Mededeling

Collapse
No announcement yet.

opstart problemen

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    opstart problemen

    computer loopt willekeurig vast bij het opstarten, soms kan het logo niet eens aangeklikt worden. mogelijk staan er meerdere virussen op de laptop

    bij deze de Hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:21:09, on 11-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

    --
    End of file - 8637 bytes

    -------------------------------------------------------------------

    en een combofix log:

    ComboFix 08-03-10.1 - ik 2008-03-11 0:15:36.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.559 [GMT 1:00]
    Gestart vanuit: C:\Documents and Settings\ik\Bureaublad\ComboFix.exe

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((( Bestanden Gemaakt van 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))
    .

    2008-03-10 23:42 . 2008-03-10 23:42 <DIR> d-------- C:\Program Files\Trend Micro
    2008-03-09 14:08 . 2008-03-10 09:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-09 14:08 . 2008-03-09 14:08 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-25 10:43 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2008-02-20 09:38 . 2008-02-20 09:38 <DIR> d-------- C:\Program Files\FLVPlayer
    2008-02-18 18:53 . 2008-02-18 18:53 <DIR> d-------- C:\Program Files\Trapcode
    2008-02-18 18:53 . 2008-02-18 18:53 <DIR> d-------- C:\Presets
    2008-02-18 18:53 . 2008-02-19 10:58 36,868 --a------ C:\Program Files\uninst-Particular.exe
    2008-02-18 18:49 . 2008-02-18 18:49 <DIR> d-------- C:\Program Files\Cycore FX 1.0.1
    2008-02-13 16:47 . 2008-03-10 22:03 <DIR> d-------- C:\_JBF_telecom
    2008-02-12 13:58 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-02-12 13:58 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-02-12 13:56 . 2008-02-12 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-02-12 13:42 . 2008-02-12 13:42 <DIR> d-------- C:\Program Files\Bonjour
    2008-02-12 13:32 . 2008-02-12 13:32 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-10 22:50 --------- d-----w C:\Documents and Settings\ik\Application Data\AVG7
    2008-03-10 22:38 --------- d-----w C:\Documents and Settings\ik\Application Data\WTablet
    2008-03-10 08:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
    2008-03-09 13:05 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-03-02 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-02-12 13:15 --------- d-----w C:\Program Files\Macromedia
    2008-02-12 13:13 --------- d-----w C:\Program Files\Common Files\Macromedia
    2008-02-12 12:42 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-01-18 10:16 --------- d-----w C:\Documents and Settings\ik\Application Data\dvdcss
    2008-01-17 22:18 --------- d-----w C:\Documents and Settings\ik\Application Data\SorensonMedia
    2008-01-17 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-17 22:16 --------- d-----w C:\Program Files\Sorenson Media
    2008-01-14 19:06 --------- d-----w C:\Program Files\Toshiba
    2008-01-08 10:24 516,096 ----a-w C:\WINDOWS\system32\RegisterDialog.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 00:32 761945]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29 88203 C:\WINDOWS\agrsmmsg.exe]
    "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02 352256]
    "TPSMain"="TPSMain.exe" [2005-08-03 15:49 266240 C:\WINDOWS\system32\TPSMain.exe]
    "NDSTray.exe"="NDSTray.exe"
    "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728]
    "TFncKy"="TFncKy.exe"
    "TDispVol"="TDispVol.exe" [2005-09-16 14:04 73728 C:\WINDOWS\system32\TDispVol.exe]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 20:12 579072]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-04 14:26 16250880 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 18:04 219136]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Program Files\\BitLord\\BitLord.exe"=
    "C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26847:TCP"= 26847:TCP:BitComet 26847 TCP
    "26847:UDP"= 26847:UDP:BitComet 26847 UDP

    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 20:12]
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 19:30]
    R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 01:11]
    S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys
    S3 gkmixern;gkmixern;C:\DOCUME~1\ik\LOCALS~1\Temp\gkmixern.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
    S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-11 00:19:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\WINDOWS\system32\TDispVol.dll
    .
    Voltooingstijd: 2008-03-11 0:20:17
    .
    2008-02-25 12:53:44 --- E O F ---
    Labels: Geen
    • Citaat
  • #2
    Het probleem is er nog, staat er geen foute crap in de logjes?
    • Citaat

    Comment

    • #3
      Ga naar start --> uitvoeren en typ daar: sc delete gkmixern
      Bevestig met ok.


