trage opstart

Status
Niet open voor verdere reacties.
C

c3826926

Gebruiker
Lid geworden
20 okt 2000
Berichten
646
Hallo

Ik gebruik Wind XP-home en het duurt ongeveer 2 minuten voordat de pc opgestart is.

Hierbij een overzicht wat Hijjack gevonden heeft en wie weet wat er hiervan weg kan.

Alvast mijn dank...........Paul.
Logfile of HijackThis v1.96.0
Scan saved at 19:16:49, on 12-9-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\winmgts\winmgts.exe
C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\wim\Local Settings\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = +s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = +s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = +s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = +s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = +s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Wanadoo Cable v2.0c NL
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = http://www.wanadoo.nl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {c0c46c88-670a-43e1-8f67-0c2613fbb060} - (no file)
O2 - BHO: (no name) - {c43313d3-5917-4599-a8b7-abf624634867} - (no file)
O2 - BHO: (no name) - {fcf38d5b-f334-4a67-800f-40aa5c40c958} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {f16db631-75a8-4fc5-befb-2b2d0d6d7924} - (no file)
O3 - Toolbar: (no name) - {db52bb2f-2f17-4222-81e7-13a944144ee9} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [cpntmgc] C:\WINDOWS\winmgts\winmgts.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Navnt\Navapw32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Website (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.btinternetpayments.com/build/preload.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37673.3885069444
O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = +s
O17 - HKLM\Software\..\Telephony: DomainName = +s
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B0699B3-EFD5-4A41-9CD0-FE4499B1CACB}: NameServer = 195.96.96.97 195.96.96.33
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = +s
 
Plaats je Hijack log even hier: http://www.helpmij.nl/forum/showthread.php?s=&threadid=125554&perpage=20&pagenumber=1

Kijk voor het opstarten hier: http://www.helpmij.nl/forum/showthread.php?s=&threadid=76722

En voor wat meer snelheid in het algemeen: http://www.helpmij.nl/forum/showthread.php?s=&threadid=84207

Kan je hier: http://www.helpmij.nl/forum/showthread.php?s=&threadid=104823

en hier:

http://www.helpmij.nl/forum/showthread.php?s=&threadid=108343

Ook nog even kijken.
-----------------------

Hoe snel is je processor, hoeveel RAM heb je?
 
Hoi c3826926,

Vink de onderstaande zaken aan in HijackThis, sluit alle vensters behalve HijackThis en klik op Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = +s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = +s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = +s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = +s

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = +s

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {c0c46c88-670a-43e1-8f67-0c2613fbb060} - (no file)
O2 - BHO: (no name) - {c43313d3-5917-4599-a8b7-abf624634867} - (no file)
O2 - BHO: (no name) - {fcf38d5b-f334-4a67-800f-40aa5c40c958} - (no file)

O3 - Toolbar: (no name) - {f16db631-75a8-4fc5-befb-2b2d0d6d7924} - (no file)
O3 - Toolbar: (no name) - {db52bb2f-2f17-4222-81e7-13a944144ee9} - (no file)

O4 - HKCU\..\Run: [cpntmgc] C:\WINDOWS\winmgts\winmgts.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.btinternetpayments.com/build/preload.cab

O16 - DPF: {A51DEDCD-20F7-11D4-98A5-00C0CA130748} (Tintel Class) - http://exe.dialer.tintel.nl/tcw.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = +s
O17 - HKLM\Software\..\Telephony: DomainName = +s

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = +s

Start daarna opnieuw op en volg de aanwijzingen hier:
http://www.doxdesk.com/parasite/MagicControl.html
met de aantekening dat HijackThis dit al gedaan heeft:
Next, open the registry (click 'Start', choose 'Run' and enter 'regedit'), and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the 'cpntmgc' entry.

Groetjes,

Pieter
 
Hoi

Bedankt voor de tips en het gaat weer de goede kant op.

gr...paul
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan