Ga naar inhoud

Aanbevolen berichten

Geplaatst:

Hallo,

Mijn laptop is reageert erg traag. Waarschijnlijk vanwege het hoge CPU gebruik.

Wat te doen? De laptop draait op windows XP.

Het hoge CPU gebruikt wordt met name veroorzaakt door "svchost.exe" en "niet-actieve systeemprocessen"

Geplaatst:

Mogelijk heeft het inderdaad met je hoge CPU te maken.

svchost is een systeembestand dat je dus nodig hebt (even uit de oude doos: tot enkele jaren geleden circuleerden er csvhost, .... (let op de schrijfwijze!) bestanden die eigenlijk malwarebestanden waren - kijk dus goed uit naar de schrijfwijze van je bestand. - maar vermits het van enkele jaren geleden is, vermoed ik dat dit hier niet van toepassing is)

Zelf heb ik ook nog een ouwe getrouwe XP en geregeld (om de zoveel weken) is er ook een hoge CPU, is hij een tijd niet vooruit te branden.(ik spreek van een half uur, een uur - dus zeker niet systematisch!)

Ik heb menen op te merken dat dit meestal rond de tijd van de windows-updates is (dus meestal rond elke patchdinsdag)

Probeer dit uit: als het zo is, laat hem even een hele tijd gewoon doen en geef hem de tijd, ga zelf dan niet teveel doen op je systeem (als je het nog kan) - en kijk eens uit of hij 'er door komt' ... ?

Bij mij hielp dit al de meeste malen.

Al moet ik erbij zeggen dat een trage laptop met veel CPU ook nog te wijten kan zijn aan andere dingen en dan denk ik op de eerste plaats aan malware en virussen.

Hoe is het op dat terrein met je gesteld: welke beveiliging heb je en vooral: wordt die geregeld (dagelijks?) geüpdate ?

Geplaatst:

Eens kijken of malware de oorzaak niet kan zijn ?

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  • Plaats de inhoud hiervan in het volgende bericht.

Bekijk ook de instructievideo.

Geplaatst:

RSIT logje

Logfile of random's system information tool 1.09 (written by random/random)

Run by Leo van Houwelingen at 2013-12-29 12:11:31

Microsoft Windows XP Professional Service Pack 3

System drive C: has 29 GB (26%) free of 114 GB

Total RAM: 2039 MB (61% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\avast! Emergency Update.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-19 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-19 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-03-13 141336]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-03-13 173592]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-03-13 142360]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"20131224"=C:\Program Files\AVAST Software\Avast\setup\emupdate\6795ac9a-4cac-4fdf-b891-38f1eb102fd1.exe [2013-12-29 181136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"=C:\Documents and Settings\Leo van Houwelingen\Application Data\Spotify\Data\SpotifyWebHelper.exe [2012-11-04 1199576]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]

C:\Program Files\Online Armor\OAui.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [2013-07-15 554384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPN Assistent]

C:\Program Files\KPN\KPN Assistent\KPN_Assistent.exe [2012-11-28 14160352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Wendy van Moergestel^Menu Start^Programma's^Opstarten^Dropbox.lnk]

C:\DOCUME~1\WENDYV~1\APPLIC~1\Dropbox\bin\Dropbox.exe [2013-05-25 27776968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2009-03-09 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Wizard Bestanden en instellingen overzetten"

"C:\Documents and Settings\Leo van Houwelingen\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\Leo van Houwelingen\Application Data\Spotify\spotify.exe:*:Enabled:Spotify"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Plex\Plex Media Center\Plex.exe"="C:\Program Files\Plex\Plex Media Center\Plex.exe:*:Disabled:Plex Media Center"

"C:\Documents and Settings\Wendy van Moergestel\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Wendy van Moergestel\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"

"C:\Program Files\KPN\KPN Assistent\KPN Installatie Assistent\KPN_IA.exe"="C:\Program Files\KPN\KPN Assistent\KPN Installatie Assistent\KPN_IA.exe:*:Enabled:KPN Assistent"

"C:\Program Files\KPN\KPN Assistent\KPN Draadloos Netwerk Assistent\KPN_WNA.exe"="C:\Program Files\KPN\KPN Assistent\KPN Draadloos Netwerk Assistent\KPN_WNA.exe:*:Enabled:KPN Assistent"

"C:\Program Files\KPN\KPN Installatie Assistent\KPN_IA.exe"="C:\Program Files\KPN\KPN Installatie Assistent\KPN_IA.exe:*:Enabled:KPN Installatie Assistent"

"C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe:*:Enabled:Ad-Aware Security Add-on DTX Broker"

"C:\Program Files\KPN\KPN Assistent\KPN_Assistent.exe"="C:\Program Files\KPN\KPN Assistent\KPN_Assistent.exe:*:Enabled:KPN Assistant"

"C:\Documents and Settings\Leo van Houwelingen\Mijn documenten\Downloads\tinyumbrella-7.02.01a.exe"="C:\Documents and Settings\Leo van Houwelingen\Mijn documenten\Downloads\tinyumbrella-7.02.01a.exe:*:Enabled:TinyUmbrella - Save your SHSH!"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-12-29 11:41:52 ----D---- C:\WINDOWS\LastGood

2013-12-27 20:33:28 ----SHD---- C:\Config.Msi

2013-12-17 22:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$

2013-12-17 22:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2893984$

2013-12-17 22:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$

2013-12-12 22:30:56 ----A---- C:\WINDOWS\system32\bootdelete.exe

2013-12-12 21:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$

2013-12-12 21:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$

2013-12-12 21:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$

2013-12-12 21:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$

======List of files/folders modified in the last 1 month======

2013-12-29 12:11:48 ----D---- C:\Program Files\Trend Micro

2013-12-29 11:42:04 ----HD---- C:\WINDOWS\inf

2013-12-29 11:41:52 ----D---- C:\WINDOWS

2013-12-29 11:41:50 ----D---- C:\WINDOWS\system32\CatRoot2

2013-12-29 11:00:20 ----D---- C:\WINDOWS\temp

2013-12-29 10:49:37 ----D---- C:\WINDOWS\Debug

2013-12-29 10:46:42 ----D---- C:\Program Files\CCleaner

2013-12-29 10:40:35 ----D---- C:\WINDOWS\system32\drivers

2013-12-27 20:37:21 ----N---- C:\WINDOWS\SchedLgU.Txt

2013-12-27 20:36:13 ----SHD---- C:\WINDOWS\Installer

2013-12-27 20:03:33 ----D---- C:\WINDOWS\system32

2013-12-17 22:32:31 ----D---- C:\WINDOWS\system32\MRT

2013-12-17 22:29:43 ----A---- C:\WINDOWS\system32\MRT.exe

2013-12-17 22:27:37 ----RSHDC---- C:\WINDOWS\system32\dllcache

2013-12-12 22:30:56 ----RD---- C:\Program Files

2013-12-12 21:02:22 ----D---- C:\WINDOWS\Prefetch

2013-12-12 21:01:02 ----D---- C:\Program Files\Internet Explorer

2013-12-12 21:00:02 ----D---- C:\WINDOWS\ie8updates

2013-12-12 20:48:09 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-08-30 49376]

R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-08-30 177864]

R0 gfibto;gfibto; C:\WINDOWS\system32\drivers\gfibto.sys [2013-08-26 13560]

R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]

R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-08-30 49760]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-30 770344]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-30 369584]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-08-30 56080]

R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []

R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 WmiAcpi;Microsoft Windows Beheerinterface voor ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-08-30 29816]

R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600]

R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]

R3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 HDAudBus;Microsoft UAA-busstuurprogramma voor High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-03-09 6278016]

R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2008-07-23 44800]

R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]

R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-01-05 3634688]

R3 NIC1394;1394-stuurprogramma; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S1 SBRE;SBRE; C:\WINDOWS\system32\drivers\SBREDrv.sys []

S3 b57w2k;Broadcom NetLink Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-12-15 160256]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []

S3 gfiark;gfiark; C:\WINDOWS\system32\drivers\gfiark.sys [2013-04-11 41584]

S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []

S3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]

