Vraag & Antwoord
Computer crasht
5 antwoorden
- Hallo,
Het probleem is dat de computer op regelmatige, maar onvoorspelbaar tijden vastloopt. Hoewel ik het geheugen verdenk zou ik het op prijs stellen of iemand even naar dit log wil kijken.
Dank,
Maarten
[code:1:738df35897]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:22, on 23-8-2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINNT\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Dell\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINNT\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156778677805
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyvz.com/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe
–
End of file - 5470 bytes
[/code:1:738df35897] - Ik kan zosnel niks vinden in je log, om spyware uit te sluiten, zou je onderstaande tool even willen laten draaien.
Download Combofix naar je [b:4762ac4bb6]bureaublad[/b:4762ac4bb6]
Dubbelklik op [u:4762ac4bb6]combofix.exe[/u:4762ac4bb6]
Volg de instructies, aanvaard de disclaimer door y of Y te typen.
Tijdens het runnen van de fix, [b:4762ac4bb6]NIET[/b:4762ac4bb6] in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log [b:4762ac4bb6]combofix.txt[/b:4762ac4bb6] openen. Bewaar dit logje.
NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.
Plaats in je volgende antwoord het logje van combofix ([i:4762ac4bb6]combofix.txt[/i:4762ac4bb6]) - Hierbij het gevraagde log.
[list:54d6783b7b]
ComboFix 07-08-17.2 - "Administrator" 2007-08-24 10:45:04.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.72 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))
2007-08-24 10:45 16,384 –a—-t- C:\WINNT\system32\Perflib_Perfdata_340.dat
2007-08-24 10:33 51,200 –a—— C:\WINNT\nircmd.exe
2007-08-23 20:52 <DIR> d——– C:\Program Files\Veoh Networks
2007-08-23 20:50 <DIR> d——– C:\Program Files\Veoh
2007-07-29 13:35 <DIR> d——– C:\WINNT\system32\ActiveScan
2007-07-29 13:13 158,208 –a—— C:\WINNT\system32\msconfig.exe
2007-07-29 13:13 <DIR> d——– C:\WINNT\pss
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
98-12-09 11:53 99840 –a—— C:\Program Files\Common Files\IRAABOUT.DLL
98-12-09 11:53 70144 –a—— C:\Program Files\Common Files\IRAMDMTR.DLL
98-12-09 11:53 48640 –a—— C:\Program Files\Common Files\IRALPTTR.DLL
98-12-09 11:53 31744 –a—— C:\Program Files\Common Files\IRAWEBTR.DLL
98-12-09 11:53 186368 –a—— C:\Program Files\Common Files\IRAREG.DLL
98-12-09 11:53 17920 –a—— C:\Program Files\Common Files\IRASRIAL.DLL
07-08-23 20:53 ——— d–h—– C:\Program Files\InstallShield Installation Information
07-07-30 19:19 92504 –a—— C:\WINNT\system32\cdm.dll
07-07-30 19:19 549720 –a—— C:\WINNT\system32\wuapi.dll
07-07-30 19:19 53080 –a—— C:\WINNT\system32\wuauclt.exe
07-07-30 19:19 325976 –a—— C:\WINNT\system32\wucltui.dll
07-07-30 19:19 203096 –a—— C:\WINNT\system32\wuweb.dll
07-07-30 19:19 1712984 –a—— C:\WINNT\system32\wuaueng.dll
07-07-29 14:06 ——— d——– C:\Program Files\QuickTime
07-07-29 14:04 ——— d——– C:\Program Files\MSN Messenger
07-07-29 14:02 ——— d——– C:\Program Files\LimeWire
07-07-29 14:01 ——— d——– C:\Program Files\iTunes
07-07-29 14:00 ——— d——– C:\Program Files\CCleaner
07-07-29 13:59 ——— d——– C:\Program Files\Apoint
07-07-16 22:49 ——— d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
07-07-16 22:46 ——— d——– C:\Program Files\iPod
07-06-30 23:18 ——— d——– C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
07-06-26 11:57 235280 –a—— C:\WINNT\system32\GDI32.DLL
07-06-07 08:50 1119232 –a—— C:\WINNT\system32\msxml3.dll
06-08-28 16:33 271 —h—– C:\Program Files\desktop.ini
06-08-28 16:33 21952 —h—– C:\Program Files\folder.htt
00-07-26 14:00 32528 –a—— C:\WINNT\inf\wbfirdma.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 21:05 C:\WINNT\system32\mobsync.exe]
"CARPService"="carpserv.exe" [02-10-17 11:54 C:\WINNT\system32\carpserv.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [02-08-22 19:28 ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-01-03 17:00 ]
"ATIModeChange"="Ati2mdxx.exe" [01-09-04 16:24 C:\WINNT\system32\Ati2mdxx.exe]
"Broadcom Wireless Manager UI"="C:\WINNT\system32\WLTRAY.exe" [05-12-19 09:08 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-08-17 10:57 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 04:00 ]
"LVCOMSX"="C:\WINNT\system32\LVCOMSX.EXE" [05-07-19 17:32 ]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [05-06-08 15:24 ]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [05-06-08 15:14 ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06-06-14 16:24 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-07-16 22:48 ]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [00-07-26 14:00 C:\WINNT\system32\internat.exe]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [05-03-30 02:28 ]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [05-06-08 14:44 ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [07-07-31 17:12 ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINNT\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R2 StreamDispatcher;StreamDispatcher;C:\WINNT\system32\DRIVERS\strmdisp.sys
R3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINNT\system32\DRIVERS\ozscr.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-24 10:48:02
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
**************************************************************************
Completion time: 2007-08-24 10:49:21
— E O F —
[/list:u:54d6783b7b] - Logje ziet er schoon uit, ik zou toch eens memtest laten draaien voor het geheugen.
- Ok, bedankt voor het controleren. Mooi dat er hier niets aan de hand is.
Heb inmiddels wat nieuw geheugen geplaatst.
Probleem lijkt weg.
Nogmaals dank voor de hulp.
Groet,
Maarten
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
