O17 - HKLM\System\CS3\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O17 - HKLM\System\CS4\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing) -- End of file - 4866 bytes [/quote:6d62f1be34] Ik hoop dat U mij kunt helpen!
  • Op het eerste zicht lijkt er in dit log niets abnormaal te zitten. Enkel het lijntje [b:d4200ea6f9]O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k[/b:d4200ea6f9] mag je fixen met HJT. Misschien ontdekken de "echte" specialisten nog wel iets, maar ik vrees dat de oorzaak ergens anders zal moeten gezocht worden.
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:88bbc03e4f] O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [/b:88bbc03e4f] Klik op 'Fix checked' om de items te verwijderen. die crash moet wel ergens vandaan komen. hopelijk lost dit het op. Ga naar Start > Uitvoeren en typ of kopieer de vetgedrukte tekst [b:88bbc03e4f]sfc /scannow[/b:88bbc03e4f] in het opdrachtschermpje (Let op de spatie) Je computer wordt nu gescant op fouten. Als hij vraagt naar de CD van XP Professional en je hebt XP Home; gewoon de CD erin stoppen.
  • Bedankt voor de reacties. Die foutencontrole werd voltooid maar ik kreeg geen rapport noch een vraag naar een CD. Betekent dit dat alle Windows bestanden officiëel zijn? De PC blijft traag (vooral met opstarten overigens), enig idee hoe ik dit op kan lossen? P.S.: CWShredder heeft een tijd geleden CWS.Msconfig opgeruimd, en de symptomen komen overeen met mijn klachten. CWShredder vindt deze variant nu echter niet meer, hoewel de klachten dus blijven.
  • Die tool is al in geen tijden geupdate. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:aab071d1f8]Combofix[/b:aab071d1f8][/url] naar je Bureaublad.[list:aab071d1f8] Dubbelklik op [b:aab071d1f8]Combofix.exe[/b:aab071d1f8] Volg de instructies, aanvaard de disclaimer door [b:aab071d1f8]1[/b:aab071d1f8] (continue) te typen. Tijdens het runnen van de fix, [b:aab071d1f8]NIET[/b:aab071d1f8] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:aab071d1f8] Wanneer de fix voltooid is en na herstart, zal de log [b:aab071d1f8]combofix.txt[/b:aab071d1f8] openen. [i:aab071d1f8]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:aab071d1f8] Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
  • Bedankt voor de snelle reactie. Hier de log van Combofix: [quote:4fe0f294d8]"Vincent" - 2007-06-27 18:10:05 - ComboFix 07-06-27.7 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 ))))))))))))))))))))))))))))))) 2007-06-27 17:44 <DIR> d-------- C:\WINDOWS\LastGood 2007-06-27 17:36 <DIR> dr-h----- C:\DOCUME~1\Vincent\Onlangs geopend 2007-06-27 15:28 <DIR> d-------- C:\DOCUME~1\Dick\APPLIC~1\Talkback 2007-06-27 00:47 <DIR> d-------- C:\DOCUME~1\Vincent\DoctorWeb 2007-06-25 03:55 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std 2007-06-21 14:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-06-18 04:06 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-18 04:06 33,207 --a------ C:\WINDOWS\system32\RemoveVideoActiveXObject.reg 2007-06-18 04:06 <DIR> d-------- C:\WINDOWS\system32\RVAXO 2007-06-17 22:37 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2007-06-17 22:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-17 22:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-17 19:51 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Bureaublad 2007-06-17 19:09 <DIR> d-------- C:\Program Files\STOPzilla! 2007-06-17 19:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla! 2007-06-15 00:03 <DIR> d-------- C:\DOCUME~1\Vincent\APPLIC~1\Talkback 2007-06-14 03:14 <DIR> d-------- C:\DOCUME~1\Vincent\APPLIC~1\DivX 2007-06-12 03:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-06-11 19:33 <DIR> d-------- C:\DOCUME~1\Dick\APPLIC~1\Gearbox Software 2007-06-07 14:48 4,292,608 -ra------ C:\WINDOWS\unasetup.exe 2007-06-07 13:51 53,248 --a------ C:\WINDOWS\system32\unrar.dll 2007-06-07 13:51 4,284,416 -ra------ C:\WINDOWS\uncsetup.exe 2007-06-05 18:03 204,800 --a------ C:\WINDOWS\system32\lsvxdec.dll 2007-06-04 21:59 <DIR> d-------- C:\Program Files\DOSBox-0.70 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-31 17:14 <DIR> d-------- C:\WINDOWS\.jagex_cache_32 2007-05-31 08:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2007-05-31 08:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2007-05-31 08:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2007-05-31 08:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll 