Vraag & Antwoord
trage pc, HJT log
14 antwoorden
- Mijn pc is de laatste tijd zeer traag, en crasht op willekeurige momenten. De ene keer reboot de computer vanzelf, de andere keer krijg ik een blauw scherm voorgeschoteld. Ik heb ad-aware en spybot er al op losgelaten. (Ook heb ik uit wanhoop de harddisk gedefragmenteerd, maar de snelheid blijft laag. De vrije schijfruimte bedraagt overigens 40%.)
Mocht het helpen, de computer is een Medion Titanium 8080.
Dit zei HJT ervan:
[quote:6d62f1be34]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:09:06 AM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
E:\HiJackThis_v2.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\vincent\tv\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0A3A9-5C7F-46F8-A255-DF935C7A8328}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C3EF4-99B5-4DE4-A371-A2FEBF116450}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O17 - HKLM\System\CS4\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)
–
End of file - 4866 bytes
[/quote:6d62f1be34]
Ik hoop dat U mij kunt helpen! - Op het eerste zicht lijkt er in dit log niets abnormaal te zitten. Enkel het lijntje [b:d4200ea6f9]O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k[/b:d4200ea6f9] mag je fixen met HJT. Misschien ontdekken de "echte" specialisten nog wel iets, maar ik vrees dat de oorzaak ergens anders zal moeten gezocht worden.
- Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:88bbc03e4f]
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
[/b:88bbc03e4f]
Klik op 'Fix checked' om de items te verwijderen.
die crash moet wel ergens vandaan komen.
hopelijk lost dit het op.
Ga naar Start > Uitvoeren en typ of kopieer de vetgedrukte tekst [b:88bbc03e4f]sfc /scannow[/b:88bbc03e4f] in het opdrachtschermpje (Let op de spatie)
Je computer wordt nu gescant op fouten.
Als hij vraagt naar de CD van XP Professional en je hebt XP Home; gewoon de CD erin stoppen. - Bedankt voor de reacties.
Die foutencontrole werd voltooid maar ik kreeg geen rapport noch een vraag naar een CD. Betekent dit dat alle Windows bestanden officiëel zijn?
De PC blijft traag (vooral met opstarten overigens), enig idee hoe ik dit op kan lossen?
P.S.: CWShredder heeft een tijd geleden CWS.Msconfig opgeruimd, en de symptomen komen overeen met mijn klachten. CWShredder vindt deze variant nu echter niet meer, hoewel de klachten dus blijven. - Die tool is al in geen tijden geupdate.
Download [b:aab071d1f8]Combofix[/b:aab071d1f8] naar je Bureaublad.[list:aab071d1f8]
Dubbelklik op [b:aab071d1f8]Combofix.exe[/b:aab071d1f8]
Volg de instructies, aanvaard de disclaimer door [b:aab071d1f8]1[/b:aab071d1f8] (continue) te typen.
Tijdens het runnen van de fix, [b:aab071d1f8]NIET[/b:aab071d1f8] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:aab071d1f8]
Wanneer de fix voltooid is en na herstart, zal de log [b:aab071d1f8]combofix.txt[/b:aab071d1f8] openen.
[i:aab071d1f8]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:aab071d1f8]
Opmerking: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren. - Bedankt voor de snelle reactie.
Hier de log van Combofix:
[quote:4fe0f294d8]"Vincent" - 2007-06-27 18:10:05 - ComboFix 07-06-27.7 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
2007-06-27 17:44 <DIR> d——– C:\WINDOWS\LastGood
2007-06-27 17:36 <DIR> dr-h—– C:\DOCUME~1\Vincent\Onlangs geopend
2007-06-27 15:28 <DIR> d——– C:\DOCUME~1\Dick\APPLIC~1\Talkback
2007-06-27 00:47 <DIR> d——– C:\DOCUME~1\Vincent\DoctorWeb
2007-06-25 03:55 <DIR> d——– C:\Program Files\TweakNow RegCleaner Std
2007-06-21 14:03 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-18 04:06 49,152 –a—— C:\WINDOWS\nircmd.exe
2007-06-18 04:06 33,207 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
2007-06-18 04:06 <DIR> d——– C:\WINDOWS\system32\RVAXO
2007-06-17 22:37 <DIR> d——– C:\WINDOWS\SxsCaPendDel
2007-06-17 22:32 <DIR> d——– C:\WINDOWS\system32\ActiveScan
2007-06-17 22:30 10,872 –a—— C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-17 19:51 <DIR> d——– C:\DOCUME~1\NETWOR~1\Bureaublad
2007-06-17 19:09 <DIR> d——– C:\Program Files\STOPzilla!