S3 usbscan;Stuurprogramma voor USB-scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]

S3 USBSTOR;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]

R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2013-10-31 106280]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-10-19 182696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update-service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-02 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12 257416]

S3 aspnet_state;ASP.NET-statusservice; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-02 136176]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Geplaatst:

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  [font=&quot][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run];r[/font]  [font=&quot]"KernelFaultCheck"=-;r[/font]  [font=&quot][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks];r[/font]  [font=&quot]"{4F07DA45-8170-4859-9B5F-037EF2970034}"=-;r[/font]  emptyfolderscheck;delete 
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • Do a Quick Scan

  • IE Defaults
  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht.

Geplaatst:

Zoek.exe v5.0.0.0 Updated 28-December-2013

Tool run by Leo van Houwelingen on zo 29-12-2013 at 12:48:05,26.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\Leo van Houwelingen\Bureaublad\zoek\zoek.exe [scan all users] [script inserted] [Checkboxes used]

===== Runcheck 12:51:01,40 =====

--- Create Environment Variables 12:51:02,29

--- Create System Restore Point 12:51:10,28

--- Checking Input 12:51:45,15

--- AU AppData Check 12:51:53,37

--- Remove From Windows Installer 12:51:57,75

- - - Updated - - -

Oh, dat is niet het logje zie ik net. Hij is blijkbaar nog steeds bezig

Geplaatst:

Zoek.exe v5.0.0.0 Updated 28-December-2013

Tool run by Leo van Houwelingen on zo 29-12-2013 at 12:48:05,26.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\Leo van Houwelingen\Bureaublad\zoek\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

29-12-2013 12:51:39 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\VideoLAN deleted successfully

C:\Documents and Settings\Leo van Houwelingen\Application Data\dll-files.com deleted successfully

C:\Documents and Settings\Leo van Houwelingen\Application Data\Systweak deleted successfully

C:\Documents and Settings\Leo van Houwelingen\Application Data\WinRAR deleted successfully

C:\Documents and Settings\LocalService\Application Data\Apple Computer deleted successfully

C:\Documents and Settings\Leo van Houwelingen\Local Settings\Application Data\cache deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\update Whilokii deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\update Whilokii deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command]

@="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"

==== Deleting Files \ Folders ======================

C:\Program Files\Whilokii deleted

C:\Documents and Settings\Leo van Houwelingen\daemonprocess.txt deleted

C:\Program Files\BonanzaDeals deleted

C:\Program Files\BonanzaDealsLive deleted

C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar deleted

C:\Program Files\Toolbar Cleaner deleted

C:\Program Files\MyPC Backup deleted

C:\Documents and Settings\Leo van Houwelingen\Application Data\SecureSearch deleted

C:\Documents and Settings\Wendy van Moergestel\Application Data\Systweak deleted

C:\Documents and Settings\All Users\Application Data\BonanzaDealsLive deleted

C:\Documents and Settings\Leo van Houwelingen\Local Settings\Application Data\BonanzaDealsLive deleted

C:\Documents and Settings\Leo van Houwelingen\Local Settings\Application Data\adawarebp deleted

C:\Documents and Settings\Leo van Houwelingen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtab.crx deleted

C:\Documents and Settings\Wendy van Moergestel\Local Settings\Application Data\adawarebp deleted

C:\WINDOWS\system32\roboot.exe deleted

C:\WINDOWS\System32\searchplugins deleted

C:\WINDOWS\System32\Extensions deleted

C:\Documents and Settings\Leo van Houwelingen\SendTo\Desk 365.lnk deleted

C:\Documents and Settings\Leo van Houwelingen\Mijn documenten\Mobogenie deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\LEOVAN~1\LOCALS~1\Temp ====

====== Java Cache =====

====== C:\WINDOWS\system32 =====

====== C:\WINDOWS\system32\drivers =====

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Documents and Settings\Leo van Houwelingen\Application Data ======

====== C:\Documents and Settings\Leo van Houwelingen ======

2013-12-29 09:49:36 -------- d--h--r- C:\Documents and Settings\Leo van Houwelingen\Onlangs geopend