2007-05-28 14:04 <DIR> d-------- C:\DOCUME~1\Vincent\oefenexamens 2007-05-27 17:57 99,840 --a------ C:\WINDOWS\system\WINSYS.DLL 2007-05-27 17:57 90,112 --a------ C:\WINDOWS\system\DEWTC.DLL 2007-05-27 17:57 46,080 --a------ C:\WINDOWS\system\DEWSC.DLL 2007-05-27 17:57 164,928 --a------ C:\WINDOWS\system\BWCC.DLL 2007-05-27 17:57 151,040 --a------ C:\WINDOWS\system\DEWCC.DLL 2007-05-27 17:57 <DIR> d-------- C:\Program Files\Meer2 2007-05-27 15:52 <DIR> d-------- C:\CIBIHVB (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-27 16:09:18 -------- d-----w C:\Program Files\SwiftSwitch 2007-06-27 13:40:21 -------- d-----w C:\Program Files\StormII 2007-06-25 12:16:20 -------- d-----w C:\Program Files\SpybotSearch & Destroy 2007-06-25 01:55:47 -------- d-----w C:\Program Files\Hitman Pro 2007-06-24 23:15:17 -------- d-----w C:\Program Files\Windows Defender 2007-06-24 23:03:08 -------- d-----w C:\Program Files\MSN Messenger 2007-06-22 20:43:07 36,884 ----a-w C:\DOCUME~1\Vincent\APPLIC~1\wklnhst.dat 2007-06-21 12:03:53 -------- d-----w C:\Program Files\Lavasoft 2007-06-21 12:02:44 -------- d-----w C:\DOCUME~1\Vincent\APPLIC~1\Lavasoft 2007-06-21 12:01:34 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-19 19:19:50 -------- d-----w C:\Program Files\Coolstreaming_Tool-Bar_v1.0 2007-06-18 14:05:14 -------- d-----w C:\DOCUME~1\Vincent\APPLIC~1\LimeWire 2007-06-18 10:05:26 -------- d-----w C:\Program Files\PestPatrol 2007-06-17 20:42:08 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-17 20:40:14 -------- d-----w C:\Program Files\TI Education 2007-06-17 20:40:13 -------- d-----w C:\Program Files\Common Files\TI Shared 2007-06-17 20:38:56 -------- d-----w C:\Program Files\Winamp5 2007-06-17 20:38:38 -------- d-----w C:\Program Files\WinRescueXP 2007-06-12 01:15:19 -------- d-----w C:\Program Files\DivX 2007-06-11 17:32:10 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-06-04 14:01:57 -------- d-----w C:\Program Files\DOSBox-0.63 2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-05-27 16:04:36 -------- d-----w C:\Program Files\Pslite 2007-05-20 19:24:34 -------- d-----w C:\DOCUME~1\Vincent\APPLIC~1\ppstream 2007-05-16 15:19:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-11 13:24:02 -------- d-----w C:\DOCUME~1\Vincent\APPLIC~1\Real 2007-05-05 11:43:13 -------- d-----w C:\DOCUME~1\Vincent\APPLIC~1\SopCast 2007-05-03 22:50:38 -------- d-----w C:\DOCUME~1\Vincent\APPLIC~1\uTorrent 2007-05-03 22:43:01 -------- d-----w C:\Program Files\RegHealer 2007-04-25 14:22:52 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 00:15:24 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-04-23 00:15:24 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-04-08 18:45:11 737,280 ----a-w C:\WINDOWS\iun6002.exe 2007-04-07 14:29:35 6,520 ----a-w C:\WINDOWS\mozver.dat 2007-03-09 07:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~2\SDHelper.dll [2005-05-31 02:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CHotkey"="mHotkey.exe" [2003-06-27 15:39 C:\WINDOWS\mHotkey.exe] "Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-02-13 10:25] "PRISMSTA.EXE"="PRISMSTA.exe" [2003-08-04 15:54 C:\WINDOWS\system32\PRISMSTA.exe] "Cmaudio"="cmicnfg.cpl" [2003-09-12 20:07 C:\WINDOWS\CMICNFG.CPL] "ledpointer"="CNYHKey.exe" [2003-06-27 09:36 C:\WINDOWS\CNYHKey.exe] "Dit"="Dit.exe" [2002-08-28 13:43 C:\WINDOWS\Dit.exe] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 21:56] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"=0 "ClearRecentDocsOnExit"=1 "MaxRecentDocs"=11 "NoChangeStartMenu"=0 (0x0) "NoStartMenuMFUprogramsList"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Speed-O-Meter.lnk] backup=C:\WINDOWS\pss\Speed-O-Meter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BHO] C:\WINDOWS\BHO.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTManager] "C:\Program Files\BTManager\BTManagerServer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJPWDJQ] C:\WINDOWS\CJPWDJQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit] Dit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FMSZCJ] C:\WINDOWS\FMSZCJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] CNYHKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] "C:\vincent\tv\Veoh\VeohClient.exe" /VeohHide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "aawservice"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "usnjsvc"=3 (0x3) "svcWRSSSDK"=2 (0x2) "SQLWriter"=3 (0x3) "SDhelper"=3 (0x3) "MSSQL$SQLEXPRESS"=2 (0x2) "MDM"=2 (0x2) "IDriverT"=3 (0x3) "LogWatch"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "Adobe LM Service"=3 (0x3) Contents of the 'Scheduled Tasks' folder 2006-12-30 20:43:55 C:\WINDOWS\tasks\MP Scheduled Scan.