2007-06-17 19:09 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-06-15 00:03 <DIR> d——– C:\DOCUME~1\Vincent\APPLIC~1\Talkback
2007-06-14 03:14 <DIR> d——– C:\DOCUME~1\Vincent\APPLIC~1\DivX
2007-06-12 03:14 129,784 ——— C:\WINDOWS\system32\pxafs.dll
2007-06-11 19:33 <DIR> d——– C:\DOCUME~1\Dick\APPLIC~1\Gearbox Software
2007-06-07 14:48 4,292,608 -ra—— C:\WINDOWS\unasetup.exe
2007-06-07 13:51 53,248 –a—— C:\WINDOWS\system32\unrar.dll
2007-06-07 13:51 4,284,416 -ra—— C:\WINDOWS\uncsetup.exe
2007-06-05 18:03 204,800 –a—— C:\WINDOWS\system32\lsvxdec.dll
2007-06-04 21:59 <DIR> d——– C:\Program Files\DOSBox-0.70
2007-06-04 15:18 9,344 –a—— C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 –a—— C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 –a—— C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 17:14 <DIR> d——– C:\WINDOWS\.jagex_cache_32
2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 08:44 823,296 –a—— C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 08:44 802,816 –a—— C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 08:44 740,442 –a—— C:\WINDOWS\system32\DivX.dll
2007-05-28 14:04 <DIR> d——– C:\DOCUME~1\Vincent\oefenexamens
2007-05-27 17:57 99,840 –a—— C:\WINDOWS\system\WINSYS.DLL
2007-05-27 17:57 90,112 –a—— C:\WINDOWS\system\DEWTC.DLL
2007-05-27 17:57 46,080 –a—— C:\WINDOWS\system\DEWSC.DLL
2007-05-27 17:57 164,928 –a—— C:\WINDOWS\system\BWCC.DLL
2007-05-27 17:57 151,040 –a—— C:\WINDOWS\system\DEWCC.DLL
2007-05-27 17:57 <DIR> d——– C:\Program Files\Meer2
2007-05-27 15:52 <DIR> d——– C:\CIBIHVB
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-27 16:09:18 ——– d—–w C:\Program Files\SwiftSwitch
2007-06-27 13:40:21 ——– d—–w C:\Program Files\StormII
2007-06-25 12:16:20 ——– d—–w C:\Program Files\SpybotSearch & Destroy
2007-06-25 01:55:47 ——– d—–w C:\Program Files\Hitman Pro
2007-06-24 23:15:17 ——– d—–w C:\Program Files\Windows Defender
2007-06-24 23:03:08 ——– d—–w C:\Program Files\MSN Messenger
2007-06-22 20:43:07 36,884 —-a-w C:\DOCUME~1\Vincent\APPLIC~1\wklnhst.dat
2007-06-21 12:03:53 ——– d—–w C:\Program Files\Lavasoft
2007-06-21 12:02:44 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\Lavasoft
2007-06-21 12:01:34 ——– d—–w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-19 19:19:50 ——– d—–w C:\Program Files\Coolstreaming_Tool-Bar_v1.0
2007-06-18 14:05:14 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\LimeWire
2007-06-18 10:05:26 ——– d—–w C:\Program Files\PestPatrol
2007-06-17 20:42:08 ——– d–h–w C:\Program Files\InstallShield Installation Information
2007-06-17 20:40:14 ——– d—–w C:\Program Files\TI Education
2007-06-17 20:40:13 ——– d—–w C:\Program Files\Common Files\TI Shared
2007-06-17 20:38:56 ——– d—–w C:\Program Files\Winamp5
2007-06-17 20:38:38 ——– d—–w C:\Program Files\WinRescueXP
2007-06-12 01:15:19 ——– d—–w C:\Program Files\DivX
2007-06-11 17:32:10 163,644 —-a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-06-04 14:01:57 ——– d—–w C:\Program Files\DOSBox-0.63
2007-05-31 06:45:07 524,288 —-a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-27 16:04:36 ——– d—–w C:\Program Files\Pslite
2007-05-20 19:24:34 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\ppstream
2007-05-16 15:19:43 683,520 —-a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-11 13:24:02 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\Real
2007-05-05 11:43:13 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\SopCast
2007-05-03 22:50:38 ——– d—–w C:\DOCUME~1\Vincent\APPLIC~1\uTorrent
2007-05-03 22:43:01 ——– d—–w C:\Program Files\RegHealer
2007-04-25 14:22:52 144,896 —-a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 —-a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:24 118,520 ——w C:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ——w C:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 —-a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 —-a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 —-a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 —-a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 —-a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 —-a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 —-a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 —-a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 —-a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 —-a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 —-a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 —-a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 —-a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 —-a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 —-a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 —-a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 —-a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 —-a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 —-a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:19:52 7,680 —-a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-08 18:45:11 737,280 —-a-w C:\WINDOWS\iun6002.exe
2007-04-07 14:29:35 6,520 —-a-w C:\WINDOWS\mozver.dat
2007-03-09 07:12:32 27,648 –sha-w C:\WINDOWS\system32\AVSredirect.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~2\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2003-06-27 15:39 C:\WINDOWS\mHotkey.exe]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-02-13 10:25]