      Download MBAM (Malwarebytes' Anti-Malware) via hier of hier.
      • Dubbelklik op mbam-setup.exe om het programma te installeren.
        • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
        • Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
        • Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
        • Het scannen kan een tijdje duren, dus wees geduldig.
        • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
        • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
        • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)
        • De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.
        • Kopieer en plak de inhoud van het logje in je volgend antwoord, samen met een nieuw HijackThis log.

        Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.
        Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.



      Post ook een nieuw Hijackthis logje en vermeldt daarbij hoe het met je problemen is.
      Groet,
      Pimmerd
      • Citaat

      Comment

      • #4
        Bij deze de nieuwe logjes. Er zijn nog steeds problemen met het opstarten. Is het mogelijk dat de hardware ervoor zorgt dat de boel vast loopt voor windwos is opgestart? Het is namelijk willekeurig, de ene keer start de laptop wel op en de andere keer niet. Ik heb de malware log er ook bij geplaatst, die heeft niks kunnen vinden.

        -------------------------------------------------------------------
        Combofix:

        ComboFix 08-03-10.1 - ik 2008-03-17 12:05:10.2 - NTFSx86
        Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.459 [GMT 1:00]
        Gestart vanuit: C:\Documents and Settings\ik\Bureaublad\ComboFix.exe

        WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
        .

        (((((((((((((((((((( Bestanden Gemaakt van 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))
        .

        2008-03-17 11:55 . 2008-03-17 11:55 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
        2008-03-17 11:55 . 2008-03-17 11:55 <DIR> d-------- C:\Documents and Settings\ik\Application Data\Malwarebytes
        2008-03-17 11:55 . 2008-03-17 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
        2008-03-10 23:42 . 2008-03-10 23:42 <DIR> d-------- C:\Program Files\Trend Micro
        2008-03-09 14:08 . 2008-03-14 14:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
        2008-03-09 14:08 . 2008-03-09 14:08 1,409 --a------ C:\WINDOWS\QTFont.for
        2008-02-25 10:43 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
        2008-02-20 09:38 . 2008-02-20 09:38 <DIR> d-------- C:\Program Files\FLVPlayer
        2008-02-18 18:53 . 2008-02-18 18:53 <DIR> d-------- C:\Presets
        2008-02-18 18:53 . 2008-02-19 10:58 36,868 --a------ C:\Program Files\uninst-Particular.exe
        2008-02-18 18:49 . 2008-02-18 18:49 <DIR> d-------- C:\Program Files\Cycore FX 1.0.1

        .
        ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-03-17 10:13 --------- d-----w C:\Documents and Settings\ik\Application Data\WTablet
        2008-03-17 10:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
        2008-03-12 13:43 --------- d-----w C:\Documents and Settings\ik\Application Data\AVG7
        2008-03-09 13:05 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
        2008-03-02 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
        2008-02-12 13:15 --------- d-----w C:\Program Files\Macromedia
        2008-02-12 13:13 --------- d-----w C:\Program Files\Common Files\Macromedia
        2008-02-12 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
        2008-02-12 12:42 --------- d-----w C:\Program Files\Common Files\Adobe
        2008-02-12 12:42 --------- d-----w C:\Program Files\Bonjour
        2008-02-12 12:32 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
        2008-01-18 10:16 --------- d-----w C:\Documents and Settings\ik\Application Data\dvdcss
        2008-01-17 22:18 --------- d-----w C:\Documents and Settings\ik\Application Data\SorensonMedia
        2008-01-17 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
        2008-01-17 22:16 --------- d-----w C:\Program Files\Sorenson Media
        2008-01-08 10:24 516,096 ----a-w C:\WINDOWS\system32\RegisterDialog.dll
        .

        ((((((((((((((((((((((((((((( [email protected]_ 0.20.05,28 )))))))))))))))))))))))))))))))))))))))))
        .
        - 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
        + 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
        .
        ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        REGEDIT4
        *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
        "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
        "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 00:32 761945]
        "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29 88203 C:\WINDOWS\agrsmmsg.exe]
        "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02 352256]
        "TPSMain"="TPSMain.exe" [2005-08-03 15:49 266240 C:\WINDOWS\system32\TPSMain.exe]
        "NDSTray.exe"="NDSTray.exe"
        "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728]
        "TFncKy"="TFncKy.exe"
        "TDispVol"="TDispVol.exe" [2005-09-16 14:04 73728 C:\WINDOWS\system32\TDispVol.exe]
        "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940]
        "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718]
        "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182]
        "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
        "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
        "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 20:12 579072]
        "RTHDCPL"="RTHDCPL.EXE" [2006-07-04 14:26 16250880 C:\WINDOWS\RTHDCPL.exe]
        "SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
        "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
        "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360]
        "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 18:04 219136]