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-27 18:18:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-06-27 18:20:19 C:\ComboFix-quarantined-files.txt ... 2007-06-27 18:19 --- E O F --- [/quote:4fe0f294d8] En HJT log: [quote:4fe0f294d8]Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 7:53:38 PM, on 6/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\mHotkey.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\WINDOWS\CNYHKey.exe C:\WINDOWS\Dit.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\notepad.exe E:\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\vincent\tv\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?') O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0A3A9-5C7F-46F8-A255-DF935C7A8328}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C3EF4-99B5-4DE4-A371-A2FEBF116450}: NameServer = 10.0.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O17 - HKLM\System\CS3\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O17 - HKLM\System\CS4\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing) -- End of file - 5095 bytes [/quote:4fe0f294d8]
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:da35bff4d6] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [/b:da35bff4d6] Klik op 'Fix checked' om de items te verwijderen. Gebruik je Hitmanpro? C:\[b:da35bff4d6]RVAXO[/b:da35bff4d6] mag verwijderd. Al eerder geholpen ? Vincent of ben je eigenhandig bezig geweest. RemoveVideoActiveXObject word alleen door helpers aangeboden.
  • Ik heb inderdaad Hitman Pro geprobeerd, maar deze blijft steken aan het einde van de progressbar bij het downloaden van de gegevens voor eventuele updates. Ook ben ik even eigenhandig bezig geweest, zodat ik niemand anders lastig zou hoeven vallen. Ik had echter geen oplossing gevonden.
  • Je kan Hitmanprul beter weer uninstallen want die vertraagd de boel alleen maar. plaats daarna een nieuw HJT logje aub.
  • Hitman is weg :wink: Nieuw logje: [quote:70036e6852]Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 5:51:38 PM, on 6/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\mHotkey.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\WINDOWS\CNYHKey.exe C:\WINDOWS\Dit.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\DitExp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe E:\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com F3 - REG:win.ini: run=RmFile.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\vincent\tv\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?') O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0A3A9-5C7F-46F8-A255-DF935C7A8328}: NameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C3EF4-99B5-4DE4-A371-A2FEBF116450}: NameServer = 10.0.0.138 O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O17 - HKLM\System\CS3\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O17 - HKLM\System\CS4\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing) -- End of file - 4744 bytes [/quote:70036e6852]
  • ziet er goed uit zo.
  • Oke. Is er iets te vinden in de Combofix log of moet ik het probleem toch bij de hardware zoeken?
  • nog steeds problemen dus, kan je aangeven wat er precies mis is verder.
  • Het opstarten gaat zeer langzaam (na circa 7 minuten krijg ik pas het gebruikersmenu). Bij dit menu duurt het nog enkele tientallen seconden voordat ik een gebruiker aan kan klikken, hiervóór lichten de gebruikers ook niet op als ik er met de muis over ga. Ik herinner me niet of dit normaal is. Als ik eenmaal aangemeld ben, crasht de computer vaak (ongeacht welk programma ik draai). Dit gebeurt op verschillende manieren, namelijk: - Blauw scherm, met uiteenlopende 'schuldige' .dll's. - Reboot. MS crash analysis verwijt onder andere mijn video- en geluidskaartdrivers en het geheugen. - Freeze. De enige optie is de computer resetten, want CTRL-ALT-DEL werkt niet. Ook het opstarten van programma's kost veel tijd, wat vooral goed te merken is bij Windows Media Player 11. Dit gaat zelfs beduidend sneller op een 1Ghz met Win2K, terwijl deze computer 3Ghz heeft.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.