Tweet
Hallo, ik zit met een groot probleem. Ik had laatst een bestand gedownload en die wilde ik verwijderen maar dit lukte niet, ik heb toen de pc opnieuw opgestart tot dat moment zonder problemen. Als ik nu hierna een film wilde openen dan gaat eerst explorer.exe naar bijna 100% (zie bijlagen), en hierna wmplayer.exe naar bijna 100%. Als ik nu media player afsluit dan gaat explorer.exe weer naar bijna 100%. Het CPU-Gebruik blijft dus 100% oftewel de pc is heeeeeel erg traag 
Ik heb in veilige modus ook gekeke (heb het bestand toen wel kunnen verwijderen) en hier lijkt het systeem wel normaal te zijn. Ik heb systeemherstel geprobeerd maar het probleem was er nog steeds. Ook andere players zoals real player of vlc player geven ditzelfde probleem. Via google kwam ik erachter dat explorer.exe de windows verkenner is. Kan het zijn dat hier op de een of andere manier iets niet meer goed mee is? Ook heb ik mcafee laten scannen die kwam niets vreemds tegen, en als laatste heb ik nog een panda scan gemaakt.
Hier de hijackthis log en panda log
Alvast erg bedankt voor de hulp!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:46, on 12-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Willem Dijkens\Bureaublad\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACA1941F-7D96-4695-8E84-A6391F85BA20}: NameServer = 195.121.1.34 195.121.1.66
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 3620 bytes
Incident Status Location
Adware:adware/startpage.amb Not disinfected C:\Documents and Settings\Willem Dijkens\Favorieten\Online games
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/SpywareStormer Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/onestat.com Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/onestat.com Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Possible Virus. Not disinfected D:\Cpqs\quicksr\PQFF\PQFFIN9X.EXE
Possible Virus. Not disinfected E:\CPQDRV\156376\B2A\018\156376.ZIP[CPQS/QUICKSR/PQFF/PQFFIN9X.EXE]
Ik heb in veilige modus ook gekeke (heb het bestand toen wel kunnen verwijderen) en hier lijkt het systeem wel normaal te zijn. Ik heb systeemherstel geprobeerd maar het probleem was er nog steeds. Ook andere players zoals real player of vlc player geven ditzelfde probleem. Via google kwam ik erachter dat explorer.exe de windows verkenner is. Kan het zijn dat hier op de een of andere manier iets niet meer goed mee is? Ook heb ik mcafee laten scannen die kwam niets vreemds tegen, en als laatste heb ik nog een panda scan gemaakt.Hier de hijackthis log en panda log
Alvast erg bedankt voor de hulp!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:33:46, on 12-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Willem Dijkens\Bureaublad\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACA1941F-7D96-4695-8E84-A6391F85BA20}: NameServer = 195.121.1.34 195.121.1.66
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 3620 bytes
Incident Status Location
Adware:adware/startpage.amb Not disinfected C:\Documents and Settings\Willem Dijkens\Favorieten\Online games
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Willem Dijkens\Cookies\willem [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/SpywareStormer Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/Searchportal Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/onestat.com Not disinfected D:\Windows\Cookies\willem [email protected][2].txt
Spyware:Cookie/onestat.com Not disinfected D:\Windows\Cookies\willem [email protected][1].txt
Possible Virus. Not disinfected D:\Cpqs\quicksr\PQFF\PQFFIN9X.EXE
Possible Virus. Not disinfected E:\CPQDRV\156376\B2A\018\156376.ZIP[CPQS/QUICKSR/PQFF/PQFFIN9X.EXE]
Bijgevoegde Bestanden
Comment