"PRISMSTA.EXE"="PRISMSTA.exe" [2003-08-04 15:54 C:\WINDOWS\system32\PRISMSTA.exe]
"Cmaudio"="cmicnfg.cpl" [2003-09-12 20:07 C:\WINDOWS\CMICNFG.CPL]
"ledpointer"="CNYHKey.exe" [2003-06-27 09:36 C:\WINDOWS\CNYHKey.exe]
"Dit"="Dit.exe" [2002-08-28 13:43 C:\WINDOWS\Dit.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-09 21:56]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=0
"ClearRecentDocsOnExit"=1
"MaxRecentDocs"=11
"NoChangeStartMenu"=0 (0x0)
"NoStartMenuMFUprogramsList"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Speed-O-Meter.lnk]
backup=C:\WINDOWS\pss\Speed-O-Meter.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BHO]
C:\WINDOWS\BHO.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTManager]
"C:\Program Files\BTManager\BTManagerServer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CJPWDJQ]
C:\WINDOWS\CJPWDJQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FMSZCJ]
C:\WINDOWS\FMSZCJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
CNYHKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2]
"C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox]
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Openwares LiveUpdate]
C:\Program Files\LiveUpdate\LiveUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\vincent\tv\Veoh\VeohClient.exe" /VeohHide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"svcWRSSSDK"=2 (0x2)
"SQLWriter"=3 (0x3)
"SDhelper"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"LogWatch"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
Contents of the 'Scheduled Tasks' folder
2006-12-30 20:43:55 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 18:18:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
Completion time: 2007-06-27 18:20:19
C:\ComboFix-quarantined-files.txt … 2007-06-27 18:19
— E O F —
[/quote:4fe0f294d8]
En HJT log:
[quote:4fe0f294d8]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:53:38 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\notepad.exe
E:\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\vincent\tv\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0A3A9-5C7F-46F8-A255-DF935C7A8328}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C3EF4-99B5-4DE4-A371-A2FEBF116450}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O17 - HKLM\System\CS4\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)
–
End of file - 5095 bytes
[/quote:4fe0f294d8] - Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:
[b:da35bff4d6]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
[/b:da35bff4d6]
Klik op 'Fix checked' om de items te verwijderen.
Gebruik je Hitmanpro?
C:\[b:da35bff4d6]RVAXO[/b:da35bff4d6] mag verwijderd.
Al eerder geholpen ? Vincent of ben je eigenhandig bezig geweest.
RemoveVideoActiveXObject word alleen door helpers aangeboden. - Ik heb inderdaad Hitman Pro geprobeerd, maar deze blijft steken aan het einde van de progressbar bij het downloaden van de gegevens voor eventuele updates. Ook ben ik even eigenhandig bezig geweest, zodat ik niemand anders lastig zou hoeven vallen. Ik had echter geen oplossing gevonden.
- Je kan Hitmanprul beter weer uninstallen want die vertraagd de boel alleen maar.
plaats daarna een nieuw HJT logje aub. - Hitman is weg :wink:
Nieuw logje:
[quote:70036e6852]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:51:38 PM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\Dit.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
E:\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
F3 - REG:win.ini: run=RmFile.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\vincent\tv\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3119215596-2888611140-3756640696-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA0A3A9-5C7F-46F8-A255-DF935C7A8328}: NameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C3EF4-99B5-4DE4-A371-A2FEBF116450}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O17 - HKLM\System\CS3\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O17 - HKLM\System\CS4\Services\Tcpip\..\{19B8263F-A7C2-4380-9E87-2C2A0CEE5FC7}: NameServer = 10.0.0.138
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (file missing)
–
End of file - 4744 bytes
[/quote:70036e6852] - ziet er goed uit zo.
- Oke. Is er iets te vinden in de Combofix log of moet ik het probleem toch bij de hardware zoeken?
- nog steeds problemen dus, kan je aangeven wat er precies mis is verder.
- Het opstarten gaat zeer langzaam (na circa 7 minuten krijg ik pas het gebruikersmenu). Bij dit menu duurt het nog enkele tientallen seconden voordat ik een gebruiker aan kan klikken, hiervóór lichten de gebruikers ook niet op als ik er met de muis over ga. Ik herinner me niet of dit normaal is.
Als ik eenmaal aangemeld ben, crasht de computer vaak (ongeacht welk programma ik draai). Dit gebeurt op verschillende manieren, namelijk:
- Blauw scherm, met uiteenlopende 'schuldige' .dll's.
- Reboot. MS crash analysis verwijt onder andere mijn video- en geluidskaartdrivers en het geheugen.
- Freeze. De enige optie is de computer resetten, want CTRL-ALT-DEL werkt niet.
Ook het opstarten van programma's kost veel tijd, wat vooral goed te merken is bij Windows Media Player 11. Dit gaat zelfs beduidend sneller op een 1Ghz met Win2K, terwijl deze computer 3Ghz heeft.
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.