computer veel te traag

Status
Niet open voor verdere reacties.
jippiejajee

jippiejajee

Terugkerende gebruiker
Lid geworden
1 okt 2003
Berichten
1.136
Ik ben aan een PC bezig geweest met Adaware SE, maar kom er niet meer uit, wat ik aan moet vinken bij HijackThis.

Zou iemand hier even naar willen kijken.

Logfile of HijackThis v1.98.2
Scan saved at 0:41:44, on 18-11-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\system32\spoolsv.exe
D:\WINXP\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Winamp\Winampa.exe
D:\WINXP\SOUNDMAN.EXE
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\Program Files\Windows AdControl\WinAdCtl.exe
D:\WINXP\System32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Nikon\NkView6\NkvMon.exe
D:\Program Files\Outlook Express\msimn.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINXP\System32\nvsvc32.exe
D:\WINXP\system32\slserv.exe
D:\WINXP\System32\svchost.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Windows AdControl\WinAdAlt.exe
D:\WINXP\System32\wuauclt.exe
D:\WINXP\System32\wuauclt.exe
D:\Documents and Settings\franca\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Aventis Pharma
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://phproxy.fra.hmrag.com;ftp=ftp://phproxy.fra.hmrag.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.hiserv.com;149.250.*;*.aventis.com;10.*;212.121.144.*;172.24.*;134.81.*;168.124.*;*.provadis.de;*.rpr.rp;*.hoechst.com;*.hmrag.com;iph-portal.com;*.hmr.de;*.igrtechnik.com;*.reststoffwirtschaft.de;207.45.51.*;207.45.52.*;*.hcc.com;www.macromedia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - D:\WINXP\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - D:\WINXP\2_0_1browserhelper2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E9827186-3BCD-6F99-D662-2AB4450D9F7C} - D:\DOCUME~1\franca\APPLIC~1\Isohole\Browse real.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Windows AdControl] D:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [nemylyspb] D:\WINXP\System32\pfhnrmxb.exe
O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINXP\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [CDFoon System-Tray] D:\cdfoon\trayapp.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Default Meet] D:\DOCUME~1\franca\APPLIC~1\STARTE~1\Online wait.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .au: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...808fb56338f2:6a596747d24af1db5a395fd68365f220
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab

bij voorbaat dank.
 
1. Scan met HijackThis en vink de volgende items aan:
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - D:\WINXP\localNRD.dll
O2 - BHO: (no name) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - D:\WINXP\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {E9827186-3BCD-6F99-D662-2AB4450D9F7C} - D:\DOCUME~1\franca\APPLIC~1\Isohole\Browse real.exe

O4 - HKLM\..\Run: [Windows AdControl] D:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [nemylyspb] D:\WINXP\System32\pfhnrmxb.exe
O4 - HKLM\..\Run: [WebRebates0] "D:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\Run: [Default Meet] D:\DOCUME~1\franca\APPLIC~1\STARTE~1\Online wait.exe

O8 - Extra context menu item: Web Rebates - file://D:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...808fb56338f2:6a596747d24af1db5a395fd68365f220
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
Klik om te vergroten...
Sluit alle vensters behalve HijackThis zelf en klik op "Fix checked".

2. Herstart de pc in veilige modus.
Mocht je niet weten hoe dat moet, kijk dan hier even: http://www.virushelp.nl/veilige_modus.htm

Zorg ervoor dat verborgen bestanden en mappen worden weergegeven.
Hier kun je lezen hoe dat moet: http://users.telenet.be/marcvn/spyware/1117602.htm

Verwijder nu, in veilige modus dus, de volgende bestanden en mappen:

D:\WINXP\System32\pfhnrmxb.exe <- dat bestand (indien nog aanwezig)
D:\Program Files\Windows AdControl <- die map
D:\Program Files\Web_Rebates <- die map (indien nog aanwezig)
D:\Documents and Settings\franca\Application Data\Isohole <- die map
D:\Documents and Settings\franca\Application Data <- STARTE~1 <- die map waar "Online wait.exe" in zit

3. Herstart de pc in 'normale modus'.

4. Maak een nieuw log en plaats dat hier.
 
Zo de zaakjes zijn weggehaald, hier is de nieuwe log.

Logfile of HijackThis v1.98.2
Scan saved at 19:26:11, on 18-11-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\system32\spoolsv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINXP\System32\nvsvc32.exe
D:\WINXP\system32\slserv.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\Explorer.EXE
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Winamp\Winampa.exe
D:\WINXP\SOUNDMAN.EXE
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\WINXP\System32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Nikon\NkView6\NkvMon.exe
D:\Documents and Settings\franca\Mijn documenten\Mijn ontvangen bestanden\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Aventis Pharma
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://phproxy.fra.hmrag.com;ftp=ftp://phproxy.fra.hmrag.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.hiserv.com;149.250.*;*.aventis.com;10.*;212.121.144.*;172.24.*;134.81.*;168.124.*;*.provadis.de;*.rpr.rp;*.hoechst.com;*.hmrag.com;iph-portal.com;*.hmr.de;*.igrtechnik.com;*.reststoffwirtschaft.de;207.45.51.*;207.45.52.*;*.hcc.com;www.macromedia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINXP\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINXP\System32\ctfmon.exe
O4 - HKCU\..\Run: [CDFoon System-Tray] D:\cdfoon\trayapp.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .au: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) - https://www.p3.postbank.nl/GTO/PBGNX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
 
Ziet er goed uit. Draait de pc alweer wat vlotter?
 
De PC draait weer een stuk beter, maar blijft hangen bij het afsluiten.

We zijn er nog niet achter waarom, maar het is ontstaan na de laatste aanpassingen.
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan