Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Computer crasht

pimvandenderen
5 antwoorden
  • Hallo,
    Het probleem is dat de computer op regelmatige, maar onvoorspelbaar tijden vastloopt. Hoewel ik het geheugen verdenk zou ik het op prijs stellen of iemand even naar dit log wil kijken.
    Dank,
    Maarten

    [code:1:738df35897]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:56:22, on 23-8-2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\SCardSvr.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\wltrysvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\bcmwltry.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\carpserv.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINNT\system32\WLTRAY.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINNT\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Logitech\Video\AlbumDB2.exe
    C:\Dell\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com
    esources/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156778677805
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe


    End of file - 5470 bytes
    [/code:1:738df35897]
    Anoniem
  • Ik kan zosnel niks vinden in je log, om spyware uit te sluiten, zou je onderstaande tool even willen laten draaien.

    Download Combofix naar je [b:4762ac4bb6]bureaublad[/b:4762ac4bb6]

    Dubbelklik op [u:4762ac4bb6]combofix.exe[/u:4762ac4bb6]
    Volg de instructies, aanvaard de disclaimer door y of Y te typen.
    Tijdens het runnen van de fix, [b:4762ac4bb6]NIET[/b:4762ac4bb6] in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log [b:4762ac4bb6]combofix.txt[/b:4762ac4bb6] openen. Bewaar dit logje.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Plaats in je volgende antwoord het logje van combofix ([i:4762ac4bb6]combofix.txt[/i:4762ac4bb6])
    Anoniem
  • Hierbij het gevraagde log.
    [list:54d6783b7b]
    ComboFix 07-08-17.2 - "Administrator" 2007-08-24 10:45:04.1 - NTFSx86
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.72 [GMT 2:00]


    ((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))


    2007-08-24 10:45 16,384 –a—-t- C:\WINNT\system32\Perflib_Perfdata_340.dat
    2007-08-24 10:33 51,200 –a—— C:\WINNT
    ircmd.exe
    2007-08-23 20:52 <DIR> d——– C:\Program Files\Veoh Networks
    2007-08-23 20:50 <DIR> d——– C:\Program Files\Veoh
    2007-07-29 13:35 <DIR> d——– C:\WINNT\system32\ActiveScan
    2007-07-29 13:13 158,208 –a—— C:\WINNT\system32\msconfig.exe
    2007-07-29 13:13 <DIR> d——– C:\WINNT\pss


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    98-12-09 11:53 99840 –a—— C:\Program Files\Common Files\IRAABOUT.DLL
    98-12-09 11:53 70144 –a—— C:\Program Files\Common Files\IRAMDMTR.DLL
    98-12-09 11:53 48640 –a—— C:\Program Files\Common Files\IRALPTTR.DLL
    98-12-09 11:53 31744 –a—— C:\Program Files\Common Files\IRAWEBTR.DLL
    98-12-09 11:53 186368 –a—— C:\Program Files\Common Files\IRAREG.DLL
    98-12-09 11:53 17920 –a—— C:\Program Files\Common Files\IRASRIAL.DLL
    07-08-23 20:53 ——— d–h—– C:\Program Files\InstallShield Installation Information
    07-07-30 19:19 92504 –a—— C:\WINNT\system32\cdm.dll
    07-07-30 19:19 549720 –a—— C:\WINNT\system32\wuapi.dll
    07-07-30 19:19 53080 –a—— C:\WINNT\system32\wuauclt.exe
    07-07-30 19:19 325976 –a—— C:\WINNT\system32\wucltui.dll
    07-07-30 19:19 203096 –a—— C:\WINNT\system32\wuweb.dll
    07-07-30 19:19 1712984 –a—— C:\WINNT\system32\wuaueng.dll
    07-07-29 14:06 ——— d——– C:\Program Files\QuickTime
    07-07-29 14:04 ——— d——– C:\Program Files\MSN Messenger
    07-07-29 14:02 ——— d——– C:\Program Files\LimeWire
    07-07-29 14:01 ——— d——– C:\Program Files\iTunes
    07-07-29 14:00 ——— d——– C:\Program Files\CCleaner
    07-07-29 13:59 ——— d——– C:\Program Files\Apoint
    07-07-16 22:49 ——— d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    07-07-16 22:46 ——— d——– C:\Program Files\iPod
    07-06-30 23:18 ——— d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
    07-06-26 11:57 235280 –a—— C:\WINNT\system32\GDI32.DLL
    07-06-07 08:50 1119232 –a—— C:\WINNT\system32\msxml3.dll
    06-08-28 16:33 271 —h—– C:\Program Files\desktop.ini
    06-08-28 16:33 21952 —h—– C:\Program Files\folder.htt
    00-07-26 14:00 32528 –a—— C:\WINNT\inf\wbfirdma.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [03-06-19 21:05 C:\WINNT\system32\mobsync.exe]
    "CARPService"="carpserv.exe" [02-10-17 11:54 C:\WINNT\system32\carpserv.exe]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [02-08-22 19:28 ]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-01-03 17:00 ]
    "ATIModeChange"="Ati2mdxx.exe" [01-09-04 16:24 C:\WINNT\system32\Ati2mdxx.exe]
    "Broadcom Wireless Manager UI"="C:\WINNT\system32\WLTRAY.exe" [05-12-19 09:08 ]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-08-17 10:57 ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 04:00 ]
    "LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [05-07-19 17:32 ]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [05-06-08 15:24 ]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [05-06-08 15:14 ]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 16:24 ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-07-16 22:48 ]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe" [00-07-26 14:00 C:\WINNT\system32\internat.exe]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05-03-30 02:28 ]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [05-06-08 14:44 ]
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [07-07-31 17:12 ]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=C:\WINNT\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

    R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
    R2 StreamDispatcher;StreamDispatcher;C:\WINNT\system32\DRIVERS\strmdisp.sys
    R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINNT\system32\DRIVERS\ozscr.sys
    R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys


    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-24 10:48:02
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    **************************************************************************

    Completion time: 2007-08-24 10:49:21

    — E O F —
    [/list:u:54d6783b7b]
    Anoniem
  • Logje ziet er schoon uit, ik zou toch eens memtest laten draaien voor het geheugen.
    Anoniem
  • Ok, bedankt voor het controleren. Mooi dat er hier niets aan de hand is.
    Heb inmiddels wat nieuw geheugen geplaatst.
    Probleem lijkt weg.
    Nogmaals dank voor de hulp. :P
    Groet,
    Maarten
    Anoniem

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.

Gerelateerde vragen

We hebben je een e-mail gestuurd!

Oops… er ging wat mis.

Hoera, je account is nu geactiveerd!

Dit token is niet meer valide.

Wachtwoord vergeten?

Je aanvraag is verstuurd

Wachtwoord herstellen

Wachtwoord herstellen

Dit token is niet meer valide.