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusDisableNotify"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "C:\\Program Files\\BitLord\\BitLord.exe"=
        "C:\\Program Files\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"=
        "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
        "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
        "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
        "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\MSN Messenger\\livecall.exe"=
        "C:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
        "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "26847:TCP"= 26847:TCP:BitComet 26847 TCP
        "26847:UDP"= 26847:UDP:BitComet 26847 UDP

        R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 20:12]
        R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 19:30]
        R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 01:11]
        S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys
        S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
        S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]

        .
        **************************************************************************

        catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-03-17 12:09:46
        Windows 5.1.2600 Service Pack 2 NTFS

        scannen van verborgen processen ...

        scannen van verborgen autostart items ...

        scannen van verborgen bestanden ...

        Scan succesvol afgerond
        verborgen bestanden: 0

        **************************************************************************
        .
        --------------------- DLLs Geladen Onder Lopende Processen ---------------------

        PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
        -> C:\WINDOWS\system32\TDispVol.dll
        .
        Voltooingstijd: 2008-03-17 12:10:26
        ComboFix2.txt 2008-03-10 23:20:18
        .
        2008-03-12 12:05:22 --- E O F ---


        -----------------------------------------------------------------------------

        Hijak this log:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 12:03:16, on 17-3-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16608)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
        C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
        C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
        C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\Tablet.exe
        C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\WTablet\TabUserW.exe
        C:\WINDOWS\system32\Tablet.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\WINDOWS\AGRSMMSG.exe
        C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
        C:\WINDOWS\system32\TPSMain.exe
        C:\Program Files\Synaptics\SynTP\Toshiba.exe
        C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
        C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
        C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
        C:\WINDOWS\system32\TDispVol.exe
        C:\WINDOWS\System32\DLA\DLACTRLW.EXE
        C:\WINDOWS\system32\TPSBattM.exe
        C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
        C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
        C:\Program Files\DAEMON Tools\daemon.exe
        C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\QuickTime\QTTask.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
        C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        C:\Program Files\Winamp\winamp.exe
        C:\Program Files\Internet Explorer\IEXPLORE.EXE
        C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
        O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
        O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
        O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
        O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
        O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
        O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
        O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
        O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
        O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
        O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/SITE/xupload/XUpload.ocx
        O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
        O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
        O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
        O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
        O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
        O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
        O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
        O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

        --
        End of file - 9075 bytes

        ------------------------------------------------------------------------------------------

        Malwarebytes' Anti-Malware 1.08
        Database versie: 498

        Scan type: Snelle Scan
        Objecten gescand: 28702
        Verstreken tijd: 4 minute(s), 31 second(s)

        Geheugenprocessen geïnfecteerd: 0
        Geheugenmodulen geïnfecteerd: 0
        Registersleutels geïnfecteerd: 0
        Registerwaarden geïnfecteerd: 0
        Registerdata bestanden geïnfecteerd: 0
        Mappen geïnfecteerd: 0
        Bestanden geïnfecteerd: 0

        Geheugenprocessen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Geheugenmodulen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Registersleutels geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Registerwaarden geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Registerdata bestanden geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Mappen geïnfecteerd:
        (Geen kwaadaardige items gevonden)

        Bestanden geïnfecteerd:
        (Geen kwaadaardige items gevonden)
        • Citaat

        Comment

        • #5
          Je logjes zien er toch goed uit. Ik ben bang dat het ook eerder hardware matig is, aangezien hij vast blijft hangen voor het opstarten, wat meestal tot een hardwarematig probleem leidt.

          Ga naar start --> uitvoeren en typ daar: chkdsk /f
          Bevestig met ok en vervolgens met ja.

          Restart je computer, tijdens het opstarten zal hij een schijfcontrole uitvoeren. Breek deze niet af. Kijk of het geholpen heeft.
          Groet,
          Pimmerd
          • Citaat

          Comment

          Vorige template Volgende
          Sorry, you are not authorized to view this page
          Working...
          X