====== C: exe-files ==

2013-12-29 11:10:43 69CA82A7482A00D8EE063D2B97FC4338 781383 ----a-w- C:\Documents and Settings\Leo van Houwelingen\Mijn documenten\Downloads\RSIT.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_USERS\S-1-5-21-1085031214-839522115-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="C:\Documents and Settings\Leo van Houwelingen\Application Data\Spotify\Data\SpotifyWebHelper.exe"

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"

"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"KernelFaultCheck"="%systemroot%\system32\dumprep 0 -k"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"20131224"="C:\Program Files\AVAST Software\Avast\setup\emupdate\6795ac9a-4cac-4fdf-b891-38f1eb102fd1.exe /check"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="C:\Documents and Settings\Leo van Houwelingen\Application Data\Spotify\Data\SpotifyWebHelper.exe"

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\@OnlineArmor GUI]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="@OnlineArmor GUI"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Online Armor\\OAui.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ad-Aware Browsing Protection]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Ad-Aware Browsing Protection"

"hkey"="HKLM"

"command"="\"C:\\Documents and Settings\\All Users\\Application Data\\Ad-Aware Browsing Protection\\adawarebp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KPN Assistent]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="KPN Assistent"

"hkey"="HKLM"

"command"="C:\\Program Files\\KPN\\KPN Assistent\\KPN_Assistent.exe /auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Wendy van Moergestel^Menu Start^Programma's^Opstarten^Dropbox.lnk]

"item"="Dropbox"

"path"="C:\\Documents and Settings\\Wendy van Moergestel\\Menu Start\\Programma's\\Opstarten\\Dropbox.lnk"

"backup"="C:\\WINDOWS\\pss\\Dropbox.lnkStartup"

"command"="C:\\DOCUME~1\\WENDYV~1\\APPLIC~1\\Dropbox\\bin\\Dropbox.exe"

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job --a------ C:\PROGRA1\AD-AWA1\AdAwareLauncher.exe []

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12-12-2013 20:48]

C:\WINDOWS\tasks\avast\Undetermined Task.exe []

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02-11-2012 21:49]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [02-11-2012 21:49]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [22-07-2013 09:22]

==== Firefox Extensions ======================

ExtDir: C:\Documents and Settings\Leo van Houwelingen\Application Data\Mozilla\Firefox\Profiles\extensions

- Torntv 3 - %ExtDir%\trtv3@trtv.com.xpi

==== Firefox Plugins ======================

==== Deleted Firefox Extensions ======================

C:\Documents and Settings\Leo van Houwelingen\Application Data\Mozilla\Firefox\Profiles\extensions\trtv3@trtv.com.xpi deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

iaimhpklononapfjngelgdokckfjekfc - C:\Program Files\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx[]

oejkcgajlodefenbbjdnaiahmbnnoole - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx[]

Google Wallet - Leo van Houwelingen - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Whilokii - LocalService - Default\Extensions\iaimhpklononapfjngelgdokckfjekfc

Whilokii - Wendy van Moergestel - Default\Extensions\iaimhpklononapfjngelgdokckfjekfc

Chrome In-App Payments service - Wendy van Moergestel - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chrome Fix ======================

C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc deleted successfully

C:\Documents and Settings\Wendy van Moergestel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iaimhpklononapfjngelgdokckfjekfc deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Leo van Houwelingen\Local Settings\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Wendy van Moergestel\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Leo van Houwelingen\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Documents and Settings\Leo van Houwelingen\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Documents and Settings\Wendy van Moergestel\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4531 folders=60 35774993 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully

C:\Documents and Settings\Wendy van Moergestel\Local Settings\Temp emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully

C:\Documents and Settings\Leo van Houwelingen\Local Settings\Temp will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\LEOVAN~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Leo van Houwelingen\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on zo 29-12-2013 at 14:04:53,79 ======================

Geplaatst:

CPU gebruik blijft nu idd lager. Zit nu tussen 50 en 55%. Eerder vandaag was dat nog tussen de 90 en 100%.

Weet niet wat een normaal gebruik is, maar dit is al stukken beter in ieder geval. Thanks!

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.