Vraag & Antwoord

Beveiliging & privacy

Trage pc

4 antwoorden
  • Ik heb een klein probleempje met mijn systeem. Het is erg traag en het cpu gebruik blijft (nagenoeg constant) op 100% (De niet-active systeemprocessen) staan. Nu heb ik al gescand met het een en ander.. (Spybot/ Ad-aware). Maar ik kan er maar niet achter komen wat nu de oorzaak is van mijn trage pc. Het leek mij niet aan de spyware ed kant te zitten maar misschien is het toch wel zo. Misschien dat jullie me daarbij kunnen helpen dmv een HJT-logje (of meer). Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:25:47, on 10-9-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Revoltec\FightMouse\Panel.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 2 voor HiJackThis.zip\HijackThis.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [FightMouse Advanced] "C:\Program Files\Revoltec\FightMouse\Panel.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Belkin Wireless Utility.lnk = ? O4 - Global Startup: Systeemvak van ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4042 bytes
  • Heb je zelf al regels aangevinkt in Hijackthis? Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe]Combofix[/url] naar je [b:3e53ba68e1]bureaublad[/b:3e53ba68e1] Dubbelklik op [u:3e53ba68e1]combofix.exe[/u:3e53ba68e1] Volg de instructies, aanvaard de disclaimer door y of Y te typen. Tijdens het runnen van de fix, [b:3e53ba68e1]NIET[/b:3e53ba68e1] in het venster klikken, want dit zal je pc doen vasthangen. Wanneer de fix voltooid is en na herstart, zal de log [b:3e53ba68e1]combofix.txt[/b:3e53ba68e1] openen. Bewaar dit logje. NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. Plaats in je volgende antwoord het logje van combofix ([i:3e53ba68e1]combofix.txt[/i:3e53ba68e1])
  • ComboFix 07-09-10.6 - "Administrator" 2007-09-10 21:15:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1557 [GMT 2:00] . (((((((((((((((((((( Bestanden Gemaakt van 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))) . 2007-09-10 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-10 20:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-09-10 18:14 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MailFrontier 2007-09-10 18:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier 2007-09-07 00:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage 2007-09-07 00:43 <DIR> d-------- C:\WINDOWS\WGAfix 2007-09-07 00:34 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-09-07 00:34 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-09-07 00:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-09-07 00:24 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-09-07 00:23 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData 2007-09-06 23:07 <DIR> d-------- C:\Program Files\TuneUp Utilities 2006 2007-09-06 23:07 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TuneUp Software 2007-09-06 23:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software 2007-09-06 22:42 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-09-06 22:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\URSoft 2007-09-05 21:37 81,920 --a------ C:\WINDOWS\system32\brdcm2k.dll 2007-09-05 21:37 61,440 --a------ C:\WINDOWS\system32\BelkinHWStatus.dll 2007-09-05 21:37 53,248 --a------ C:\WINDOWS\system32\preflib.dll 2007-09-05 21:37 352,768 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2007-09-05 21:37 204,800 --a------ C:\WINDOWS\system32\UploadDLL.dll 2007-09-05 21:37 192,512 --a------ C:\WINDOWS\system32\blkwcd.dll 2007-09-05 21:37 167,936 --a------ C:\WINDOWS\system32\BelkinwcuiDLL.dll 2007-09-05 21:37 101,888 --a------ C:\WINDOWS\system32\CrashRpt.dll 2007-09-05 21:37 <DIR> d-------- C:\Program Files\Belkin 2007-09-05 21:22 <DIR> d-------- C:\Program Files\Blue Label Soft 2007-09-05 20:51 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-09-05 20:51 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-09-05 20:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-05 20:45 <DIR> d-------- C:\WINDOWS\vf_hip 2007-09-05 20:45 <DIR> d-------- C:\Program Files\My Drivers 2007-09-05 20:45 <DIR> d-------- C:\Program Files\Hide IP Platinum 2007-09-05 20:45 <DIR> d-------- C:\Program Files\FireTuneUp 2007-09-05 19:48 <DIR> d-------- C:\Program Files\Your Uninstaller 2006 2007-09-05 19:30 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-09-05 18:31 <DIR> d-------- C:\WINDOWS\system32\Lang 2007-09-05 18:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI 2007-09-05 18:26 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-09-05 18:25 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-09-05 18:18 880,640 --a------ C:\WINDOWS\system32\MousePage.dll 2007-09-05 18:18 593,920 --a------ C:\WINDOWS\system32\XIndicator.dll 2007-09-05 18:18 25,216 --a------ C:\WINDOWS\system32\drivers\GMFilter.sys 2007-09-05 18:18 221,184 --a------ C:\WINDOWS\system32\Hook.dll 2007-09-05 18:18 2,543,616 --a------ C:\WINDOWS\system32\XWheel.dll 2007-09-05 18:18 <DIR> d-------- C:\Program Files\Revoltec 2007-09-05 18:17 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-09-05 18:17 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.SYS . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-10 21:19 204832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-09-10 20:40 --------- d-------- C:\Program Files\Mozilla Thunderbird 2007-09-10 20:01 3512 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-09-10 18:07 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-09-10 18:07 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-09-10 17:37 --------- d-------- C:\Program Files\Winamp 2007-09-07 00:49 --------- d-------- C:\Program Files\Lavasoft 2007-09-07 00:45 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-05 22:43 --------- d-------- C:\Program Files\MSN Messenger 2007-09-05 18:27 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-09-05 18:27 --------- d-------- C:\Program Files\ATI Technologies 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-06-21 21:54 75248 --a------ C:\WINDOWS\zllsputility.exe 2007-06-21 21:54 1086952 --a------ C:\WINDOWS\system32\zpeng24.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05] "FightMouse Advanced"="C:\Program Files\Revoltec\FightMouse\Panel.exe" [2006-06-23 19:05] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07] "HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 21:00] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" [2005-12-28 19:12] C:\DOCUME~1\ALLUSE~1\MENUST~1\PROGRA~1\OPSTAR~1\ Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe [2007-09-05 21:37:35] Systeemvak van ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 01:07:30] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LockTaskbar"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "LockTaskbar"=0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033 "SoundMan"=SOUNDMAN.EXE R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS R3 GMFilter Filter;GMFilter Filter;C:\WINDOWS\system32\Drivers\GMFilter.sys *Newly Created Service* - CATCHME *Newly Created Service* - HTTPFILTER . Inhoud van de 'Gedeelde Taken' map "2007-09-07 19:24:07 C:\WINDOWS\Tasks\Easy Onderhoud.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-10 21:20:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-10 21:24:50 C:\ComboFix2.txt ... 2007-09-10 21:08 . --- E O F --- Ja, ik heb al een of twee dingen verwijderd.
  • // even mijn post gewijzigd, ik haalde perongelijk je problemen door elkaar met een ander logje. Vanavond zal ik even een nieuwe fix plaatsen! Pim :)

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.